Eugen Rochko db3ed498b0 When OAuth password verification fails, return 401 instead of redirect (#5111) ...

Call to warden.authenticate! in resource_owner_from_credentials would
make the request redirect to sign-in path, which is a bad response for
apps. Now bad credentials just return nil, which leads to HTTP 401
from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into
this way.

2017-09-27 23:42:49 +02:00

4.9 KiB

Raw Blame History

View Raw