From: lain Date: Mon, 28 Jan 2019 10:41:47 +0000 (+0100) Subject: Correctly handle invalid credentials on auth login. X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=1825118fd46883cb2a9132b039925c160ad7e57b;p=akkoma Correctly handle invalid credentials on auth login. Closes #407 --- diff --git a/lib/pleroma/web/oauth/fallback_controller.ex b/lib/pleroma/web/oauth/fallback_controller.ex index 1eeda3d24..f0fe3b578 100644 --- a/lib/pleroma/web/oauth/fallback_controller.ex +++ b/lib/pleroma/web/oauth/fallback_controller.ex @@ -9,7 +9,8 @@ defmodule Pleroma.Web.OAuth.FallbackController do # No user/password def call(conn, _) do conn + |> put_status(:unauthorized) |> put_flash(:error, "Invalid Username/Password") - |> OAuthController.authorize(conn.params) + |> OAuthController.authorize(conn.params["authorization"]) end end diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index ccd552258..e0d3cb55f 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -34,6 +34,31 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert Repo.get_by(Authorization, token: code) end + test "correctly handles wrong credentials", %{conn: conn} do + user = insert(:user) + app = insert(:oauth_app) + + result = + conn + |> post("/oauth/authorize", %{ + "authorization" => %{ + "name" => user.nickname, + "password" => "wrong", + "client_id" => app.client_id, + "redirect_uri" => app.redirect_uris, + "state" => "statepassed" + } + }) + |> html_response(:unauthorized) + + # Keep the details + assert result =~ app.client_id + assert result =~ app.redirect_uris + + # Error message + assert result =~ "Invalid" + end + test "issues a token for an all-body request" do user = insert(:user) app = insert(:oauth_app)