Make POST /indie/auth return a 403 if parameters are missing, rather than a 500

This commit is contained in:
Danielle McLean 2017-10-30 08:27:19 +11:00
parent d87d49e67b
commit bfa7f68edc
Signed by: 00dani
GPG key ID: 5A5D2D1AFF12EEC5

View file

@ -77,14 +77,14 @@ class IndieView(TemplateView):
post = request.POST.dict() post = request.POST.dict()
try: try:
code = IndieAuthCode.objects.get( code = IndieAuthCode.objects.get(
code=post['code'], code=post.get('code'),
client_id=post['client_id'], client_id=post.get('client_id'),
redirect_uri=post['redirect_uri'] redirect_uri=post.get('redirect_uri'),
) )
except IndieAuthCode.DoesNotExist: except IndieAuthCode.DoesNotExist:
return HttpResponseForbidden( return HttpResponseForbidden(
'invalid auth code {0}'.format(post['code']), 'invalid parameters',
content_type='text/plain' content_type='text/plain',
) )
code.delete() code.delete()
return utils.choose_type(request, {'me': code.me}, { return utils.choose_type(request, {'me': code.me}, {