diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2012-08-07 19:11:52 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2012-08-07 19:11:52 +0000 |
commit | 69aa218335330e1e8c623fdc2e5e336b2b78056f (patch) | |
tree | d7e1d822bd78249a46a64feff96bdf8712cf247d | |
parent | 0c4edd49b982007fff60f64a86d73aabf7f68784 (diff) |
return "403 Forbidden" if authentication token was given, however is invalid
Contributed by T-Labs, Deutsche Telekom Innovation Laboratories
Signed-off-by: Mirko Vogt <mirko@openwrt.org>
-rw-r--r-- | modules/rpc/luasrc/controller/rpc.lua | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua index 7255c1780..6b091163f 100644 --- a/modules/rpc/luasrc/controller/rpc.lua +++ b/modules/rpc/luasrc/controller/rpc.lua @@ -24,11 +24,13 @@ module "luci.controller.rpc" function index() local function authenticator(validator, accs) local auth = luci.http.formvalue("auth", true) - if auth then + if auth then -- if authentication token was given local sdat = luci.sauth.read(auth) - user = loadstring(sdat)().user - if user and luci.util.contains(accs, user) then - return user, auth + if sdat then -- if given token is valid + user = loadstring(sdat)().user + if user and luci.util.contains(accs, user) then + return user, auth + end end end luci.http.status(403, "Forbidden") |