Commit 74ed1b4d authored by href's avatar href
Browse files

Merge branch 'oauth-login-failure-bug' into 'develop'

Correctly handle invalid credentials on auth login.

Closes #407

See merge request pleroma/pleroma!728
parents b380b489 1825118f
Pipeline #6688 passed with stages
in 3 minutes and 29 seconds
...@@ -9,7 +9,8 @@ defmodule Pleroma.Web.OAuth.FallbackController do ...@@ -9,7 +9,8 @@ defmodule Pleroma.Web.OAuth.FallbackController do
# No user/password # No user/password
def call(conn, _) do def call(conn, _) do
conn conn
|> put_status(:unauthorized)
|> put_flash(:error, "Invalid Username/Password") |> put_flash(:error, "Invalid Username/Password")
|> OAuthController.authorize(conn.params) |> OAuthController.authorize(conn.params["authorization"])
end end
end end
...@@ -34,6 +34,31 @@ test "redirects with oauth authorization" do ...@@ -34,6 +34,31 @@ test "redirects with oauth authorization" do
assert Repo.get_by(Authorization, token: code) assert Repo.get_by(Authorization, token: code)
end end
test "correctly handles wrong credentials", %{conn: conn} do
user = insert(:user)
app = insert(:oauth_app)
result =
conn
|> post("/oauth/authorize", %{
"authorization" => %{
"name" => user.nickname,
"password" => "wrong",
"client_id" => app.client_id,
"redirect_uri" => app.redirect_uris,
"state" => "statepassed"
}
})
|> html_response(:unauthorized)
# Keep the details
assert result =~ app.client_id
assert result =~ app.redirect_uris
# Error message
assert result =~ "Invalid"
end
test "issues a token for an all-body request" do test "issues a token for an all-body request" do
user = insert(:user) user = insert(:user)
app = insert(:oauth_app) app = insert(:oauth_app)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment