diff --git a/app/views/help/api.html.haml b/app/views/help/api.html.haml
index 35176f8e..b1916110 100644
--- a/app/views/help/api.html.haml
+++ b/app/views/help/api.html.haml
@@ -13,6 +13,8 @@
%a{href: "#snippets"} Snippets
%li
%a{href: "#users"} Users
+ %li
+ %a{href: "#session"} Session
%li
%a{href: "#issues"} Issues
%li
@@ -58,6 +60,16 @@
%br
+.file_holder#session
+ .file_title
+ %i.icon-file
+ Session
+ .file_content.wiki
+ = preserve do
+ = markdown File.read(Rails.root.join("doc", "api", "session.md"))
+
+%br
+
.file_holder#issues
.file_title
%i.icon-file
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 5d8cc276..a8b786ae 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -9,8 +9,8 @@ module Gitlab
expose :id, :email, :name, :blocked, :created_at
end
- class UserLogin < Grape::Entity
- expose :id, :email, :name, :private_token, :blocked, :created_at
+ class UserLogin < UserBasic
+ expose :private_token
end
class Hook < Grape::Entity
@@ -56,9 +56,7 @@ module Gitlab
end
class Key < Grape::Entity
- expose :id,
- :title,
- :key
+ expose :id, :title, :key
end
end
end
diff --git a/lib/api/session.rb b/lib/api/session.rb
index 5bcdf93a..b4050160 100644
--- a/lib/api/session.rb
+++ b/lib/api/session.rb
@@ -8,14 +8,13 @@ module Gitlab
post "/session" do
resource = User.find_for_database_authentication(email: params[:email])
- return forbidden! unless resource
+ return unauthorized! unless resource
if resource.valid_password?(params[:password])
present resource, with: Entities::UserLogin
else
- forbidden!
+ unauthorized!
end
end
end
end
-
diff --git a/spec/requests/api/session_spec.rb b/spec/requests/api/session_spec.rb
index 0809475b..f251f392 100644
--- a/spec/requests/api/session_spec.rb
+++ b/spec/requests/api/session_spec.rb
@@ -19,7 +19,7 @@ describe Gitlab::API do
context "when invalid password" do
it "should return authentication error" do
post api("/session"), email: user.email, password: '123'
- response.status.should == 403
+ response.status.should == 401
json_response['email'].should be_nil
json_response['private_token'].should be_nil
@@ -29,7 +29,7 @@ describe Gitlab::API do
context "when empty password" do
it "should return authentication error" do
post api("/session"), email: user.email
- response.status.should == 403
+ response.status.should == 401
json_response['email'].should be_nil
json_response['private_token'].should be_nil