Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No method for nil value exception in token introspection #1242

Closed
linhdangduy opened this issue Apr 10, 2019 · 1 comment
Closed

No method for nil value exception in token introspection #1242

linhdangduy opened this issue Apr 10, 2019 · 1 comment
Labels
bug
Milestone
5.1

Comments

@linhdangduy
Copy link
Contributor

Steps to reproduce

After update code with #1209 pull request (on master branch or tags v5.1.0rc2), send a request to token introspection endpoint with following format:

POST /oauth/introspect HTTP/1.1
Header: Authorization = Bearer bearer_access_token
Body: token=Wrong_token (just set a random token)

Expected behavior

Because body's token was wrong, expected response is

{ "active": false }

Actual behavior

Exception occurred: No method .token for nil value. At the following line

doorkeeper/lib/doorkeeper/oauth/token_introspection.rb

Line 166 in 9bb03f8

authorized_token.token == @token.token

Reason

@token is gotten from request's param at these line

doorkeeper/app/controllers/doorkeeper/tokens_controller.rb

Lines 77 to 80 in 9bb03f8

def token
@token ||= AccessToken.by_token(params["token"]) ||
AccessToken.by_refresh_token(params["token"])
end

In case token is wrong, it will be nil. So the exception will occurred.

System configuration

Using doorkeeper on master branch or tags v5.1.0rc2.
@linhdangduy linhdangduy mentioned this issue Apr 10, 2019
Merged
@nbulaj nbulaj added this to the 5.1 milestone Apr 10, 2019
@nbulaj nbulaj added the bug label Apr 10, 2019
@nbulaj
Copy link
Member

nbulaj commented Apr 10, 2019

Fixed by #1243

@nbulaj nbulaj closed this as completed Apr 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
5.1
Development

No branches or pull requests
2 participants
@nbulaj @linhdangduy