]> cat aescling's git repositories - mastodon.git/commit
cat aescling's git repositories / mastodon.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 901fc48) | patch
When OAuth password verification fails, return 401 instead of redirect (#5111)
authorEugen Rochko <eugen@zeonfederated.com>
Wed, 27 Sep 2017 21:42:49 +0000 (23:42 +0200)
committerGitHub <noreply@github.com>
Wed, 27 Sep 2017 21:42:49 +0000 (23:42 +0200)
commitdb3ed498b08d1ff3b1ca16d326a51abef28b9184
treea3ce2dd83e876d0f6a791fe710b05513be44344btree | snapshot
parent901fc48aaec8c6c5f1ae3c210c701abce3c03c7ccommit | diff
When OAuth password verification fails, return 401 instead of redirect (#5111)

Call to warden.authenticate! in resource_owner_from_credentials would
make the request redirect to sign-in path, which is a bad response for
apps. Now bad credentials just return nil, which leads to HTTP 401
from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into
this way.
config/initializers/doorkeeper.rb diff | blob | history
source code fur Kibicat Mastodon