diff options
author | Derf Null <derf@finalrewind.org> | 2023-06-25 23:28:38 +0200 |
---|---|---|
committer | Derf Null <derf@finalrewind.org> | 2023-06-25 23:28:38 +0200 |
commit | 05924f2c676bfcbe61ff55cea50c5151f2a854a5 (patch) | |
tree | 139e485c561e262f81e74486d36cca4ebdf6db21 | |
parent | e14966c48837e521bce793d0b7e3a79e03543367 (diff) |
Login: return HTTP 400 on invalid password or unconfirmed account
-rw-r--r-- | lib/Travelynx/Controller/Account.pm | 12 | ||||
-rw-r--r-- | t/02-registration.t | 4 |
2 files changed, 12 insertions, 4 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index bc24c05..f0f2119 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -260,10 +260,18 @@ sub do_login { else { my $data = $self->users->get_login_data( name => $user ); if ( $data and $data->{status} == 0 ) { - $self->render( 'login', invalid => 'confirmation' ); + $self->render( + 'login', + status => 400, + invalid => 'confirmation' + ); } else { - $self->render( 'login', invalid => 'credentials' ); + $self->render( + 'login', + status => 400, + invalid => 'credentials' + ); } } } diff --git a/t/02-registration.t b/t/02-registration.t index b588d15..53f772f 100644 --- a/t/02-registration.t +++ b/t/02-registration.t @@ -88,7 +88,7 @@ $t->post_ok( password => 'foofoofoo', } ); -$t->status_is(200)->content_like(qr{nicht freigeschaltet}); +$t->status_is(400)->content_like(qr{nicht freigeschaltet}); my $res = $t->app->pg->db->select( 'users', ['id'], { name => 'someone' } ); my $uid = $res->hash->{id}; @@ -108,7 +108,7 @@ $t->post_ok( password => 'definitely invalid', } ); -$t->status_is(200)->content_like(qr{falsches Passwort}); +$t->status_is(400)->content_like(qr{falsches Passwort}); # Successful login $t->post_ok( |