From 5d0a8269e33be98f270253013eda7b05d477edd5 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+github@gmail.com>
Date: Thu, 26 Aug 2021 10:52:42 +0200
Subject: [PATCH] fail if no consumer was detected, fixes #46

---
 app/controllers/api/oauth.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/controllers/api/oauth.php b/app/controllers/api/oauth.php
index dce5084ec33..22caab1bc7f 100644
--- a/app/controllers/api/oauth.php
+++ b/app/controllers/api/oauth.php
@@ -66,6 +66,12 @@ class Api_OauthController extends StudipController
 
         try {
             $consumer = RESTAPI\Consumer\Base::detectConsumer('oauth', 'request');
+            if (!$consumer) {
+                $this->response->set_status(400, 'No consumer detected');
+                $this->render_nothing();
+                return;
+            }
+
             if (Request::submitted('allow')) {
                 $result = $consumer->grantAccess($GLOBALS['user']->id);
 
-- 
GitLab