Merge pull request #5375 from overleaf/jpa-401-failed-login

[web] send a non success status code for failed logins in Server CE/Pro

GitOrigin-RevId: 1aace4456c8602af26a362346bfc462e1476b0f7

services/web/app/src/Features/Authentication/AuthenticationController.js

@@ -72,6 +72,8 @@ const AuthenticationController = {
         if (info.redir != null) {
           return res.json({ redir: info.redir })
         } else {
+          res.status(info.status || 200)
+          delete info.status
           return res.json({ message: info })
         }
       }
@@ -154,6 +156,7 @@ const AuthenticationController = {
             return done(null, null, {
               text: req.i18n.translate('to_many_login_requests_2_mins'),
               type: 'error',
+              status: 429,
             })
           }
           AuthenticationManager.authenticate(
@@ -172,6 +175,7 @@ const AuthenticationController = {
                 done(null, false, {
                   text: req.i18n.translate('email_or_password_wrong_try_again'),
                   type: 'error',
+                  status: 401,
                 })
               }
             }

services/web/test/acceptance/src/AuthenticationTests.js

@@ -1,5 +1,6 @@
 const { expect } = require('chai')
 const { ObjectId } = require('mongodb')
+const Settings = require('@overleaf/settings')
 const User = require('./helpers/User').promises
 
 describe('Authentication', function () {
@@ -71,4 +72,22 @@ describe('Authentication', function () {
       })
     })
   })
+
+  describe('failed login', function () {
+    beforeEach('fetchCsrfToken', async function () {
+      await user.getCsrfToken()
+    })
+    it('should return a 401', async function () {
+      const {
+        response: { statusCode },
+      } = await user.doRequest('POST', {
+        url: Settings.enableLegacyLogin ? '/login/legacy' : '/login',
+        json: {
+          email: user.email,
+          password: 'foo-bar-baz',
+        },
+      })
+      expect(statusCode).to.equal(401)
+    })
+  })
 })