Merge pull request #2938 from dklug/develop

Return 401 for invalid access_token on logout
This commit is contained in:
Richard van der Hoff 2018-04-09 23:52:56 +01:00 committed by GitHub
commit 37354b55c9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -44,7 +44,10 @@ class LogoutRestServlet(ClientV1RestServlet):
requester = yield self.auth.get_user_by_req(request)
except AuthError:
# this implies the access token has already been deleted.
pass
defer.returnValue((401, {
"errcode": "M_UNKNOWN_TOKEN",
"error": "Access Token unknown or expired"
}))
else:
if requester.device_id is None:
# the acccess token wasn't associated with a device.