couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jasondav...@apache.org
Subject svn commit: r824290 - /couchdb/trunk/src/couchdb/couch_httpd_oauth.erl
Date Mon, 12 Oct 2009 10:28:18 GMT
Author: jasondavies
Date: Mon Oct 12 10:28:18 2009
New Revision: 824290

URL: http://svn.apache.org/viewvc?rev=824290&view=rev
Log:
Send 400 error when bad OAuth token is received.

This closes COUCHDB-522.

Modified:
    couchdb/trunk/src/couchdb/couch_httpd_oauth.erl

Modified: couchdb/trunk/src/couchdb/couch_httpd_oauth.erl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_httpd_oauth.erl?rev=824290&r1=824289&r2=824290&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_httpd_oauth.erl (original)
+++ couchdb/trunk/src/couchdb/couch_httpd_oauth.erl Mon Oct 12 10:28:18 2009
@@ -19,13 +19,18 @@
 oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
     serve_oauth(Req, fun(URL, Params, Consumer, Signature) ->
         AccessToken = proplists:get_value("oauth_token", Params),
-        TokenSecret = couch_config:get("oauth_token_secrets", AccessToken),
-        ?LOG_DEBUG("OAuth URL is: ~p", [URL]),
-        case oauth:verify(Signature, atom_to_list(MochiReq:get(method)), URL, Params, Consumer,
TokenSecret) of
-            true ->
-                set_user_ctx(Req, AccessToken);
-            false ->
-                Req
+        case couch_config:get("oauth_token_secrets", AccessToken) of
+            undefined -> 
+                couch_httpd:send_error(Req, 400, <<"invalid_token">>,
+                    <<"Invalid OAuth token.">>);
+            TokenSecret ->
+                ?LOG_DEBUG("OAuth URL is: ~p", [URL]),
+                case oauth:verify(Signature, atom_to_list(MochiReq:get(method)), URL, Params,
Consumer, TokenSecret) of
+                    true ->
+                        set_user_ctx(Req, AccessToken);
+                    false ->
+                        Req
+                end
         end
     end, true).
 



Mime
View raw message