diff --git a/runtime/backend/src/oauth/routes/OAuthController.ts b/runtime/backend/src/oauth/routes/OAuthController.ts index b2295038..83840c8b 100644 --- a/runtime/backend/src/oauth/routes/OAuthController.ts +++ b/runtime/backend/src/oauth/routes/OAuthController.ts @@ -230,7 +230,6 @@ export class OAuthController { protected async revoke( @NestRequest() req: Request, @Param("provider") provider: string, - @Query() query: OAuthCallbackRequest, ) { // read and decode access token, then find account in database const account: AccountDocument = await this.authService.getAccount(req); diff --git a/runtime/backend/src/oauth/services/OAuthService.ts b/runtime/backend/src/oauth/services/OAuthService.ts index 2d0eb2b1..e9af7c64 100644 --- a/runtime/backend/src/oauth/services/OAuthService.ts +++ b/runtime/backend/src/oauth/services/OAuthService.ts @@ -210,7 +210,7 @@ export class OAuthService { } // if scope not contains read_all - throw an exception if (request && request.scope !== this.expectedScope) { - throw new HttpException(`Unauthorized`, 401); + throw new HttpException(`Forbidden`, 403); } // reads OAuth provider from configuration diff --git a/runtime/backend/tests/unit/oauth/routes/OAuthController.spec.ts b/runtime/backend/tests/unit/oauth/routes/OAuthController.spec.ts index 82e3fe77..bfde6fc5 100644 --- a/runtime/backend/tests/unit/oauth/routes/OAuthController.spec.ts +++ b/runtime/backend/tests/unit/oauth/routes/OAuthController.spec.ts @@ -194,9 +194,11 @@ describe("common/OAuthController", () => { .mockRejectedValue(expectedError); // act - const result = (controller as any).callback(jest.fn(), "testProvider", { - scope: "read,activity:read_all", - }); + const result = (controller as any).callback( + jest.fn(), + "testProvider", + jest.fn(), + ); // assert expect(result).rejects.toThrowError(expectedError);