Make POST /indie/auth return a 403 if parameters are missing, rather than a 500

This commit is contained in:
Danielle McLean 2017-10-30 08:27:19 +11:00
parent d87d49e67b
commit bfa7f68edc
Signed by untrusted user: 00dani
GPG key ID: 5A5D2D1AFF12EEC5

View file

@ -77,14 +77,14 @@ class IndieView(TemplateView):
post = request.POST.dict()
try:
code = IndieAuthCode.objects.get(
code=post['code'],
client_id=post['client_id'],
redirect_uri=post['redirect_uri']
code=post.get('code'),
client_id=post.get('client_id'),
redirect_uri=post.get('redirect_uri'),
)
except IndieAuthCode.DoesNotExist:
return HttpResponseForbidden(
'invalid auth code {0}'.format(post['code']),
content_type='text/plain'
'invalid parameters',
content_type='text/plain',
)
code.delete()
return utils.choose_type(request, {'me': code.me}, {