From 05924f2c676bfcbe61ff55cea50c5151f2a854a5 Mon Sep 17 00:00:00 2001 From: Derf Null Date: Sun, 25 Jun 2023 23:28:38 +0200 Subject: Login: return HTTP 400 on invalid password or unconfirmed account --- lib/Travelynx/Controller/Account.pm | 12 ++++++++++-- t/02-registration.t | 4 ++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index bc24c05..f0f2119 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -260,10 +260,18 @@ sub do_login { else { my $data = $self->users->get_login_data( name => $user ); if ( $data and $data->{status} == 0 ) { - $self->render( 'login', invalid => 'confirmation' ); + $self->render( + 'login', + status => 400, + invalid => 'confirmation' + ); } else { - $self->render( 'login', invalid => 'credentials' ); + $self->render( + 'login', + status => 400, + invalid => 'credentials' + ); } } } diff --git a/t/02-registration.t b/t/02-registration.t index b588d15..53f772f 100644 --- a/t/02-registration.t +++ b/t/02-registration.t @@ -88,7 +88,7 @@ $t->post_ok( password => 'foofoofoo', } ); -$t->status_is(200)->content_like(qr{nicht freigeschaltet}); +$t->status_is(400)->content_like(qr{nicht freigeschaltet}); my $res = $t->app->pg->db->select( 'users', ['id'], { name => 'someone' } ); my $uid = $res->hash->{id}; @@ -108,7 +108,7 @@ $t->post_ok( password => 'definitely invalid', } ); -$t->status_is(200)->content_like(qr{falsches Passwort}); +$t->status_is(400)->content_like(qr{falsches Passwort}); # Successful login $t->post_ok( -- cgit v1.2.3