/login endpoint should return unauthorized exception or internal server error for incorrect user/pass. Returning null returns a 204 (no content) which appears successful. A recent change to allow /login through the AuthInterceptor to remove the redundant user/pass check inside login resource exposed this. The user is not logged in (no auth token is returned), but it appears the user login was a success.
- Christopher Navarro
- Christopher Navarro
- Votes:
-
0 Vote for this issue
- Watchers:
-
1 Start watching this issue
- Created:
- Updated:
- Resolved:
- Estimated:
-
- 1h
- Remaining:
-
- 30m
- Logged:
-
- 30m