From 0c449490170b0fd35cddf94a698cf11773066c15 Mon Sep 17 00:00:00 2001
From: Jake Moshenko <jake.moshenko@coreos.com>
Date: Fri, 20 Nov 2015 18:35:02 -0500
Subject: [PATCH] Return a 401 when doing a login with bad credentials

---
 endpoints/v2/v2auth.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/endpoints/v2/v2auth.py b/endpoints/v2/v2auth.py
index f302d11ca..db30f6c23 100644
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@@ -103,6 +103,10 @@ def generate_registry_jwt():
       'actions': actions,
     })
 
+  elif user is None and token is None:
+    # In this case, we are doing an auth flow, and it's not an anonymous pull
+    return abort(401)
+
   token_data = {
     'iss': app.config['JWT_AUTH_TOKEN_ISSUER'],
     'aud': audience_param,