config/initializers/doorkeeper.rb · f58dcbc9814b5ba2fd4f7d7af643aa25dcf40594 · facil / jasette-facil

7 years ago

When OAuth password verification fails, return 401 instead of redirect (#5111) · db3ed498

Eugen Rochko a rédigé 7 years ago

Call to warden.authenticate! in resource_owner_from_credentials would
make the request redirect to sign-in path, which is a bad response for
apps. Now bad credentials just return nil, which leads to HTTP 401
from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into
this way.

db3ed498

Historique

When OAuth password verification fails, return 401 instead of redirect (#5111)

Eugen Rochko a rédigé 7 years ago

Call to warden.authenticate! in resource_owner_from_credentials would
make the request redirect to sign-in path, which is a bad response for
apps. Now bad credentials just return nil, which leads to HTTP 401
from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into
this way.