summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDerf Null <derf@finalrewind.org>2023-06-25 23:28:38 +0200
committerDerf Null <derf@finalrewind.org>2023-06-25 23:28:38 +0200
commit05924f2c676bfcbe61ff55cea50c5151f2a854a5 (patch)
tree139e485c561e262f81e74486d36cca4ebdf6db21
parente14966c48837e521bce793d0b7e3a79e03543367 (diff)
Login: return HTTP 400 on invalid password or unconfirmed account
-rw-r--r--lib/Travelynx/Controller/Account.pm12
-rw-r--r--t/02-registration.t4
2 files changed, 12 insertions, 4 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index bc24c05..f0f2119 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -260,10 +260,18 @@ sub do_login {
else {
my $data = $self->users->get_login_data( name => $user );
if ( $data and $data->{status} == 0 ) {
- $self->render( 'login', invalid => 'confirmation' );
+ $self->render(
+ 'login',
+ status => 400,
+ invalid => 'confirmation'
+ );
}
else {
- $self->render( 'login', invalid => 'credentials' );
+ $self->render(
+ 'login',
+ status => 400,
+ invalid => 'credentials'
+ );
}
}
}
diff --git a/t/02-registration.t b/t/02-registration.t
index b588d15..53f772f 100644
--- a/t/02-registration.t
+++ b/t/02-registration.t
@@ -88,7 +88,7 @@ $t->post_ok(
password => 'foofoofoo',
}
);
-$t->status_is(200)->content_like(qr{nicht freigeschaltet});
+$t->status_is(400)->content_like(qr{nicht freigeschaltet});
my $res = $t->app->pg->db->select( 'users', ['id'], { name => 'someone' } );
my $uid = $res->hash->{id};
@@ -108,7 +108,7 @@ $t->post_ok(
password => 'definitely invalid',
}
);
-$t->status_is(200)->content_like(qr{falsches Passwort});
+$t->status_is(400)->content_like(qr{falsches Passwort});
# Successful login
$t->post_ok(