lib-oauth2: Return failure instead of crash with invalid or missing token

diff --git a/src/lib-oauth2/oauth2-request.c b/src/lib-oauth2/oauth2-request.c
index 032eff1630f2f894ef819bf334943e7e0245f96d..af3e72f57c095a5f7bc29b730dd941b78d9a4769 100644 (file)
--- a/src/lib-oauth2/oauth2-request.c
+++ b/src/lib-oauth2/oauth2-request.c
@@ -159,6 +159,16 @@ oauth2_request_response(const struct http_response *response,
        oauth2_request_parse_json(req);
 }
 
+static void
+oauth2_request_fail(struct oauth2_request *req)
+{
+       struct oauth2_request_result res = {
+               .error = "No token provided",
+               .valid = FALSE,
+       };
+       oauth2_request_callback(req, &res);
+}
+
 static void
 oauth2_request_set_headers(struct oauth2_request *req,
                           const struct oauth2_request_input *input)
@@ -198,8 +208,6 @@ oauth2_request_start(const struct oauth2_settings *set,
                     const string_t *payload,
                     bool add_auth_bearer)
 {
-       i_assert(oauth2_valid_token(input->token));
-
        pool_t pool = (p == NULL) ?
                pool_alloconly_create_clean("oauth2 request", 1024) : p;
        struct oauth2_request *req =
@@ -210,6 +218,12 @@ oauth2_request_start(const struct oauth2_settings *set,
        req->req_callback = callback;
        req->req_context = context;
 
+       if (!oauth2_valid_token(input->token)) {
+               req->to_delayed_error =
+                       timeout_add_short(0, oauth2_request_fail, req);
+               return req;
+       }
+
        req->req = http_client_request_url_str(req->set->client, method, url,
                                               oauth2_request_response, req);