signed_request.rb in oauthenticator-1.1.0

- old
+ new

@@ -1,9 +1,13 @@
 require 'oauthenticator/signable_request'
 require 'oauthenticator/parse_authorization'
 
 module OAuthenticator
+  # an error which is to be raised when an attempt is made to use a nonce which has already been used.
+  class NonceUsedError < Error
+  end
+
   # this class represents an OAuth signed request. its primary user-facing method is {#errors}, which returns 
   # nil if the request is valid and authentic, or a helpful object of error messages describing what was 
   # invalid if not. 
   #
   # this class is not useful on its own, as various methods must be implemented on a module to be included 
@@ -213,10 +217,15 @@
         # proceed to check signature
         unless self.signature == signable_request.signature
           throw(:errors, {'Authorization oauth_signature' => ['is invalid']})
         end
 
-        use_nonce!
+        begin
+          use_nonce!
+        rescue NonceUsedError
+          throw(:errors, {'Authorization oauth_nonce' => ['has already been used']})
+        end
+
         nil
       end
     end
 
     require 'oauthenticator/config_methods'