add nil check operator in token checking at token introspection

doorkeeper-gem · Apr 10, 2019 · c976f78 · c976f78
1 parent 9bb03f8
commit c976f78
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -7,6 +7,7 @@ User-visible changes worth mentioning.
 
 ## master
 
+- [#1243]: Add nil check operator in token checking at token introspection.
 - [#1241] Explaining foreign key options for resource owner in a single place
 - [#1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
 - [#1234] Fix `StaleRecordsCleaner` to properly work with big amount of records.

diff --git a/lib/doorkeeper/oauth/token_introspection.rb b/lib/doorkeeper/oauth/token_introspection.rb
@@ -163,7 +163,7 @@ def valid_token?
 
       # RFC7662 Section 2.1
       def authorized_token_matches_introspected?
-        authorized_token.token == @token.token
+        authorized_token.token == @token&.token
       end
 
       # If token doesn't belong to some client, then it is public.

diff --git a/spec/controllers/tokens_controller_spec.rb b/spec/controllers/tokens_controller_spec.rb
@@ -213,14 +213,14 @@
     end
 
     context "authorized using invalid Bearer token" do
-      let(:token_for_introspection) do
+      let(:access_token) do
         FactoryBot.create(:access_token, application: client, revoked_at: 1.day.ago)
       end
 
       it "responds with invalid token error" do
-        request.headers["Authorization"] = "Bearer #{token_for_introspection.token}"
+        request.headers["Authorization"] = "Bearer #{access_token.token}"
 
-        post :introspect, params: { token: access_token.token }
+        post :introspect, params: { token: token_for_introspection.token }
 
         response_status_should_be 401