From e13ceb690bfe2a534fa11720d75fd87b4e07d6b0 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Fri, 29 Dec 2017 15:59:34 -0800
Subject: [PATCH] Detect remote denails for Twitter accounts

---
 .../TwitterHandler.cs                                       | 6 ++++++
 .../TwitterTests.cs                                         | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index acfd765d9c..670e76f7e3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -60,6 +60,12 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             // REVIEW: see which of these are really errors
 
+            var denied = query["denied"];
+            if (!StringValues.IsNullOrEmpty(denied))
+            {
+                return HandleRequestResult.Fail("The user denied permissions.", properties);
+            }
+
             var returnedToken = query["oauth_token"];
             if (StringValues.IsNullOrEmpty(returnedToken))
             {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 735cb33146..2a63757b9a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -195,6 +195,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                     OnRemoteFailure = context =>
                     {
                         Assert.NotNull(context.Failure);
+                        Assert.Equal("The user denied permissions.", context.Failure.Message);
                         Assert.NotNull(context.Properties);
                         Assert.Equal("testvalue", context.Properties.Items["testkey"]);
                         context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
@@ -220,7 +221,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var setCookieValue = setCookieValues.Single();
             var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
 
-            var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter");
+            var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");
             request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
             var client = server.CreateClient();
             var response = await client.SendAsync(request);