summaryrefslogtreecommitdiffhomepage
path: root/modules/rpc/luasrc/controller
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2012-08-07 19:11:52 +0000
committerJo-Philipp Wich <jow@openwrt.org>2012-08-07 19:11:52 +0000
commit69aa218335330e1e8c623fdc2e5e336b2b78056f (patch)
treed7e1d822bd78249a46a64feff96bdf8712cf247d /modules/rpc/luasrc/controller
parent0c4edd49b982007fff60f64a86d73aabf7f68784 (diff)
return "403 Forbidden" if authentication token was given, however is invalid
Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Mirko Vogt <mirko@openwrt.org>
Diffstat (limited to 'modules/rpc/luasrc/controller')
-rw-r--r--modules/rpc/luasrc/controller/rpc.lua10
1 files changed, 6 insertions, 4 deletions
diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua
index 7255c1780..6b091163f 100644
--- a/modules/rpc/luasrc/controller/rpc.lua
+++ b/modules/rpc/luasrc/controller/rpc.lua
@@ -24,11 +24,13 @@ module "luci.controller.rpc"
function index()
local function authenticator(validator, accs)
local auth = luci.http.formvalue("auth", true)
- if auth then
+ if auth then -- if authentication token was given
local sdat = luci.sauth.read(auth)
- user = loadstring(sdat)().user
- if user and luci.util.contains(accs, user) then
- return user, auth
+ if sdat then -- if given token is valid
+ user = loadstring(sdat)().user
+ if user and luci.util.contains(accs, user) then
+ return user, auth
+ end
end
end
luci.http.status(403, "Forbidden")