Skip to content
Snippets Groups Projects
Commit db3ed498 authored by Eugen Rochko's avatar Eugen Rochko Committed by GitHub
Browse files

When OAuth password verification fails, return 401 instead of redirect (#5111) 

Call to warden.authenticate! in resource_owner_from_credentials would
make the request redirect to sign-in path, which is a bad response for
apps. Now bad credentials just return nil, which leads to HTTP 401
from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into
this way.
parent 901fc48a
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment