1
0
Fork 0
forked from mirrors/akkoma

Correctly handle invalid credentials on auth login.

Closes #407
This commit is contained in:
lain 2019-01-28 11:41:47 +01:00
parent b380b4898d
commit 1825118fd4
2 changed files with 27 additions and 1 deletions

View file

@ -9,7 +9,8 @@ defmodule Pleroma.Web.OAuth.FallbackController do
# No user/password # No user/password
def call(conn, _) do def call(conn, _) do
conn conn
|> put_status(:unauthorized)
|> put_flash(:error, "Invalid Username/Password") |> put_flash(:error, "Invalid Username/Password")
|> OAuthController.authorize(conn.params) |> OAuthController.authorize(conn.params["authorization"])
end end
end end

View file

@ -34,6 +34,31 @@ test "redirects with oauth authorization" do
assert Repo.get_by(Authorization, token: code) assert Repo.get_by(Authorization, token: code)
end end
test "correctly handles wrong credentials", %{conn: conn} do
user = insert(:user)
app = insert(:oauth_app)
result =
conn
|> post("/oauth/authorize", %{
"authorization" => %{
"name" => user.nickname,
"password" => "wrong",
"client_id" => app.client_id,
"redirect_uri" => app.redirect_uris,
"state" => "statepassed"
}
})
|> html_response(:unauthorized)
# Keep the details
assert result =~ app.client_id
assert result =~ app.redirect_uris
# Error message
assert result =~ "Invalid"
end
test "issues a token for an all-body request" do test "issues a token for an all-body request" do
user = insert(:user) user = insert(:user)
app = insert(:oauth_app) app = insert(:oauth_app)