From 6fa3ac62dea55b97cdb275a109a896a26facd350 Mon Sep 17 00:00:00 2001 From: Gerben Jongerius Date: Thu, 23 May 2024 13:43:22 +0200 Subject: [PATCH] Set the correct status code in case of an invalid 2factor code. --- .../com/jongsoft/finance/core/exception/StatusException.java | 4 ++++ .../jongsoft/finance/rest/security/MultiFactorResource.java | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/core/src/main/java/com/jongsoft/finance/core/exception/StatusException.java b/core/src/main/java/com/jongsoft/finance/core/exception/StatusException.java index bccf8139..531ff7c4 100644 --- a/core/src/main/java/com/jongsoft/finance/core/exception/StatusException.java +++ b/core/src/main/java/com/jongsoft/finance/core/exception/StatusException.java @@ -34,6 +34,10 @@ public static StatusException notAuthorized(String message) { return new StatusException(401, message, null); } + public static StatusException forbidden(String message) { + return new StatusException(403, message, null); + } + public static StatusException internalError(String message) { return new StatusException(500, message, null); } diff --git a/fintrack-api/src/main/java/com/jongsoft/finance/rest/security/MultiFactorResource.java b/fintrack-api/src/main/java/com/jongsoft/finance/rest/security/MultiFactorResource.java index 242e357a..69c71df4 100644 --- a/fintrack-api/src/main/java/com/jongsoft/finance/rest/security/MultiFactorResource.java +++ b/fintrack-api/src/main/java/com/jongsoft/finance/rest/security/MultiFactorResource.java @@ -46,7 +46,7 @@ public MultiFactorResource( public HttpResponse validateToken(@Valid @Body MultiFactorRequest verification, HttpRequest request) { var user = currentUserProvider.currentUser(); if (!TwoFactorHelper.verifySecurityCode(user.getSecret(), verification.verificationCode())) { - throw StatusException.notAuthorized("Invalid verification code"); + throw StatusException.forbidden("Invalid verification code"); } var authentication = Authentication.build(