From fa350e13f6e89ae0ab1b293373ce86c1c5fc2538 Mon Sep 17 00:00:00 2001
From: Panagiotis Papadopoulos <pano_90@gmx.net>
Date: Tue, 15 Apr 2025 08:37:10 +0200
Subject: [PATCH] fix(login): send back 401 Unauthorized on failed login
 attempt

---
 src/routes/login.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/routes/login.ts b/src/routes/login.ts
index 3f4d52f32..9387e18fc 100644
--- a/src/routes/login.ts
+++ b/src/routes/login.ts
@@ -134,7 +134,7 @@ function sendLoginError(req: Request, res: Response, errorType: 'password' | 'to
         log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`);
     }
 
-    res.render('login', {
+    res.status(401).render('login', {
         wrongPassword: errorType === 'password',
         wrongTotp: errorType === 'totp',
         totpEnabled: totp.isTotpEnabled(),