diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2017-09-27 23:42:49 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-27 23:42:49 +0200 |
commit | db3ed498b08d1ff3b1ca16d326a51abef28b9184 (patch) | |
tree | a3ce2dd83e876d0f6a791fe710b05513be44344b /app/controllers | |
parent | 901fc48aaec8c6c5f1ae3c210c701abce3c03c7c (diff) |
When OAuth password verification fails, return 401 instead of redirect (#5111)
Call to warden.authenticate! in resource_owner_from_credentials would make the request redirect to sign-in path, which is a bad response for apps. Now bad credentials just return nil, which leads to HTTP 401 from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into this way.
Diffstat (limited to 'app/controllers')
0 files changed, 0 insertions, 0 deletions