500 Internal Server Error on invalid password

Question

500 Internal Server Error on invalid password

rsk0 opened this issue 4 years ago · 2 comments

When entering username correctly and password wrong, the client browser gets a "500 Internal Server Error" and the logs show:

time="2021-01-28T01:11:03Z" level=warning msg="Failed to authenticate: LDAP Result Code 49 \"Invalid Credentials\": 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 775, v2580\x00" time="2021-01-28T01:11:03Z" level=debug msg="<<< GET /auth 401"

Shouldn't the client be getting a 401 instead of a 500?

Other login failures where the username is wrong give the client a 401:

time="2021-01-28T00:59:49Z" level=warning msg="Failed to authenticate: User does not exist" time="2021-01-28T00:59:49Z" level=debug msg="<<< GET /auth 401"

Answer 1 · 2021-01-28T17:32:44.000Z

Hi, thanks for reporting, it certainly looks like a bug and the client shall get 401.

P.S.: While I'll try to work on this, there is no specific timeline to solve this atm, PR, as always, is welcomed. It's just not sth that I personally have issues with so it's not an imminent problem for my scenario, despite it sux and better be fixed.

Answer 2 · 2021-02-10T01:46:24.000Z

Understood. Thank you for looking into it when you have time.