Return 401 responses on failed login (#1442)

Cadasta · May 2, 2017 · 51ebfde · 51ebfde
1 parent 062c590
commit 51ebfde
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/cadasta/accounts/tests/test_views_api.py b/cadasta/accounts/tests/test_views_api.py
@@ -117,7 +117,7 @@ def test_unsuccessful_login(self):
         """The view should return a token to authenticate API calls"""
         data = {'username': 'imagine71', 'password': 'iloveyoko78!'}
         response = self.request(method='POST', post_data=data)
-        assert response.status_code == 400
+        assert response.status_code == 401
 
     def test_login_with_unverified_email(self):
         """The view should return an error message if the User.verify_email_by
@@ -127,7 +127,7 @@ def test_login_with_unverified_email(self):
         self.user.save()
         data = {'username': 'imagine71', 'password': 'iloveyoko79!'}
         response = self.request(method='POST', post_data=data, user=self.user)
-        assert response.status_code == 400
+        assert response.status_code == 401
         assert 'auth_token' not in response.content
         assert len(mail.outbox) == 1
 

diff --git a/cadasta/accounts/views/api.py b/cadasta/accounts/views/api.py
@@ -55,7 +55,7 @@ def post(self, request):
         except ValidationError:
             return Response(
                 data=serializer.errors,
-                status=status.HTTP_400_BAD_REQUEST,
+                status=status.HTTP_401_UNAUTHORIZED,
             )
         except EmailNotVerifiedError:
             user = serializer.user
@@ -66,7 +66,7 @@ def post(self, request):
 
             return Response(
                 data={'detail': _("The email has not been verified.")},
-                status=status.HTTP_400_BAD_REQUEST,
+                status=status.HTTP_401_UNAUTHORIZED,
             )