Bug 916955 - Ember.show API doesn't error if an invalid token is provided

2 files changed, 10 insertions, 0 deletions

diff --git a/extensions/Ember/lib/WebService.pm b/extensions/Ember/lib/WebService.pm
index bb4e5f8ad..4f7a0c713 100644
--- a/extensions/Ember/lib/WebService.pm
+++ b/extensions/Ember/lib/WebService.pm
@@ -114,6 +114,12 @@ sub show {
 
     Bugzilla->switch_to_shadow_db();
 
+    # Throw error if token was provided and user is not logged
+    # in meaning token was invalid/expired.
+    if (exists $params->{token} && !Bugzilla->user->id) {
+        ThrowUserError('invalid_token');
+    }
+
     my $bug_id = delete $params->{id};
     $bug_id || ThrowCodeError('params_required',
                               { function => 'Ember.show', params => ['id'] });
diff --git a/extensions/Ember/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/Ember/template/en/default/hook/global/user-error-errors.html.tmpl
new file mode 100644
index 000000000..c438af283
--- /dev/null
+++ b/extensions/Ember/template/en/default/hook/global/user-error-errors.html.tmpl
@@ -0,0 +1,4 @@
+[% IF error == "invalid_token" %]
+  [% title = "Invalid Token Provided" %]
+  The token provided is either invalid or expired. You must log in again.
+[% END %]