diff options
| author | Christian Weiske <cweiske@cweiske.de> | 2014-09-26 14:32:03 +0200 |
|---|---|---|
| committer | Christian Weiske <cweiske@cweiske.de> | 2014-09-26 14:32:03 +0200 |
| commit | 9a1ac6227c65296a4751c3e601cc1eb47398a77e (patch) | |
| tree | c162acd7338c62a9c939eadcf17710b16b64b81a /lib | |
| parent | 21e7415fe5a418ef6dd7f29d3749b11cc9adaa7d (diff) | |
| download | grauphel-9a1ac6227c65296a4751c3e601cc1eb47398a77e.tar.gz grauphel-9a1ac6227c65296a4751c3e601cc1eb47398a77e.zip | |
Send HTTP 401 on invalid token
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/oauth.php | 9 | ||||
| -rw-r--r-- | lib/tokenstorage.php | 7 |
2 files changed, 13 insertions, 3 deletions
diff --git a/lib/oauth.php b/lib/oauth.php index 6900c20..5f84e7e 100644 --- a/lib/oauth.php +++ b/lib/oauth.php @@ -103,7 +103,14 @@ class OAuth return OAUTH_PARAMETER_ABSENT; } - $token = $this->tokens->load('access', $provider->token); + try { + $token = $this->tokens->load('access', $provider->token); + } catch (OAuthException $e) { + if ($e->getCode() == OAUTH_TOKEN_REJECTED) { + return OAUTH_TOKEN_REJECTED; + } + throw $e; + } $provider->token_secret = $token->secret; return OAUTH_OK; } diff --git a/lib/tokenstorage.php b/lib/tokenstorage.php index f8f0806..4b5f420 100644 --- a/lib/tokenstorage.php +++ b/lib/tokenstorage.php @@ -95,12 +95,15 @@ class TokenStorage )->fetchRow(); if ($tokenRow === false) { - throw new OAuthException('Unknown token: ' . $type . ' / ' . $tokenKey); + throw new OAuthException( + 'Unknown token: ' . $type . ' / ' . $tokenKey, + OAUTH_TOKEN_REJECTED + ); } $token = $this->fromDb($tokenRow); if ($token->tokenKey != $tokenKey) { - throw new OAuthException('Invalid token'); + throw new OAuthException('Invalid token', OAUTH_TOKEN_REJECTED); } return $token; |