A couple more errors

author: mrw1593 <botahamec@outlook.com> 2023-06-18 19:00:16 -0400
committer: mrw1593 <botahamec@outlook.com> 2023-06-18 19:00:16 -0400
commit: 27ab8b4d2ea815a2bac432e7393adf19429135f9 (patch)
tree: cfa21cdc1d3b5c2e152d3419badf8d1f9c347ea7 /src/api/oauth.rs
parent: 1d51343bc819ec19a593e224f61245b3b0f639b1 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/src/api/oauth.rs b/src/api/oauth.rs
index 353f287..5d1f12a 100644
--- a/src/api/oauth.rs
+++ b/src/api/oauth.rs
@@ -236,7 +236,7 @@ async fn authorize(
 				.append_header((header::LOCATION, redirect_uri.as_str()))
 				.finish()
 		}
-		_ => todo!("unsupported response type"),
+		_ => AuthorizeError::invalid_scope(redirect_uri, state).error_response(),
 	}
 }
 
@@ -460,6 +460,14 @@ impl TokenError {
 		}
 	}
 
+	fn mismatch_client_id() -> Self {
+		Self {
+			status_code: StatusCode::UNAUTHORIZED,
+			error: TokenErrorType::InvalidClient,
+			error_description: Box::from("The client ID in the Authorization header is not the same as the client ID in the request body"),
+		}
+	}
+
 	fn incorrect_client_secret() -> Self {
 		Self {
 			status_code: StatusCode::UNAUTHORIZED,
@@ -570,7 +578,7 @@ async fn token(
 				};
 
 				if authorization.username() != client_alias.deref() {
-					todo!("bad username")
+					return TokenError::mismatch_client_id().error_response();
 				}
 				if !hash.check_password(authorization.password()).unwrap() {
 					return TokenError::incorrect_client_secret().error_response();
author	mrw1593 <botahamec@outlook.com>	2023-06-18 19:00:16 -0400
committer	mrw1593 <botahamec@outlook.com>	2023-06-18 19:00:16 -0400
commit	27ab8b4d2ea815a2bac432e7393adf19429135f9 (patch)
tree	cfa21cdc1d3b5c2e152d3419badf8d1f9c347ea7 /src/api/oauth.rs
parent	1d51343bc819ec19a593e224f61245b3b0f639b1 (diff)