From 1825118fd46883cb2a9132b039925c160ad7e57b Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Mon, 28 Jan 2019 11:41:47 +0100
Subject: [PATCH] Correctly handle invalid credentials on auth login.
Closes #407
---
lib/pleroma/web/oauth/fallback_controller.ex | 3 ++-
test/web/oauth/oauth_controller_test.exs | 25 ++++++++++++++++++++
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/lib/pleroma/web/oauth/fallback_controller.ex b/lib/pleroma/web/oauth/fallback_controller.ex
index 1eeda3d24..f0fe3b578 100644
--- a/lib/pleroma/web/oauth/fallback_controller.ex
+++ b/lib/pleroma/web/oauth/fallback_controller.ex
@@ -9,7 +9,8 @@ defmodule Pleroma.Web.OAuth.FallbackController do
# No user/password
def call(conn, _) do
conn
+ |> put_status(:unauthorized)
|> put_flash(:error, "Invalid Username/Password")
- |> OAuthController.authorize(conn.params)
+ |> OAuthController.authorize(conn.params["authorization"])
end
end
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index ccd552258..e0d3cb55f 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -34,6 +34,31 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
assert Repo.get_by(Authorization, token: code)
end
+ test "correctly handles wrong credentials", %{conn: conn} do
+ user = insert(:user)
+ app = insert(:oauth_app)
+
+ result =
+ conn
+ |> post("/oauth/authorize", %{
+ "authorization" => %{
+ "name" => user.nickname,
+ "password" => "wrong",
+ "client_id" => app.client_id,
+ "redirect_uri" => app.redirect_uris,
+ "state" => "statepassed"
+ }
+ })
+ |> html_response(:unauthorized)
+
+ # Keep the details
+ assert result =~ app.client_id
+ assert result =~ app.redirect_uris
+
+ # Error message
+ assert result =~ "Invalid"
+ end
+
test "issues a token for an all-body request" do
user = insert(:user)
app = insert(:oauth_app)
--
2.49.0