mirror of https://github.com/mastodon/mastodon
When OAuth password verification fails, return 401 instead of redirect (#5111)
Call to warden.authenticate! in resource_owner_from_credentials would make the request redirect to sign-in path, which is a bad response for apps. Now bad credentials just return nil, which leads to HTTP 401 from Doorkeeper. Also, accounts with enabled 2FA cannot be logged into this way.pull/5125/head
parent
901fc48aae
commit
db3ed498b0
Loading…
Reference in New Issue