fix(login): send back 401 Unauthorized on failed login attempt

2025-08-12 20:02:28 +08:00 · 2025-04-15 08:37:10 +02:00 · 2025-04-15 08:37:10 +02:00 · fa350e13f6
commit fa350e13f6
parent 3a3f5be7be
1 changed files with 1 additions and 1 deletions
--- a/src/routes/login.ts
+++ b/src/routes/login.ts
@ -134,7 +134,7 @@ function sendLoginError(req: Request, res: Response, errorType: 'password' | 'to
        log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`);
    }
-    res.render('login', {
+    res.status(401).render('login', {
        wrongPassword: errorType === 'password',
        wrongTotp: errorType === 'totp',
        totpEnabled: totp.isTotpEnabled(),