From d1d762aa8304b575eeac6cf2bd021a5c0e44faa6 Mon Sep 17 00:00:00 2001
From: Brad Rydzewski <brad.rydzewski@gmail.com>
Date: Mon, 13 Apr 2015 18:43:21 -0700
Subject: [PATCH] fail to generate user tokens if no secret

---
 server/token.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/server/token.go b/server/token.go
index aea9c617b..2eade64b0 100644
--- a/server/token.go
+++ b/server/token.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"errors"
 	"time"
 
 	"github.com/gin-gonic/gin"
@@ -11,10 +12,18 @@ import (
 
 // POST /api/user/tokens
 func PostToken(c *gin.Context) {
+	settings := ToSettings(c)
 	store := ToDatastore(c)
 	sess := ToSession(c)
 	user := ToUser(c)
 
+	// if a session secret is not defined there is no way to
+	// generate jwt user tokens, so we must throw an error
+	if settings.Session == nil || len(settings.Session.Secret) == 0 {
+		c.String(500, "User tokens are not configured")
+		return
+	}
+
 	in := &common.Token{}
 	if !c.BindWith(in, binding.JSON) {
 		return