Return a 401 when doing a login with bad credentials

2015-11-20 18:35:02 -05:00 · 2015-11-20 18:35:02 -05:00 · 0c44949017
commit 0c44949017
parent ec396226c3
1 changed files with 4 additions and 0 deletions
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@ -103,6 +103,10 @@ def generate_registry_jwt():
      'actions': actions,
    })

+  elif user is None and token is None:
+    # In this case, we are doing an auth flow, and it's not an anonymous pull
+    return abort(401)
+
  token_data = {
    'iss': app.config['JWT_AUTH_TOKEN_ISSUER'],
    'aud': audience_param,