auth

Paddy 2015-01-18 Parent:3ec7134fa211 Child:0a1e16b9c141

120:118a69954621 Go to Latest

auth/session.go

Validate client when doing credential grants. When granting a token based on user credentials, I forgot to validate the client credentials that were sent. So implement that.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/session.go	Sun Jan 18 01:54:53 2015 -0500
     1.2 +++ b/session.go	Sun Jan 18 02:14:08 2015 -0500
     1.3 @@ -286,6 +286,10 @@
     1.4  	username := r.PostFormValue("username")
     1.5  	password := r.PostFormValue("password")
     1.6  	scope = r.PostFormValue("scope")
     1.7 +	_, success := verifyClient(w, r, false, context)
     1.8 +	if !success {
     1.9 +		return
    1.10 +	}
    1.11  	profile, err := authenticate(username, password, context)
    1.12  	if err != nil {
    1.13  		if err == ErrIncorrectAuth || err == ErrProfileCompromised || err == ErrProfileLocked {