Correct status code for basic-auth (#813)
* ensuring those using basic auth recieve a correct status code when their password is incorrect * Fixing oauth status codes
This commit is contained in:
parent
feac9cb3a3
commit
11bd42af82
@ -103,7 +103,7 @@ class Login(Resource):
|
|||||||
return dict(token=create_token(user))
|
return dict(token=create_token(user))
|
||||||
|
|
||||||
metrics.send('invalid_login', 'counter', 1)
|
metrics.send('invalid_login', 'counter', 1)
|
||||||
return dict(message='The supplied credentials are invalid'), 401
|
return dict(message='The supplied credentials are invalid'), 403
|
||||||
|
|
||||||
|
|
||||||
class Ping(Resource):
|
class Ping(Resource):
|
||||||
@ -295,7 +295,7 @@ class OAuth2(Resource):
|
|||||||
algo = header_data['alg']
|
algo = header_data['alg']
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
return dict(message='Key not found'), 403
|
return dict(message='Key not found'), 401
|
||||||
|
|
||||||
# validate your token based on the key it was signed with
|
# validate your token based on the key it was signed with
|
||||||
try:
|
try:
|
||||||
@ -304,11 +304,11 @@ class OAuth2(Resource):
|
|||||||
else:
|
else:
|
||||||
jwt.decode(id_token, secret, algorithms=[algo], audience=args['clientId'])
|
jwt.decode(id_token, secret, algorithms=[algo], audience=args['clientId'])
|
||||||
except jwt.DecodeError:
|
except jwt.DecodeError:
|
||||||
return dict(message='Token is invalid'), 403
|
return dict(message='Token is invalid'), 401
|
||||||
except jwt.ExpiredSignatureError:
|
except jwt.ExpiredSignatureError:
|
||||||
return dict(message='Token has expired'), 403
|
return dict(message='Token has expired'), 401
|
||||||
except jwt.InvalidTokenError:
|
except jwt.InvalidTokenError:
|
||||||
return dict(message='Token is invalid'), 403
|
return dict(message='Token is invalid'), 401
|
||||||
|
|
||||||
headers = {'authorization': 'Bearer {0}'.format(access_token)}
|
headers = {'authorization': 'Bearer {0}'.format(access_token)}
|
||||||
|
|
||||||
@ -403,7 +403,7 @@ class Google(Resource):
|
|||||||
|
|
||||||
if not user.active:
|
if not user.active:
|
||||||
metrics.send('invalid_login', 'counter', 1)
|
metrics.send('invalid_login', 'counter', 1)
|
||||||
return dict(message='The supplied credentials are invalid.'), 401
|
return dict(message='The supplied credentials are invalid.'), 403
|
||||||
|
|
||||||
if user:
|
if user:
|
||||||
metrics.send('successful_login', 'counter', 1)
|
metrics.send('successful_login', 'counter', 1)
|
||||||
|
Loading…
Reference in New Issue
Block a user