# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1464794849 -7200
# Node ID 0f12ee84f30ad178d4252043a51ec1ea781faf26
# Parent  1526ae74ab6950e56ad5675f0837941ceafcc6d6
Test and fix status code and content of the login form on authentication error

The status code was 200 and is now fixed to 403, but the content part of the
test will fail until cset 02328f8cbd5c is integrated in cubicweb.

diff -r 1526ae74ab69 -r 0f12ee84f30a pyramid_cubicweb/login.py
--- a/pyramid_cubicweb/login.py	Tue Jun 28 09:44:08 2016 +0200
+++ b/pyramid_cubicweb/login.py	Wed Jun 01 17:27:29 2016 +0200
@@ -51,6 +51,7 @@
             "Authentication failed. Please check your credentials."))
         request.cw_request.post = dict(request.params)
         del request.cw_request.post['__password']
+        request.response.status_code = 403
         return login_form(request)
 
     headers = security.remember(
diff -r 1526ae74ab69 -r 0f12ee84f30a pyramid_cubicweb/tests/test_login.py
--- a/pyramid_cubicweb/tests/test_login.py	Tue Jun 28 09:44:08 2016 +0200
+++ b/pyramid_cubicweb/tests/test_login.py	Wed Jun 01 17:27:29 2016 +0200
@@ -40,6 +40,11 @@
         self.assertIn('pauth_tkt', cookies)
         self.assertIsNotNone(cookies['pauth_tkt'].expires)
 
+    def test_login_bad_password(self):
+        res = self.webapp.post('/login', {
+            '__login': self.admlogin, '__password': 'empty'}, status=403)
+        self.assertIn('Authentication failed', res.text)
+
 
 if __name__ == '__main__':
     from unittest import main