Contrib.social

Successful Login Response (200) with invalid credentials

Open on Drupal.org β†’
Created on 25 January 2021, over 3 years ago
Updated 2 April 2024, 3 months ago

Problem/Motivation

On the User login endpoint, if you pass in invalid credentials the response is always 200 regardless of if valid or not. If they are valid credentials, it returns the expected data, but if they are invalid it returns successful with an empty json.

Steps to reproduce

Try to log in using POSTMAN or similar service and provide invalid credentials

Proposed resolution

Should return an unsuccessful response describing why it's invalid: user not found, invalid password, etc.

πŸ› Bug report
Status

Needs work

Version

5.0

Component

Code

Created by

BlondeSwan

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 3 months ago β†’
    πŸ‡©πŸ‡ͺGermany Anybody Porta Westfalica

    I understand this is confusing, but after reading this discussion: https://stackoverflow.com/questions/32752578/whats-the-appropriate-http-...

    I think status code 200 is correct here! 401 would be an alternative, but it look to me, as if that would be wrong on this level?
    How to other Drupal (Rest) API modules reply here?

    Code-wise this would be easy to fix in Drupal\services\Plugin\ServiceDefinition\UserLogin!

  • Comment 3 months ago β†’
    πŸ‡©πŸ‡ͺGermany Anybody Porta Westfalica

    I compared the 5.x result to Drupal 7 and in Drupal 7 indeed the returned status code is 401 and the message is: "Invalid username or password."

    So a maintainer can perhaps tell, what's expected here!

    At least I'd suggest to add a comment to the return []; statement, why the status code is chosen and eventually link this issue, if we keep status code 200!

    Setting priority to 200 to gain visibility and get feedback, especially because of the change vs. Drupal 7.

  • Status changed to Needs work 3 months ago
  • Comment 3 months ago β†’
    πŸ‡©πŸ‡ͺGermany Anybody Porta Westfalica
contrib.social Blog FAQ Discussions
Production build 0.69.0 2024