kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

API: return 401 for invalid session

Browse source
This commit is contained in:
Nihad Abbasov 2012-09-20 08:38:08 -07:00
parent 3dd940d4cb
commit b08d33f6a9
2 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/api/session.rb
View file

@ -8,14 +8,13 @@ module Gitlab
post "/session" do
resource = User.find_for_database_authentication(email: params[:email])
return forbidden! unless resource
return unauthorized! unless resource
if resource.valid_password?(params[:password])
present resource, with: Entities::UserLogin
else
forbidden!
unauthorized!
end
end
end
end

4
spec/requests/api/session_spec.rb
View file

@ -19,7 +19,7 @@ describe Gitlab::API do
context "when invalid password" do
it "should return authentication error" do
post api("/session"), email: user.email, password: '123'
response.status.should == 403
response.status.should == 401
json_response['email'].should be_nil
json_response['private_token'].should be_nil
@ -29,7 +29,7 @@ describe Gitlab::API do
context "when empty password" do
it "should return authentication error" do
post api("/session"), email: user.email
response.status.should == 403
response.status.should == 401
json_response['email'].should be_nil
json_response['private_token'].should be_nil