mirror of
https://git.pleroma.social/sjw/pleroma.git
synced 2024-12-27 22:05:35 +01:00
Merge branch 'oauth-login-failure-bug' into 'develop'
Correctly handle invalid credentials on auth login. Closes #407 See merge request pleroma/pleroma!728
This commit is contained in:
commit
74ed1b4d87
@ -9,7 +9,8 @@ defmodule Pleroma.Web.OAuth.FallbackController do
|
|||||||
# No user/password
|
# No user/password
|
||||||
def call(conn, _) do
|
def call(conn, _) do
|
||||||
conn
|
conn
|
||||||
|
|> put_status(:unauthorized)
|
||||||
|> put_flash(:error, "Invalid Username/Password")
|
|> put_flash(:error, "Invalid Username/Password")
|
||||||
|> OAuthController.authorize(conn.params)
|
|> OAuthController.authorize(conn.params["authorization"])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -34,6 +34,31 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
|
|||||||
assert Repo.get_by(Authorization, token: code)
|
assert Repo.get_by(Authorization, token: code)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "correctly handles wrong credentials", %{conn: conn} do
|
||||||
|
user = insert(:user)
|
||||||
|
app = insert(:oauth_app)
|
||||||
|
|
||||||
|
result =
|
||||||
|
conn
|
||||||
|
|> post("/oauth/authorize", %{
|
||||||
|
"authorization" => %{
|
||||||
|
"name" => user.nickname,
|
||||||
|
"password" => "wrong",
|
||||||
|
"client_id" => app.client_id,
|
||||||
|
"redirect_uri" => app.redirect_uris,
|
||||||
|
"state" => "statepassed"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|> html_response(:unauthorized)
|
||||||
|
|
||||||
|
# Keep the details
|
||||||
|
assert result =~ app.client_id
|
||||||
|
assert result =~ app.redirect_uris
|
||||||
|
|
||||||
|
# Error message
|
||||||
|
assert result =~ "Invalid"
|
||||||
|
end
|
||||||
|
|
||||||
test "issues a token for an all-body request" do
|
test "issues a token for an all-body request" do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
app = insert(:oauth_app)
|
app = insert(:oauth_app)
|
||||||
|
Loading…
Reference in New Issue
Block a user