summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNihad Abbasov <narkoz.2008@gmail.com>2012-09-20 08:38:08 -0700
committerNihad Abbasov <narkoz.2008@gmail.com>2012-09-20 08:38:08 -0700
commitb08d33f6a9a82e04f288fc0a4de6d4a7489795e1 (patch)
tree93c8e95787bc1657c088c919168b418115bdc0af
parent3dd940d4cbd72afed38eba49b557823a6a55eac2 (diff)
downloadgitlab-ce-b08d33f6a9a82e04f288fc0a4de6d4a7489795e1.tar.gz
API: return 401 for invalid session
Diffstat
-rw-r--r--lib/api/session.rb5
-rw-r--r--spec/requests/api/session_spec.rb4
2 files changed, 4 insertions, 5 deletions
diff --git a/lib/api/session.rb b/lib/api/session.rb
index 5bcdf93abe9..b4050160ae4 100644
--- a/lib/api/session.rb
+++ b/lib/api/session.rb
@@ -8,14 +8,13 @@ module Gitlab
post "/session" do
resource = User.find_for_database_authentication(email: params[:email])
- return forbidden! unless resource
+ return unauthorized! unless resource
if resource.valid_password?(params[:password])
present resource, with: Entities::UserLogin
else
- forbidden!
+ unauthorized!
end
end
end
end
-
diff --git a/spec/requests/api/session_spec.rb b/spec/requests/api/session_spec.rb
index 0809475be81..f251f3921ac 100644
--- a/spec/requests/api/session_spec.rb
+++ b/spec/requests/api/session_spec.rb
@@ -19,7 +19,7 @@ describe Gitlab::API do
context "when invalid password" do
it "should return authentication error" do
post api("/session"), email: user.email, password: '123'
- response.status.should == 403
+ response.status.should == 401
json_response['email'].should be_nil
json_response['private_token'].should be_nil
@@ -29,7 +29,7 @@ describe Gitlab::API do
context "when empty password" do
it "should return authentication error" do
post api("/session"), email: user.email
- response.status.should == 403
+ response.status.should == 401
json_response['email'].should be_nil
json_response['private_token'].should be_nil
View Lorry Controller Status