BUG: api session: better error message with disabled session storage

the error message when the session storage was disabled was misleading as it suggested wrong credentials, but actually no login is required and possible. the intelmq-manager shows a fixed error message and needs a fix as well
certtools · Aug 25, 2021 · ff934b7 · ff934b7
1 parent ff1c479
commit ff934b7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -8,7 +8,7 @@ CHANGELOG
 
 3.0.1 (unreleased)
 ------------------
-
+- Return a matching error message if the session storage is disabled and therefore a login is not possible (PR#36 by Sebastian Wagner, fixes #35).
 
 3.0.0 (2021-07-07)
 ------------------

diff --git a/intelmq_api/api.py b/intelmq_api/api.py
@@ -185,14 +185,17 @@ def config(response, file: str, fetch: bool=False):
 
 @hug.post("/api/login", versions=1)
 def login(username: str, password: str):
-    if session_store is not None:
+    if session_store is None:
+        return {"error": "Session store is disabled by configuration! No login possible and required."}
+    else:
         known = session_store.verify_user(username, password)
         if known is not None:
             token = session_store.new_session({"username": username})
             return {"login_token": token,
                     "username": username,
                     }
-    return "Invalid username and/or password"
+        else:
+            return {"error": "Invalid username and/or password."}
 
 
 @hug.get("/api/harmonization", requires=token_authentication, versions=1)
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,7 +8,7 @@ CHANGELOG @@
 .0.1 (unreleased)
     ------------------
+    - Return a matching error message if the session storage is disabled and therefore a login is not possible (PR#36 by Sebastian Wagner, fixes #35).
 .0.0 (2021-07-07)
     ------------------
@@ Expand Down @@