Software / code / prosody-modules
Changeset
6288:b7eb7d256939
mod_http_oauth2: Return instead of throwing errors
error() or assert() does not get handled correctly
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 03 Jun 2025 17:20:52 +0200 |
| parents | 6287:5b269511ade7 |
| children | 6289:7e4238d2989c |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 20 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Tue Jun 03 17:04:19 2025 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Tue Jun 03 17:20:52 2025 +0200 @@ -410,7 +410,10 @@ local request_username if expect_username_jid then - local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); + local request_jid = params.username; + if not request_jid then + return oauth_error("invalid_request", "missing 'username' (JID)"); + end local _request_username, request_host = jid.prepped_split(request_jid); if not (_request_username and request_host) or request_host ~= module.host then @@ -419,10 +422,16 @@ request_username = _request_username else - request_username = assert(params.username, oauth_error("invalid_request", "missing 'username'")); + request_username = params.username; + if not request_username then + return oauth_error("invalid_request", "missing 'username'"); + end end - local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); + local request_password = params.password; + if not request_password then + return oauth_error("invalid_request", "missing 'password'"); + end if not usermanager.test_password(request_username, module.host, request_password) then return oauth_error("invalid_grant", "incorrect credentials"); @@ -723,8 +732,14 @@ local component_secret = assert(module:get_option_string("component_secret"), "'component_secret' is a required setting when loaded on a Component"); function grant_type_handlers.password(params) - local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); - local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); + local request_jid = params.username; + if not request_jid then + return oauth_error("invalid_request", "missing 'username' (JID)"); + end + local request_password = params.password + if not request_password then + return oauth_error("invalid_request", "missing 'password'"); + end local request_username, request_host, request_resource = jid.prepped_split(request_jid); if params.scope then -- TODO shouldn't we support scopes / roles here?
