Fix misleading error code when receiving invalid WebAuthn credentials (#23568)

a232a1fe · Claire · GitHub · cf50667e · a232a1fe · a232a1fe
Unverified Commit a232a1fe authored 2 years ago by Claire Committed by GitHub 2 years ago
--- a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
@@ -52,7 +52,7 @@ module Settings
            end
          else
            flash[:error] = I18n.t('webauthn_credentials.create.error')
-            status = :internal_server_error
+            status = :unprocessable_entity
          end
        else
          flash[:error] = t('webauthn_credentials.create.error')

--- a/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb
@@ -248,7 +248,7 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do

              post :create, params: { credential: new_webauthn_credential, nickname: 'USB Key' }

-              expect(response).to have_http_status(500)
+              expect(response).to have_http_status(422)
              expect(flash[:error]).to be_present
            end
          end
@@ -268,7 +268,7 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do

              post :create, params: { credential: new_webauthn_credential, nickname: nickname }

-              expect(response).to have_http_status(500)
+              expect(response).to have_http_status(422)
              expect(flash[:error]).to be_present
            end
          end