[Jifty-commit] r5696 - in plugins/Jifty-Plugin-OAuth/trunk: . lib/Jifty/Plugin/OAuth

Jifty commits jifty-commit at lists.jifty.org
Tue Aug 12 04:21:44 EDT 2008 

Author: sartak
Date: Tue Aug 12 04:21:41 2008
New Revision: 5696

Modified:
   plugins/Jifty-Plugin-OAuth/trunk/   (props changed)
   plugins/Jifty-Plugin-OAuth/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
   plugins/Jifty-Plugin-OAuth/trunk/t/t/01-basic.t
   plugins/Jifty-Plugin-OAuth/trunk/t/t/03-authorize.t

Log:
 r69266 at onn:  sartak | 2008-08-12 04:21:27 -0400
 If an unauthenticated user goes to /oauth/authorize, throw a 401 instead of.. well who knows what :)


Modified: plugins/Jifty-Plugin-OAuth/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
==============================================================================
--- plugins/Jifty-Plugin-OAuth/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm	(original)
+++ plugins/Jifty-Plugin-OAuth/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm	Tue Aug 12 04:21:41 2008
@@ -103,6 +103,7 @@
 sub authorize {
     my @params = qw/token callback/;
     abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->web->current_user->is_oauthed;
+    abortmsg(401, "Must be authenticated to authorize tokens") if !Jifty->web->current_user->id;
 
     set no_abort => 1;
     my %oauth_params = get_parameters(@params);

Modified: plugins/Jifty-Plugin-OAuth/trunk/t/t/01-basic.t
==============================================================================
--- plugins/Jifty-Plugin-OAuth/trunk/t/t/01-basic.t	(original)
+++ plugins/Jifty-Plugin-OAuth/trunk/t/t/01-basic.t	Tue Aug 12 04:21:41 2008
@@ -19,6 +19,7 @@
 
 $mech->content_like(qr{http://oauth\.net/}, "oauth page mentions OAuth homepage");
 
-$mech->get_ok($URL . '/oauth/authorize');
+my $response = $mech->get($URL . '/oauth/authorize');
+is($response->code, 401, "/oauth/authorize requires being logged in");
 $mech->content_unlike(qr{If you trust this application}, "/oauth/authorize requires being logged in");
 

Modified: plugins/Jifty-Plugin-OAuth/trunk/t/t/03-authorize.t
==============================================================================
--- plugins/Jifty-Plugin-OAuth/trunk/t/t/03-authorize.t	(original)
+++ plugins/Jifty-Plugin-OAuth/trunk/t/t/03-authorize.t	Tue Aug 12 04:21:41 2008
@@ -31,7 +31,8 @@
 # }}}
 
 # try to navigate to protected pages while not logged in {{{
-$umech->get_ok($URL . '/oauth/authorize');
+my $response = $umech->get($URL . '/oauth/authorize');
+is($response->code, 401, "/oauth/authorize requires authentication");
 $umech->content_unlike(qr/If you trust this application/);
 
 $umech->get_ok('/oauth/authorized');

More information about the Jifty-commit mailing list