mirror of
https://github.com/flarum/framework.git
synced 2024-11-30 13:36:10 +08:00
Send a HTTP 401 for incorrect login credentials
This fixes a regression from #1843 and #1854. Now, the frontend again shows the proper "Incorrect login details" message instead of "You do not have permission to do that".
This commit is contained in:
parent
b75e8284da
commit
eca288f525
|
@ -12,7 +12,7 @@
|
|||
namespace Flarum\Api\Controller;
|
||||
|
||||
use Flarum\Http\AccessToken;
|
||||
use Flarum\User\Exception\PermissionDeniedException;
|
||||
use Flarum\User\Exception\NotAuthenticatedException;
|
||||
use Flarum\User\UserRepository;
|
||||
use Illuminate\Contracts\Bus\Dispatcher as BusDispatcher;
|
||||
use Illuminate\Contracts\Events\Dispatcher as EventDispatcher;
|
||||
|
@ -65,7 +65,7 @@ class CreateTokenController implements RequestHandlerInterface
|
|||
$user = $this->users->findByIdentification($identification);
|
||||
|
||||
if (! $user || ! $user->checkPassword($password)) {
|
||||
throw new PermissionDeniedException;
|
||||
throw new NotAuthenticatedException;
|
||||
}
|
||||
|
||||
$token = AccessToken::generate($user->id, $lifetime);
|
||||
|
|
|
@ -60,4 +60,33 @@ class WithTokenTest extends TestCase
|
|||
$token = $data['token'];
|
||||
$this->assertEquals(2, AccessToken::findOrFail($token)->user_id);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function failure_with_invalid_credentials()
|
||||
{
|
||||
$response = $this->send(
|
||||
$this->request(
|
||||
'POST', '/api/token',
|
||||
[
|
||||
'json' => [
|
||||
'identification' => 'normal',
|
||||
'password' => 'too-incorrect'
|
||||
],
|
||||
]
|
||||
)->withAttribute('bypassCsrfToken', true)
|
||||
);
|
||||
|
||||
// HTTP 401 signals an authentication problem
|
||||
$this->assertEquals(401, $response->getStatusCode());
|
||||
|
||||
// The response body should contain an error code
|
||||
$body = (string) $response->getBody();
|
||||
$this->assertJson($body);
|
||||
|
||||
$data = json_decode($body, true);
|
||||
$this->assertCount(1, $data['errors']);
|
||||
$this->assertEquals('not_authenticated', $data['errors'][0]['code']);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user