more checks on response validity during token acquisition

Signed-off-by: Michael Krelin <hacker@klever.net>

2 files changed, 9 insertions, 0 deletions

diff --git a/include/opkele/oauth.h b/include/opkele/oauth.h
index 14d0586..bc6c2fa 100644
--- a/include/opkele/oauth.h
+++ b/include/opkele/oauth.h
@@ -13,8 +13,10 @@ namespace opkele {
 
 	    token_t() { }
 	    token_t(const string& k,const string& s)
 		: key(k), secret(s) { }
+
+	    bool empty() const { return key.empty() && secret.empty(); }
 	};
 
     }
 }
diff --git a/lib/oauth-consumer.cc b/lib/oauth-consumer.cc
index bb4e89b..0d31ec7 100644
--- a/lib/oauth-consumer.cc
+++ b/lib/oauth-consumer.cc
@@ -129,8 +129,13 @@ namespace opkele {
 	    if( (r=curl.easy_setopt(CURLOPT_URL,hr.url.c_str())) )
 		throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r);
 	    if( (r=curl.easy_perform()) )
 		throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
+	    long response_code;
+	    if( (r=curl.easy_getinfo(CURLINFO_RESPONSE_CODE,&response_code)) )
+		throw exception_curl(OPKELE_CP_ "failed to retrieve curl response code",r);
+	    if(response_code!=200) /* TODO: specialize exception */
+		throw exception(OPKELE_CP_ "invalid response from the OAuth provider");
 	    token_t rv;
 	    string::size_type p=0;
 	    while(p!=string::npos) {
 		string::size_type np = curl.response.find('&',p);
@@ -152,8 +157,10 @@ namespace opkele {
 			throw opkele::exception(OPKELE_CP_ "found oauth_secret twice");
 		    rv.secret = util::url_decode(part.substr(eq+1));
 		}
 	    }
+	    if(rv.empty()) /* TODO: specialize */
+		throw exception(OPKELE_CP_ "failed to retrieve token from OAuth provider response");
 	    return rv;
 	}
 
 	http_request_t& basic_consumer::prepare_request(