sachet/sachet-server
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

/users/password: return 403 on auth failure

Browse Source
This commit is contained in:
dogeystamp 2023-07-05 21:22:14 -04:00
parent e16d842880
commit 1b145791e5
Signed by: dogeystamp
GPG Key ID: 7225FE3592EFFA38
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/authentication.rst
View File

@ -123,3 +123,4 @@ Use the following request body:
} }
Send the user's current password in ``old``, and Sachet will change it to the password in ``new``. Send the user's current password in ``old``, and Sachet will change it to the password in ``new``.
If the password is wrong, Sachet will return a ``403``.

2
sachet/server/users/views.py
View File

@ -117,7 +117,7 @@ class PasswordAPI(MethodView):
"message": "Invalid 'old' password.", "message": "Invalid 'old' password.",
} }
), ),
400, 403,
) )
else: else:
auth_user.password = auth_user.gen_hash(new_psswd) auth_user.password = auth_user.gen_hash(new_psswd)