Commit d48110d

mo <mo@mokhan.ca>
2018-10-29 21:55:38
ensure an authorization header is presented
main
1 parent 4ea3377
Changed files (2)
app
controllers
oauth
clients_controller.rb
spec
requests
oauth
clients_spec.rb
app/controllers/oauth/clients_controller.rb
@@ -30,7 +30,7 @@ module Oauth
         return if Token.revoked?(claims[:jti]) || claims.empty?
         Token.find(claims[:jti])
       end
-      request_http_token_authentication unless @token.present?
+      return request_http_token_authentication unless @token.present?
 
       unless Client.where(id: params[:id]).exists?
         @token.revoke!
spec/requests/oauth/clients_spec.rb
@@ -119,5 +119,13 @@ RSpec.describe "/oauth/clients" do
       specify { expect(response).to have_http_status(:unauthorized) }
       specify { expect(access_token.reload).to be_revoked }
     end
+
+    context "when an authorization header is not provided" do
+      let(:client) { create(:client) }
+
+      before { get "/oauth/clients/#{client.to_param}", headers: {} }
+
+      specify { expect(response).to have_http_status(:unauthorized) }
+    end
   end
 end