Correct status code for basic-auth (#813)

* ensuring those using basic auth recieve a correct status code when their password is incorrect * Fixing oauth status codes
2017-05-23 09:48:31 -07:00 · 2017-05-23 09:48:31 -07:00 · 11bd42af82
parent feac9cb3a3
commit 11bd42af82
1 changed files with 6 additions and 6 deletions
--- a/lemur/auth/views.py
+++ b/lemur/auth/views.py
@ -103,7 +103,7 @@ class Login(Resource):
            return dict(token=create_token(user))
        metrics.send('invalid_login', 'counter', 1)
-        return dict(message='The supplied credentials are invalid'), 401
+        return dict(message='The supplied credentials are invalid'), 403
 class Ping(Resource):
@ -295,7 +295,7 @@ class OAuth2(Resource):
                algo = header_data['alg']
                break
        else:
-            return dict(message='Key not found'), 403
+            return dict(message='Key not found'), 401
        # validate your token based on the key it was signed with
        try:
@ -304,11 +304,11 @@ class OAuth2(Resource):
            else:
                jwt.decode(id_token, secret, algorithms=[algo], audience=args['clientId'])
        except jwt.DecodeError:
-            return dict(message='Token is invalid'), 403
+            return dict(message='Token is invalid'), 401
        except jwt.ExpiredSignatureError:
-            return dict(message='Token has expired'), 403
+            return dict(message='Token has expired'), 401
        except jwt.InvalidTokenError:
-            return dict(message='Token is invalid'), 403
+            return dict(message='Token is invalid'), 401
        headers = {'authorization': 'Bearer {0}'.format(access_token)}
@ -403,7 +403,7 @@ class Google(Resource):
        if not user.active:
            metrics.send('invalid_login', 'counter', 1)
-            return dict(message='The supplied credentials are invalid.'), 401
+            return dict(message='The supplied credentials are invalid.'), 403
        if user:
            metrics.send('successful_login', 'counter', 1)