commit: 74ed1b4d87f5ee5570966179bc6094ac0be09533
parent: b380b4898d3165c41a0e2b09b0727cad6b58f925
Author: href <href+git-pleroma@random.sh>
Date: Mon, 28 Jan 2019 10:49:03 +0000
Merge branch 'oauth-login-failure-bug' into 'develop'
Correctly handle invalid credentials on auth login.
Closes #407
See merge request pleroma/pleroma!728
Diffstat:
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/lib/pleroma/web/oauth/fallback_controller.ex b/lib/pleroma/web/oauth/fallback_controller.ex
@@ -9,7 +9,8 @@ defmodule Pleroma.Web.OAuth.FallbackController do
# No user/password
def call(conn, _) do
conn
+ |> put_status(:unauthorized)
|> put_flash(:error, "Invalid Username/Password")
- |> OAuthController.authorize(conn.params)
+ |> OAuthController.authorize(conn.params["authorization"])
end
end
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
@@ -34,6 +34,31 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
assert Repo.get_by(Authorization, token: code)
end
+ test "correctly handles wrong credentials", %{conn: conn} do
+ user = insert(:user)
+ app = insert(:oauth_app)
+
+ result =
+ conn
+ |> post("/oauth/authorize", %{
+ "authorization" => %{
+ "name" => user.nickname,
+ "password" => "wrong",
+ "client_id" => app.client_id,
+ "redirect_uri" => app.redirect_uris,
+ "state" => "statepassed"
+ }
+ })
+ |> html_response(:unauthorized)
+
+ # Keep the details
+ assert result =~ app.client_id
+ assert result =~ app.redirect_uris
+
+ # Error message
+ assert result =~ "Invalid"
+ end
+
test "issues a token for an all-body request" do
user = insert(:user)
app = insert(:oauth_app)
