Respond with 422 if /auth/github does not get a token

Fix #77
2013-10-23 19:35:03 -05:00 · 2013-10-23 19:35:03 -05:00 · 8f4dd0d2df
commit 8f4dd0d2df
parent e35b7a3301
2 changed files with 10 additions and 0 deletions
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@ -78,6 +78,10 @@ class Travis::Api::App
      #
      # * **github_token**: GitHub token for checking authorization (required)
      post '/github' do
+        unless params[:github_token]
+          halt 422, { "error" => "Must pass 'github_token' parameter" }
+        end
+
        { 'access_token' => github_to_travis(params[:github_token], app_id: 1, drop_token: true) }
      end

--- a/spec/unit/endpoint/authorization_spec.rb
+++ b/spec/unit/endpoint/authorization_spec.rb
@ -64,5 +64,11 @@ describe Travis::Api::App::Endpoint::Authorization do
    it 'does not store the token' do
      user_for('public repos').github_oauth_token.should_not == 'public repos'
    end
+
+    it "errors if no token is given" do
+      post("/auth/github").should_not be_ok
+      last_response.status.should == 422
+      body.should_not include("access_token")
+    end
  end
 end