oauth: fix osin.CheckBasicAuth return value inconsistency

neuhaus · Dec 20, 2015 · 57d5427 · 57d5427
1 parent f2ee621
commit 57d5427
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/oauth/handler/handler.go b/oauth/handler/handler.go
@@ -76,6 +76,14 @@ func (h *Handler) SetRoutes(r *mux.Router, extractor func(h hctx.ContextHandler)
 
 func (h *Handler) RevokeHandler(w http.ResponseWriter, r *http.Request) {
 	auth, err := osin.CheckBasicAuth(r)
+	if err != nil {
+		pkg.HttpError(w, errors.New("Unauthorized"), http.StatusServiceUnavailable)
+		return
+	} else if auth == nil {
+		pkg.HttpError(w, errors.New("Unauthorized"), http.StatusUnauthorized)
+		return
+	}
+
 	client, err := h.OAuthStore.GetClient(auth.Username)
 	if err != nil {
 		pkg.HttpError(w, errors.New("Unauthorized"), http.StatusServiceUnavailable)
@@ -148,6 +156,9 @@ func (h *Handler) IntrospectHandler(w http.ResponseWriter, r *http.Request) {
 	if _, err := h.OAuthStore.GetClient(auth.Username); err != nil {
 		pkg.HttpError(w, errors.New("Unauthorized"), http.StatusUnauthorized)
 		return
+	} else if auth == nil {
+		pkg.HttpError(w, errors.New("Unauthorized"), http.StatusUnauthorized)
+		return
 	}
 
 	result := make(map[string]interface{})