From bfa7f68edceb2894ae12342475ae28b0f52fef8c Mon Sep 17 00:00:00 2001 From: Danielle McLean Date: Mon, 30 Oct 2017 08:27:19 +1100 Subject: [PATCH] Make POST /indie/auth return a 403 if parameters are missing, rather than a 500 --- lemonauth/views/indie.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lemonauth/views/indie.py b/lemonauth/views/indie.py index acb5a3e..6162621 100644 --- a/lemonauth/views/indie.py +++ b/lemonauth/views/indie.py @@ -77,14 +77,14 @@ class IndieView(TemplateView): post = request.POST.dict() try: code = IndieAuthCode.objects.get( - code=post['code'], - client_id=post['client_id'], - redirect_uri=post['redirect_uri'] + code=post.get('code'), + client_id=post.get('client_id'), + redirect_uri=post.get('redirect_uri'), ) except IndieAuthCode.DoesNotExist: return HttpResponseForbidden( - 'invalid auth code {0}'.format(post['code']), - content_type='text/plain' + 'invalid parameters', + content_type='text/plain', ) code.delete() return utils.choose_type(request, {'me': code.me}, {