Merge branch 'oauth-login-failure-bug' into 'develop'

Correctly handle invalid credentials on auth login.

Closes #407

See merge request pleroma/pleroma!728
This commit is contained in:
href 2019-01-28 10:49:03 +00:00
commit 74ed1b4d87
2 changed files with 27 additions and 1 deletions

View file

@ -9,7 +9,8 @@ defmodule Pleroma.Web.OAuth.FallbackController do
# No user/password # No user/password
def call(conn, _) do def call(conn, _) do
conn conn
|> put_status(:unauthorized)
|> put_flash(:error, "Invalid Username/Password") |> put_flash(:error, "Invalid Username/Password")
|> OAuthController.authorize(conn.params) |> OAuthController.authorize(conn.params["authorization"])
end end
end end

View file

@ -34,6 +34,31 @@ test "redirects with oauth authorization" do
assert Repo.get_by(Authorization, token: code) assert Repo.get_by(Authorization, token: code)
end end
test "correctly handles wrong credentials", %{conn: conn} do
user = insert(:user)
app = insert(:oauth_app)
result =
conn
|> post("/oauth/authorize", %{
"authorization" => %{
"name" => user.nickname,
"password" => "wrong",
"client_id" => app.client_id,
"redirect_uri" => app.redirect_uris,
"state" => "statepassed"
}
})
|> html_response(:unauthorized)
# Keep the details
assert result =~ app.client_id
assert result =~ app.redirect_uris
# Error message
assert result =~ "Invalid"
end
test "issues a token for an all-body request" do test "issues a token for an all-body request" do
user = insert(:user) user = insert(:user)
app = insert(:oauth_app) app = insert(:oauth_app)