suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

need to check scopes before storing token

Browse Source
This commit is contained in:
Konstantin Haase 2012-11-15 16:59:17 +01:00
parent b8f230c09e
commit 946e734d98
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/travis/api/app/endpoint/authorization.rb
View File

@ -205,10 +205,10 @@ class Travis::Api::App
def user_for_github_token(token) def user_for_github_token(token)
data = GH.with(token: token.to_s) { GH['user'] } data = GH.with(token: token.to_s) { GH['user'] }
scopes = parse_scopes data.headers['x-oauth-scopes'] scopes = parse_scopes data.headers['x-oauth-scopes']
user = UserManager.new(data, token).fetch
halt 403, 'not a Travis user' if user.nil?
halt 403, 'insufficient access' unless acceptable? scopes halt 403, 'insufficient access' unless acceptable? scopes
user = UserManager.new(data, token).fetch
halt 403, 'not a Travis user' if user.nil?
user user
end end