login endpoint returns 412 error code even if totp is disabled #1518
Labels
No Label
dependencies
duplicate
help wanted
invalid
kind/bug
kind/feature
needs reproduction
question
security
wontfix
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: vikunja/vikunja#1518
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
/login returns http status code 412 when username or password is wrong, which, according to the docs, is reserved for missing or invalid totp code.
Vikunja Frontend Version
v0.20.5
Vikunja API Version
v0.20.4
Browser and version
No response
Can you reproduce the bug on the Vikunja demo site?
Yes
Screenshots
No response
You mean the status code? That can be a few different errors. You should check Vikunja's error code: https://vikunja.io/docs/errors/#user
For wrong username or password that's 1011, for an invalid totp code that's 1017.
I was talking about the http response code, which, according to the docs, should be 403 for wrong username or password instead of 412.
I am using the ErrorCode now. I was just confused because the api docs say something different.
https://try.vikunja.io/api/v1/docs#tag/user/paths/~1login/post
Yeah the docs need an update.
Turns out swagger (or the lib we're using to generate swagger docs) only allows one response per http status code. That kind of prevents us from using multiple responses. I'll add a note to the docs.