From 189b85c5289422b6d565c6e461a21a5de4269d3c Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Tue, 7 Nov 2017 15:30:13 +0100
Subject: [PATCH] ensure a non-fatal error for a non-existing token

---
 lib/IdPAccountManager/WebRequest.pm | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/lib/IdPAccountManager/WebRequest.pm b/lib/IdPAccountManager/WebRequest.pm
index 0fcb99c..2d6ad9d 100755
--- a/lib/IdPAccountManager/WebRequest.pm
+++ b/lib/IdPAccountManager/WebRequest.pm
@@ -445,11 +445,12 @@ sub req_validate_token {
         return undef;
     }
 
-    my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
+    my $token = IdPAccountManager::Data::AuthenticationToken->new(
         db    => $self->{db},
-        token => $self->{in}->{authentication_token});
+        token => $self->{in}->{authentication_token}
+    );
 
-    unless ($authentication_token->load()) {
+    if (! $token->load(speculative => 1)) {
         push @{ $self->{out}->{errors} }, "wrong_token";
         $self->{logger}->errorf(
             "Failed to validate authentication token %s for sp_entityid %s",
@@ -459,9 +460,7 @@ sub req_validate_token {
         return undef;
     }
 
-    unless ($authentication_token->get('sp_entityid') eq
-        $self->{in}->{sp_entityid})
-    {
+    if (! $token->get('sp_entityid') eq $self->{in}->{sp_entityid}) {
         push @{ $self->{out}->{errors} }, "wrong_token_for_sp";
         $self->{logger}->errorf(
             "Authentication token %s cannot be used for SP with entityid %s",
@@ -472,7 +471,7 @@ sub req_validate_token {
     }
 
     ## delete the token
-    unless ($authentication_token->delete()) {
+    unless ($token->delete()) {
         $self->{logger}->errorf(
             "Failed to delete authentication token %s",
             $self->{in}->{authentication_token}
-- 
GitLab