Commit 1825118f authored by lain's avatar lain
Browse files

Correctly handle invalid credentials on auth login.

Closes #407
parent b380b489
Pipeline #6687 passed with stages
in 5 minutes and 39 seconds
......@@ -9,7 +9,8 @@ defmodule Pleroma.Web.OAuth.FallbackController do
# No user/password
def call(conn, _) do
conn
|> put_status(:unauthorized)
|> put_flash(:error, "Invalid Username/Password")
|> OAuthController.authorize(conn.params)
|> OAuthController.authorize(conn.params["authorization"])
end
end
......@@ -34,6 +34,31 @@ test "redirects with oauth authorization" do
assert Repo.get_by(Authorization, token: code)
end
test "correctly handles wrong credentials", %{conn: conn} do
user = insert(:user)
app = insert(:oauth_app)
result =
conn
|> post("/oauth/authorize", %{
"authorization" => %{
"name" => user.nickname,
"password" => "wrong",
"client_id" => app.client_id,
"redirect_uri" => app.redirect_uris,
"state" => "statepassed"
}
})
|> html_response(:unauthorized)
# Keep the details
assert result =~ app.client_id
assert result =~ app.redirect_uris
# Error message
assert result =~ "Invalid"
end
test "issues a token for an all-body request" do
user = insert(:user)
app = insert(:oauth_app)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment