Fix misleading error code when receiving invalid WebAuthn credentials (#23568)

1 year ago · a232a1feb8
parent cf50667e26
commit a232a1feb8
2 changed files with 3 additions and 3 deletions
--- a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
@ -52,7 +52,7 @@ module Settings
            end
          else
            flash[:error] = I18n.t('webauthn_credentials.create.error')
-            status = :internal_server_error
+            status = :unprocessable_entity
          end
        else
          flash[:error] = t('webauthn_credentials.create.error')
--- a/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb
@ -248,7 +248,7 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do

              post :create, params: { credential: new_webauthn_credential, nickname: 'USB Key' }

-              expect(response).to have_http_status(500)
+              expect(response).to have_http_status(422)
              expect(flash[:error]).to be_present
            end
          end
@ -268,7 +268,7 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do

              post :create, params: { credential: new_webauthn_credential, nickname: nickname }

-              expect(response).to have_http_status(500)
+              expect(response).to have_http_status(422)
              expect(flash[:error]).to be_present
            end
          end