Merge pull request #36 from leapcode/feature/limit_user_leak

When attempting to login, the error messages should not leak information...

2 files changed, 3 insertions, 3 deletions

diff --git a/users/test/integration/api/Readme.md b/users/test/integration/api/Readme.md
index 3a91f3d..04363bd 100644
--- a/users/test/integration/api/Readme.md
+++ b/users/test/integration/api/Readme.md
@@ -19,5 +19,5 @@ POST: http://localhost:9292/sessions
  -> {"B":"1778367531e93a4c7713c76f67649f35a4211ebc520926ae8c3848cd66171651"}
 PUT: http://localhost:9292/sessions/SWQ055
     {"M": "123ABC"}
- -> {"field":"password","error":"wrong password"}
+ -> {"errors":[{"login":"Not a valid username/password combination"},{"password":"Not a valid username/password combination"}]}
 ```
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 314d71a..e618541 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -75,7 +75,7 @@ class AccountFlowTest < ActiveSupport::TestCase
   test "signup and wrong password login attempt" do
     srp = SRP::Client.new @login, :password => "wrong password"
     server_auth = srp.authenticate(self)
-    assert_json_error :password => "wrong password"
+    assert_json_error({:login => "Not a valid username/password combination", :password => "Not a valid username/password combination"})
     assert !last_response.successful?
     assert_nil server_auth["M2"]
   end
@@ -86,7 +86,7 @@ class AccountFlowTest < ActiveSupport::TestCase
     assert_raises RECORD_NOT_FOUND do
       server_auth = srp.authenticate(self)
     end
-    assert_json_error :login => "could not be found"
+    assert_json_error({:login => "Not a valid username/password combination", :password => "Not a valid username/password combination"})
     assert !last_response.successful?
     assert_nil server_auth
   end