app icon indicating copy to clipboard operation
app copied to clipboard
verified publisher icon simple-login

Failed login attemps should return a 401 error code instead of 200.

Open samthesamman opened this issue 1 year ago • 0 comments

Please note that this is only for bug report.

For help on your account, please reach out to us at hi[at]simplelogin.io. Please make sure to check out our FAQ that contains frequently asked questions.

For feature request, you can use our forum.

For self-hosted question/issue, please ask in self-hosted forum

Prerequisites

  • [x] I have searched open and closed issues to make sure that the bug has not yet been reported.

Bug report

Describe the bug When a user fails to login with invalid credentials, the app returns a 200 response (with error message shown in UI)

Expected behavior Some non-2xx response should be returned.

Screenshots N/A

Environment (If applicable): N/A

Additional context For tools like Fail2ban and crowdsec to work, and to help mitigate attacks against self-hosted instances, you should return a proper error code for failed login attempts.

samthesamman avatar Oct 23 '24 16:10 samthesamman