API: return 401 for invalid session

2012-09-20 08:38:08 -07:00 · 2012-09-20 08:38:08 -07:00 · b08d33f6a9
commit b08d33f6a9
parent 3dd940d4cb
2 changed files with 4 additions and 5 deletions
--- a/lib/api/session.rb
+++ b/lib/api/session.rb
@ -8,14 +8,13 @@ module Gitlab
    post "/session" do
      resource = User.find_for_database_authentication(email: params[:email])

-      return forbidden! unless resource
+      return unauthorized! unless resource

      if resource.valid_password?(params[:password])
        present resource, with: Entities::UserLogin
      else
-        forbidden!
+        unauthorized!
      end
    end
  end
 end
-