Merge pull request #3470 from ahuling13/expired-nonce-return-status

In the case of an expired nonce, return a 400 status code instead of 500
2015-05-20 12:08:17 +10:00 · 2015-05-20 12:08:17 +10:00 · 14ab9c45b6
parent d1d703718a e44ddff9bb
commit 14ab9c45b6
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@ -57,7 +57,7 @@ class SessionController < ApplicationController

    sso = DiscourseSingleSignOn.parse(request.query_string)
    if !sso.nonce_valid?
-      return render(text: I18n.t("sso.timeout_expired"), status: 500)
+      return render(text: I18n.t("sso.timeout_expired"), status: 419)
    end

    if ScreenedIpAddress.should_block?(request.remote_ip)