Merge pull request #5375 from overleaf/jpa-401-failed-login

[web] send a non success status code for failed logins in Server CE/Pro

GitOrigin-RevId: 1aace4456c8602af26a362346bfc462e1476b0f7
This commit is contained in:
Jakob Ackermann 2021-10-06 13:24:57 +02:00 committed by Copybot
parent 0f1be83f46
commit 13b8321986
2 changed files with 23 additions and 0 deletions

View file

@ -72,6 +72,8 @@ const AuthenticationController = {
if (info.redir != null) {
return res.json({ redir: info.redir })
} else {
res.status(info.status || 200)
delete info.status
return res.json({ message: info })
}
}
@ -154,6 +156,7 @@ const AuthenticationController = {
return done(null, null, {
text: req.i18n.translate('to_many_login_requests_2_mins'),
type: 'error',
status: 429,
})
}
AuthenticationManager.authenticate(
@ -172,6 +175,7 @@ const AuthenticationController = {
done(null, false, {
text: req.i18n.translate('email_or_password_wrong_try_again'),
type: 'error',
status: 401,
})
}
}

View file

@ -1,5 +1,6 @@
const { expect } = require('chai')
const { ObjectId } = require('mongodb')
const Settings = require('@overleaf/settings')
const User = require('./helpers/User').promises
describe('Authentication', function () {
@ -71,4 +72,22 @@ describe('Authentication', function () {
})
})
})
describe('failed login', function () {
beforeEach('fetchCsrfToken', async function () {
await user.getCsrfToken()
})
it('should return a 401', async function () {
const {
response: { statusCode },
} = await user.doRequest('POST', {
url: Settings.enableLegacyLogin ? '/login/legacy' : '/login',
json: {
email: user.email,
password: 'foo-bar-baz',
},
})
expect(statusCode).to.equal(401)
})
})
})