Return 403 if totp token is invalid

the ui redirects to login screen otherwise
2019-03-23 14:07:37 -07:00
parent 0190a92c26
commit ee76c2c06e
5 changed files with 5 additions and 4 deletions
--- a/src/routes/apps.js
+++ b/src/routes/apps.js
@@ -60,7 +60,7 @@ function verifyOwnership(req, res, next) {
        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
        if (error) return next(new HttpError(500, error));

-        if (app.ownerId !== req.user.id) return next(new HttpError(401, 'Unauthorized'));
+        if (app.ownerId !== req.user.id) return next(new HttpError(403, 'User is not owner'));

        next();
    });