fix sane#19 use 401 instead of 400 for failed logins

givanse · May 19, 2015 · 7a3dd50 · 7a3dd50
1 parent bceec9a
commit 7a3dd50
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/generate/templates/server/api/controllers/AuthController.js b/generate/templates/server/api/controllers/AuthController.js
@@ -20,27 +20,27 @@ var bcrypt = require('bcrypt');
  */
 
 module.exports = {
+
   login: function(req, res) {
 
     if (req.body.grant_type === 'password') {
 
+      if ( ! req.body.username ) {
+        return res.send(401, { error: 'empty username' });
+      }
+
       User.findByUsername(req.body.username).exec(function(err, user) {
         if (err) {
-          return res.badRequest({
-            error: err
-          });
+          return res.send(500, { error: err });
         }
+
         if (!user || user.length < 1) {
-          return res.badRequest({
-            error: 'No such user'
-          });
+          return res.send(401, { error: 'username does not exist' });
         }
 
         bcrypt.compare(req.body.password, user[0].password, function(err, result) {
           if (err || !result) {
-            return res.badRequest({
-              error: 'invalidPassword'
-            });
+            return res.send(401, { error: 'invalid password' });
           } else {
             issueTokens(user, res);
           }
@@ -86,6 +86,7 @@ module.exports = {
       message: 'logoutSuccessful'
     });
   }
+
 };
 
 function issueTokens(user, res) {