Bug 916955 - Ember.show API doesn't error if an invalid token is provided

author: Dave Lawrence <dlawrence@mozilla.com> 2013-09-17 19:56:40 +0200
committer: Dave Lawrence <dlawrence@mozilla.com> 2013-09-17 19:56:40 +0200
commit: dfc10cdfddc44043543b9cfdcbe915d158056678 (patch)
tree: 354197b02c37b40aebfcb9fa6af6f2c586b07a0a /extensions/Ember/lib
parent: fc32690344a4762e9b08d7618a167c43a9dc7504 (diff)
download: bugzilla-dfc10cdfddc44043543b9cfdcbe915d158056678.tar.gz
bugzilla-dfc10cdfddc44043543b9cfdcbe915d158056678.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/extensions/Ember/lib/WebService.pm b/extensions/Ember/lib/WebService.pm
index bb4e5f8ad..4f7a0c713 100644
--- a/extensions/Ember/lib/WebService.pm
+++ b/extensions/Ember/lib/WebService.pm
@@ -114,6 +114,12 @@ sub show {
 
     Bugzilla->switch_to_shadow_db();
 
+    # Throw error if token was provided and user is not logged
+    # in meaning token was invalid/expired.
+    if (exists $params->{token} && !Bugzilla->user->id) {
+        ThrowUserError('invalid_token');
+    }
+
     my $bug_id = delete $params->{id};
     $bug_id || ThrowCodeError('params_required',
                               { function => 'Ember.show', params => ['id'] });
author	Dave Lawrence <dlawrence@mozilla.com>	2013-09-17 19:56:40 +0200
committer	Dave Lawrence <dlawrence@mozilla.com>	2013-09-17 19:56:40 +0200
commit	dfc10cdfddc44043543b9cfdcbe915d158056678 (patch)
tree	354197b02c37b40aebfcb9fa6af6f2c586b07a0a /extensions/Ember/lib
parent	fc32690344a4762e9b08d7618a167c43a9dc7504 (diff)
download	bugzilla-dfc10cdfddc44043543b9cfdcbe915d158056678.tar.gz bugzilla-dfc10cdfddc44043543b9cfdcbe915d158056678.tar.xz