Login: return HTTP 400 on invalid password or unconfirmed account
This commit is contained in:
Derf Null
parent
e14966c488
commit
05924f2c67
2 changed files with 12 additions and 4 deletions
|
|
@ -260,10 +260,18 @@ sub do_login {
|
|||
else {
|
||||
my $data = $self->users->get_login_data( name => $user );
|
||||
if ( $data and $data->{status} == 0 ) {
|
||||
$self->render( 'login', invalid => 'confirmation' );
|
||||
$self->render(
|
||||
'login',
|
||||
status => 400,
|
||||
invalid => 'confirmation'
|
||||
);
|
||||
}
|
||||
else {
|
||||
$self->render( 'login', invalid => 'credentials' );
|
||||
$self->render(
|
||||
'login',
|
||||
status => 400,
|
||||
invalid => 'credentials'
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ $t->post_ok(
|
|||
password => 'foofoofoo',
|
||||
}
|
||||
);
|
||||
$t->status_is(200)->content_like(qr{nicht freigeschaltet});
|
||||
$t->status_is(400)->content_like(qr{nicht freigeschaltet});
|
||||
|
||||
my $res = $t->app->pg->db->select( 'users', ['id'], { name => 'someone' } );
|
||||
my $uid = $res->hash->{id};
|
||||
|
|
@ -108,7 +108,7 @@ $t->post_ok(
|
|||
password => 'definitely invalid',
|
||||
}
|
||||
);
|
||||
$t->status_is(200)->content_like(qr{falsches Passwort});
|
||||
$t->status_is(400)->content_like(qr{falsches Passwort});
|
||||
|
||||
# Successful login
|
||||
$t->post_ok(
|
||||
|
|
|
|||
Loading…
Reference in a new issue