From 1b3bbca5a525c11b2fdb4ccda97b18027d28d54f Mon Sep 17 00:00:00 2001
From: Konstantin Haase <konstantin.mailinglists@googlemail.com>
Date: Thu, 12 Mar 2015 17:54:36 +0100
Subject: [PATCH] have auth not freak out on GH error

---
 lib/travis/api/app/endpoint/authorization.rb | 3 +++
 spec/unit/endpoint/authorization_spec.rb     | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index 65ed8573..122aa8e8 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -274,6 +274,9 @@ class Travis::Api::App
           user   = manager.fetch
           halt 403, 'not a Travis user' if user.nil?
           user
+        rescue GH::Error
+          # not a valid token actually, but we don't want to expose that info
+          halt 403, 'not a Travis user'
         end
 
         def get_token(endpoint, values)
diff --git a/spec/unit/endpoint/authorization_spec.rb b/spec/unit/endpoint/authorization_spec.rb
index 424e3d59..2634968c 100644
--- a/spec/unit/endpoint/authorization_spec.rb
+++ b/spec/unit/endpoint/authorization_spec.rb
@@ -138,9 +138,18 @@ describe Travis::Api::App::Endpoint::Authorization do
     end
 
     it "errors if no token is given" do
+      User.stubs(:find_by_github_id).with(111).returns(user)
       post("/auth/github").should_not be_ok
       last_response.status.should == 422
       body.should_not include("access_token")
     end
+
+    it "errors if github throws an error" do
+      GH.stubs(:with).raises(GH::Error)
+      post("/auth/github", github_token: 'foo bar').should_not be_ok
+      last_response.status.should == 403
+      body.should_not include("access_token")
+      body.should include("not a Travis user")
+    end
   end
 end