Commit b08d33f6 authored by Nihad Abbasov's avatar Nihad Abbasov

API: return 401 for invalid session

parent 3dd940d4
...@@ -8,14 +8,13 @@ module Gitlab ...@@ -8,14 +8,13 @@ module Gitlab
post "/session" do post "/session" do
resource = User.find_for_database_authentication(email: params[:email]) resource = User.find_for_database_authentication(email: params[:email])
return forbidden! unless resource return unauthorized! unless resource
if resource.valid_password?(params[:password]) if resource.valid_password?(params[:password])
present resource, with: Entities::UserLogin present resource, with: Entities::UserLogin
else else
forbidden! unauthorized!
end end
end end
end end
end end
...@@ -19,7 +19,7 @@ describe Gitlab::API do ...@@ -19,7 +19,7 @@ describe Gitlab::API do
context "when invalid password" do context "when invalid password" do
it "should return authentication error" do it "should return authentication error" do
post api("/session"), email: user.email, password: '123' post api("/session"), email: user.email, password: '123'
response.status.should == 403 response.status.should == 401
json_response['email'].should be_nil json_response['email'].should be_nil
json_response['private_token'].should be_nil json_response['private_token'].should be_nil
...@@ -29,7 +29,7 @@ describe Gitlab::API do ...@@ -29,7 +29,7 @@ describe Gitlab::API do
context "when empty password" do context "when empty password" do
it "should return authentication error" do it "should return authentication error" do
post api("/session"), email: user.email post api("/session"), email: user.email
response.status.should == 403 response.status.should == 401
json_response['email'].should be_nil json_response['email'].should be_nil
json_response['private_token'].should be_nil json_response['private_token'].should be_nil
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment