diff --git a/src/errors.rs b/src/errors.rs
index 30278a9..31493b3 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -64,6 +64,7 @@ impl<'r> rocket::response::Responder<'r> for Error {
 		build
 			.status(match self.0 {
 				ErrorKind::FileNotFound => rocket::http::Status::NotFound,
+				ErrorKind::IncorrectCredentials => rocket::http::Status::Unauthorized,
 				_ => rocket::http::Status::InternalServerError,
 			})
 			.ok()
diff --git a/src/rocket_api.rs b/src/rocket_api.rs
index e1d244c..b5dbc4f 100644
--- a/src/rocket_api.rs
+++ b/src/rocket_api.rs
@@ -233,7 +233,11 @@ fn auth(
 	credentials: Json<AuthCredentials>,
 	mut cookies: Cookies,
 ) -> Result<Json<AuthOutput>, errors::Error> {
-	user::auth::<DB>(&db, &credentials.username, &credentials.password)?;
+
+	if !user::auth::<DB>(&db, &credentials.username, &credentials.password)? {
+		return Err(errors::Error::from(errors::ErrorKind::IncorrectCredentials))
+	}
+
 	cookies.add_private(get_auth_cookie(&credentials.username));
 
 	let auth_output = AuthOutput {