Add sanity check to make OAuth route friendlier

stormpath · Jul 11, 2017 · 76c7407 · 76c7407
1 parent c5dc7aa
commit 76c7407
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/src/Stormpath.Owin.Middleware/Model/Error/OauthInvalidRequest.cs b/src/Stormpath.Owin.Middleware/Model/Error/OauthInvalidRequest.cs
@@ -27,5 +27,14 @@ public OauthInvalidRequest()
                 error = "invalid_request"
             };
         }
+
+        public OauthInvalidRequest(string errorDescription)
+        {
+            Body = new
+            {
+                error = "invalid_request",
+                error_description = errorDescription
+            };
+        }
     }
 }
diff --git a/src/Stormpath.Owin.Middleware/Route/Oauth2Route.cs b/src/Stormpath.Owin.Middleware/Route/Oauth2Route.cs
@@ -113,6 +113,12 @@ private async Task<bool> ExecutePasswordFlow(IOwinEnvironment context, string us
             var jsonErrorHandler = new Func<string, CancellationToken, Task>((message, ct)
                 => Error.Create(context, new BadRequest(message), ct));
 
+            if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
+            {
+                await Error.Create(context, new OauthInvalidRequest("Missing username or password"), cancellationToken);
+                return true;
+            }
+
             var (grantResult, user) = await executor.PasswordGrantAsync(
                 context,
                 jsonErrorHandler,