Author: jasondavies
Date: Mon Oct 12 10:28:18 2009
New Revision: 824290
URL: http://svn.apache.org/viewvc?rev=824290&view=rev
Log:
Send 400 error when bad OAuth token is received.
This closes COUCHDB-522.
Modified:
couchdb/trunk/src/couchdb/couch_httpd_oauth.erl
Modified: couchdb/trunk/src/couchdb/couch_httpd_oauth.erl
URL:
http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_httpd_oauth.erl?rev=824290&r1=824289&r2=824290&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_httpd_oauth.erl (original)
+++ couchdb/trunk/src/couchdb/couch_httpd_oauth.erl Mon Oct 12 10:28:18 2009
@@ -19,13 +19,18 @@
oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
serve_oauth(Req, fun(URL, Params, Consumer, Signature) ->
AccessToken = proplists:get_value("oauth_token", Params),
- TokenSecret = couch_config:get("oauth_token_secrets", AccessToken),
- ?LOG_DEBUG("OAuth URL is: ~p", [URL]),
- case oauth:verify(Signature, atom_to_list(MochiReq:get(method)), URL,
Params, Consumer, TokenSecret) of
- true ->
- set_user_ctx(Req, AccessToken);
- false ->
- Req
+ case couch_config:get("oauth_token_secrets", AccessToken) of
+ undefined ->
+ couch_httpd:send_error(Req, 400, <<"invalid_token">>,
+ <<"Invalid OAuth token.">>);
+ TokenSecret ->
+ ?LOG_DEBUG("OAuth URL is: ~p", [URL]),
+ case oauth:verify(Signature,
atom_to_list(MochiReq:get(method)), URL, Params, Consumer, TokenSecret) of
+ true ->
+ set_user_ctx(Req, AccessToken);
+ false ->
+ Req
+ end
end
end, true).
