From e0b3ea4b98f6e9846b6a7f3584f443974c2a3a7d Mon Sep 17 00:00:00 2001
From: Antoine Gersant <antoine.gersant@lesforges.org>
Date: Sat, 10 Nov 2018 23:34:31 -0800
Subject: [PATCH] Fixed a bug where credentials were not being validated

---
 src/errors.rs     | 1 +
 src/rocket_api.rs | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/errors.rs b/src/errors.rs
index 30278a9..31493b3 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -64,6 +64,7 @@ impl<'r> rocket::response::Responder<'r> for Error {
 		build
 			.status(match self.0 {
 				ErrorKind::FileNotFound => rocket::http::Status::NotFound,
+				ErrorKind::IncorrectCredentials => rocket::http::Status::Unauthorized,
 				_ => rocket::http::Status::InternalServerError,
 			})
 			.ok()
diff --git a/src/rocket_api.rs b/src/rocket_api.rs
index e1d244c..b5dbc4f 100644
--- a/src/rocket_api.rs
+++ b/src/rocket_api.rs
@@ -233,7 +233,11 @@ fn auth(
 	credentials: Json<AuthCredentials>,
 	mut cookies: Cookies,
 ) -> Result<Json<AuthOutput>, errors::Error> {
-	user::auth::<DB>(&db, &credentials.username, &credentials.password)?;
+
+	if !user::auth::<DB>(&db, &credentials.username, &credentials.password)? {
+		return Err(errors::Error::from(errors::ErrorKind::IncorrectCredentials))
+	}
+
 	cookies.add_private(get_auth_cookie(&credentials.username));
 
 	let auth_output = AuthOutput {