github-mirror/framework
github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-02-28 09:31:53 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Send a HTTP 401 for incorrect login credentials

Browse Source 
This fixes a regression from #1843 and #1854. Now, the frontend again
shows the proper "Incorrect login details" message instead of "You
do not have permission to do that".
This commit is contained in:
Franz Liedke 2019-09-13 14:38:06 +02:00
parent b75e8284da
commit eca288f525
2 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
framework/core/src/Api/Controller/CreateTokenController.php
View File

@ -12,7 +12,7 @@
namespace Flarum\Api\Controller; namespace Flarum\Api\Controller;
use Flarum\Http\AccessToken; use Flarum\Http\AccessToken;
use Flarum\User\Exception\PermissionDeniedException; use Flarum\User\Exception\NotAuthenticatedException;
use Flarum\User\UserRepository; use Flarum\User\UserRepository;
use Illuminate\Contracts\Bus\Dispatcher as BusDispatcher; use Illuminate\Contracts\Bus\Dispatcher as BusDispatcher;
use Illuminate\Contracts\Events\Dispatcher as EventDispatcher; use Illuminate\Contracts\Events\Dispatcher as EventDispatcher;
@ -65,7 +65,7 @@ class CreateTokenController implements RequestHandlerInterface
$user = $this->users->findByIdentification($identification); $user = $this->users->findByIdentification($identification);
if (! $user || ! $user->checkPassword($password)) { if (! $user || ! $user->checkPassword($password)) {
throw new PermissionDeniedException; throw new NotAuthenticatedException;
} }
$token = AccessToken::generate($user->id, $lifetime); $token = AccessToken::generate($user->id, $lifetime);

29
framework/core/tests/integration/api/authentication/WithTokenTest.php
View File

@ -60,4 +60,33 @@ class WithTokenTest extends TestCase
$token = $data['token']; $token = $data['token'];
$this->assertEquals(2, AccessToken::findOrFail($token)->user_id); $this->assertEquals(2, AccessToken::findOrFail($token)->user_id);
} }
/**
* @test
*/
public function failure_with_invalid_credentials()
{
$response = $this->send(
$this->request(
'POST', '/api/token',
[
'json' => [
'identification' => 'normal',
'password' => 'too-incorrect'
],
]
)->withAttribute('bypassCsrfToken', true)
);
// HTTP 401 signals an authentication problem
$this->assertEquals(401, $response->getStatusCode());
// The response body should contain an error code
$body = (string) $response->getBody();
$this->assertJson($body);
$data = json_decode($body, true);
$this->assertCount(1, $data['errors']);
$this->assertEquals('not_authenticated', $data['errors'][0]['code']);
}
} }