From bfa7f68edceb2894ae12342475ae28b0f52fef8c Mon Sep 17 00:00:00 2001
From: Danielle McLean <dani@00dani.me>
Date: Mon, 30 Oct 2017 08:27:19 +1100
Subject: [PATCH] Make POST /indie/auth return a 403 if parameters are missing,
 rather than a 500

---
 lemonauth/views/indie.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lemonauth/views/indie.py b/lemonauth/views/indie.py
index acb5a3e..6162621 100644
--- a/lemonauth/views/indie.py
+++ b/lemonauth/views/indie.py
@@ -77,14 +77,14 @@ class IndieView(TemplateView):
         post = request.POST.dict()
         try:
             code = IndieAuthCode.objects.get(
-                code=post['code'],
-                client_id=post['client_id'],
-                redirect_uri=post['redirect_uri']
+                code=post.get('code'),
+                client_id=post.get('client_id'),
+                redirect_uri=post.get('redirect_uri'),
             )
         except IndieAuthCode.DoesNotExist:
             return HttpResponseForbidden(
-                'invalid auth code {0}'.format(post['code']),
-                content_type='text/plain'
+                'invalid parameters',
+                content_type='text/plain',
             )
         code.delete()
         return utils.choose_type(request, {'me': code.me}, {