From 89aa3595f537a69d1c5724bf6fa401f161267bb1 Mon Sep 17 00:00:00 2001
From: Raymond Feng <raymond@strongloop.com>
Date: Fri, 28 Feb 2014 13:19:52 -0800
Subject: [PATCH] Set the correct status code for User.login

See https://github.com/strongloop/loopback/issues/118
---
 lib/models/user.js |  5 ++++-
 test/user.test.js  | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/lib/models/user.js b/lib/models/user.js
index f35053b3d..049f12623 100644
--- a/lib/models/user.js
+++ b/lib/models/user.js
@@ -149,11 +149,14 @@ User.login = function (credentials, include, fn) {
   } else if(credentials.username) {
     query.username = credentials.username;
   } else {
-    return fn(new Error('must provide username or email'));
+    var err = new Error('username or email is required');
+    err.statusCode = 400;
+    return fn(err);
   }
   
   this.findOne({where: query}, function(err, user) {
     var defaultError = new Error('login failed');
+    defaultError.statusCode = 401;
     
     if(err) {
       debug('An error is reported from User.findOne: %j', err);
diff --git a/test/user.test.js b/test/user.test.js
index 81764783d..7f5cedbb7 100644
--- a/test/user.test.js
+++ b/test/user.test.js
@@ -9,6 +9,9 @@ var userMemory = loopback.createDataSource({
 
 describe('User', function(){
   var validCredentials = {email: 'foo@bar.com', password: 'bar'};
+  var invalidCredentials = {email: 'foo1@bar.com', password: 'bar1'};
+  var incompleteCredentials = {password: 'bar1'};
+
   beforeEach(function() {
     User = loopback.User.extend('user');
     User.email = loopback.Email.extend('email');
@@ -135,6 +138,40 @@ describe('User', function(){
         });
     });
 
+    it('Login a user over REST by providing invalid credentials', function(done) {
+      request(app)
+        .post('/users/login')
+        .expect('Content-Type', /json/)
+        .expect(401)
+        .send(invalidCredentials)
+        .end(function(err, res){
+          done();
+        });
+    });
+
+    it('Login a user over REST by providing incomplete credentials', function(done) {
+      request(app)
+        .post('/users/login')
+        .expect('Content-Type', /json/)
+        .expect(400)
+        .send(incompleteCredentials)
+        .end(function(err, res){
+          done();
+        });
+    });
+
+    it('Login a user over REST with the wrong Content-Type', function(done) {
+      request(app)
+        .post('/users/login')
+        .set('Content-Type', null)
+        .expect('Content-Type', /json/)
+        .expect(400)
+        .send(validCredentials)
+        .end(function(err, res){
+          done();
+        });
+    });
+
     it('Returns current user when `include` is `USER`', function(done) {
       request(app)
         .post('/users/login?include=USER')