return "403 Forbidden" if authentication token was given, however is invalid

Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Mirko Vogt <mirko@openwrt.org>
2012-08-07 19:11:52 +00:00 · 2012-08-07 19:11:52 +00:00 · 69aa218335
commit 69aa218335
parent 0c4edd49b9
1 changed files with 6 additions and 4 deletions
--- a/modules/rpc/luasrc/controller/rpc.lua
+++ b/modules/rpc/luasrc/controller/rpc.lua
@ -24,13 +24,15 @@ module "luci.controller.rpc"
 function index()
 	local function authenticator(validator, accs)
 		local auth = luci.http.formvalue("auth", true)
-		if auth then
+		if auth then -- if authentication token was given
 			local sdat = luci.sauth.read(auth)
+			if sdat then -- if given token is valid
 				user = loadstring(sdat)().user
 				if user and luci.util.contains(accs, user) then
 					return user, auth
 				end
 			end
+		end
 		luci.http.status(403, "Forbidden")
 	end