From 11bd42af82abde852bf67b8e93f1ea9b0b3d5d55 Mon Sep 17 00:00:00 2001 From: kevgliss Date: Tue, 23 May 2017 09:48:31 -0700 Subject: [PATCH] Correct status code for basic-auth (#813) * ensuring those using basic auth recieve a correct status code when their password is incorrect * Fixing oauth status codes --- lemur/auth/views.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lemur/auth/views.py b/lemur/auth/views.py index 35a0aa43..b94f44ac 100644 --- a/lemur/auth/views.py +++ b/lemur/auth/views.py @@ -103,7 +103,7 @@ class Login(Resource): return dict(token=create_token(user)) metrics.send('invalid_login', 'counter', 1) - return dict(message='The supplied credentials are invalid'), 401 + return dict(message='The supplied credentials are invalid'), 403 class Ping(Resource): @@ -295,7 +295,7 @@ class OAuth2(Resource): algo = header_data['alg'] break else: - return dict(message='Key not found'), 403 + return dict(message='Key not found'), 401 # validate your token based on the key it was signed with try: @@ -304,11 +304,11 @@ class OAuth2(Resource): else: jwt.decode(id_token, secret, algorithms=[algo], audience=args['clientId']) except jwt.DecodeError: - return dict(message='Token is invalid'), 403 + return dict(message='Token is invalid'), 401 except jwt.ExpiredSignatureError: - return dict(message='Token has expired'), 403 + return dict(message='Token has expired'), 401 except jwt.InvalidTokenError: - return dict(message='Token is invalid'), 403 + return dict(message='Token is invalid'), 401 headers = {'authorization': 'Bearer {0}'.format(access_token)} @@ -403,7 +403,7 @@ class Google(Resource): if not user.active: metrics.send('invalid_login', 'counter', 1) - return dict(message='The supplied credentials are invalid.'), 401 + return dict(message='The supplied credentials are invalid.'), 403 if user: metrics.send('successful_login', 'counter', 1)