lib/oauth/controllers/provider_controller.rb in pelle-oauth-plugin-0.3.9 vs lib/oauth/controllers/provider_controller.rb in pelle-oauth-plugin-0.3.10

@@ -7,11 +7,11 @@
           before_filter :login_required, :only => [:authorize,:revoke]
           before_filter :login_or_oauth_required, :only => [:test_request]
           before_filter :oauth_required, :only => [:invalidate,:capabilities]
           before_filter :verify_oauth_consumer_signature, :only => [:request_token]
           before_filter :verify_oauth_request_token, :only => [:access_token]
-          skip_before_filter :verify_authenticity_token
+          skip_before_filter :verify_authenticity_token, :only=>[:request_token, :access_token, :invalidate, :test_request]
         end
       end
       
       def request_token
         @token = current_client_application.create_request_token
@@ -35,9 +35,14 @@
         render :text => params.collect{|k,v|"#{k}=#{v}"}.join("&")
       end
 
       def authorize
         @token = ::RequestToken.find_by_token params[:oauth_token]
+        unless @token
+          render :action=>"authorize_failure"
+          return
+        end
+        
         unless @token.invalidated?    
           if request.post? 
             if user_authorizes_token?
               @token.authorize!(current_user)
               if @token.oauth10?
\ No newline at end of file