/users/password: return 403 on auth failure

2023-07-05 21:22:14 -04:00 · 2023-07-05 21:22:14 -04:00 · 1b145791e5
commit 1b145791e5
parent e16d842880
2 changed files with 2 additions and 1 deletions
--- a/docs/authentication.rst
+++ b/docs/authentication.rst
@ -123,3 +123,4 @@ Use the following request body:
    }

 Send the user's current password in ``old``, and Sachet will change it to the password in ``new``.
+If the password is wrong, Sachet will return a ``403``.
--- a/sachet/server/users/views.py
+++ b/sachet/server/users/views.py
@ -117,7 +117,7 @@ class PasswordAPI(MethodView):
                        "message": "Invalid 'old' password.",
                    }
                ),
-                400,
+                403,
            )
        else:
            auth_user.password = auth_user.gen_hash(new_psswd)