Merge pull request #2938 from dklug/develop

Return 401 for invalid access_token on logout
author: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> 2018-04-09 23:52:56 +0100
committer: GitHub <noreply@github.com> 2018-04-09 23:52:56 +0100
commit: 37354b55c9e918e7da76f621df004b354d39d53a (patch)
tree: 14e8377f6b1ce7ab7909c8742f9a98a36b9bff7c /synapse
parent: Merge pull request #3074 from NotAFile/fix-py3-prints (diff)
parent: Return 401 for invalid access_token on logout (diff)
download: synapse-37354b55c9e918e7da76f621df004b354d39d53a.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/synapse/rest/client/v1/logout.py b/synapse/rest/client/v1/logout.py
index ca49955935..e092158cb7 100644
--- a/synapse/rest/client/v1/logout.py
+++ b/synapse/rest/client/v1/logout.py
@@ -44,7 +44,10 @@ class LogoutRestServlet(ClientV1RestServlet):
             requester = yield self.auth.get_user_by_req(request)
         except AuthError:
             # this implies the access token has already been deleted.
-            pass
+            defer.returnValue((401, {
+                "errcode": "M_UNKNOWN_TOKEN",
+                "error": "Access Token unknown or expired"
+            }))
         else:
             if requester.device_id is None:
                 # the acccess token wasn't associated with a device.
author	Richard van der Hoff <1389908+richvdh@users.noreply.github.com>	2018-04-09 23:52:56 +0100
committer	GitHub <noreply@github.com>	2018-04-09 23:52:56 +0100
commit	37354b55c9e918e7da76f621df004b354d39d53a (patch)
tree	14e8377f6b1ce7ab7909c8742f9a98a36b9bff7c /synapse
parent	Merge pull request #3074 from NotAFile/fix-py3-prints (diff)
parent	Return 401 for invalid access_token on logout (diff)
download	synapse-37354b55c9e918e7da76f621df004b354d39d53a.tar.xz