From e55213a5fa86b7034edac47afb24cc87344d4738 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= Date: Thu, 9 May 2024 17:39:43 +0200 Subject: [PATCH] fail password change on authentication failure --- seacatauth/credentials/change_password/handler.py | 1 + 1 file changed, 1 insertion(+) diff --git a/seacatauth/credentials/change_password/handler.py b/seacatauth/credentials/change_password/handler.py index 3b17d53c..6d64c0be 100644 --- a/seacatauth/credentials/change_password/handler.py +++ b/seacatauth/credentials/change_password/handler.py @@ -75,6 +75,7 @@ async def change_password(self, request, *, json_data): "cid": credentials_id, "from_ip": from_ip}) await self.LastActivityService.update_last_activity( EventCode.PASSWORD_CHANGE_FAILED, credentials_id=credentials_id, from_ip=from_ip) + return asab.web.rest.json_response(request, status=401, data={"result": "FAILED"}) # Change the password try: