Correct status code for basic-auth (#813)

* ensuring those using basic auth recieve a correct status code when their password is incorrect

* Fixing oauth status codes
This commit is contained in:
kevgliss 2017-05-23 09:48:31 -07:00 committed by GitHub
parent feac9cb3a3
commit 11bd42af82

View File

@ -103,7 +103,7 @@ class Login(Resource):
return dict(token=create_token(user)) return dict(token=create_token(user))
metrics.send('invalid_login', 'counter', 1) metrics.send('invalid_login', 'counter', 1)
return dict(message='The supplied credentials are invalid'), 401 return dict(message='The supplied credentials are invalid'), 403
class Ping(Resource): class Ping(Resource):
@ -295,7 +295,7 @@ class OAuth2(Resource):
algo = header_data['alg'] algo = header_data['alg']
break break
else: else:
return dict(message='Key not found'), 403 return dict(message='Key not found'), 401
# validate your token based on the key it was signed with # validate your token based on the key it was signed with
try: try:
@ -304,11 +304,11 @@ class OAuth2(Resource):
else: else:
jwt.decode(id_token, secret, algorithms=[algo], audience=args['clientId']) jwt.decode(id_token, secret, algorithms=[algo], audience=args['clientId'])
except jwt.DecodeError: except jwt.DecodeError:
return dict(message='Token is invalid'), 403 return dict(message='Token is invalid'), 401
except jwt.ExpiredSignatureError: except jwt.ExpiredSignatureError:
return dict(message='Token has expired'), 403 return dict(message='Token has expired'), 401
except jwt.InvalidTokenError: except jwt.InvalidTokenError:
return dict(message='Token is invalid'), 403 return dict(message='Token is invalid'), 401
headers = {'authorization': 'Bearer {0}'.format(access_token)} headers = {'authorization': 'Bearer {0}'.format(access_token)}
@ -403,7 +403,7 @@ class Google(Resource):
if not user.active: if not user.active:
metrics.send('invalid_login', 'counter', 1) metrics.send('invalid_login', 'counter', 1)
return dict(message='The supplied credentials are invalid.'), 401 return dict(message='The supplied credentials are invalid.'), 403
if user: if user:
metrics.send('successful_login', 'counter', 1) metrics.send('successful_login', 'counter', 1)