From 88a0737916628b456b2fd4e694e10895b0961e90 Mon Sep 17 00:00:00 2001 From: David Cook Date: Thu, 22 Jan 2026 12:26:24 +1100 Subject: [PATCH] Return correct http code for bad login params This tells our generic ajax (Turbo) error handling to ignore the error and let the application display the response as usual. --- app/controllers/spree/user_sessions_controller.rb | 2 +- spec/controllers/spree/user_sessions_controller_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/spree/user_sessions_controller.rb b/app/controllers/spree/user_sessions_controller.rb index 521349c995..c3880fc28b 100644 --- a/app/controllers/spree/user_sessions_controller.rb +++ b/app/controllers/spree/user_sessions_controller.rb @@ -28,7 +28,7 @@ module Spree message = t('devise.failure.invalid') render turbo_stream: turbo_stream.update( 'login-feedback', partial: 'layouts/alert', locals: { message:, type: 'alert' } - ), status: :unauthorized + ), status: :unprocessable_entity end end diff --git a/spec/controllers/spree/user_sessions_controller_spec.rb b/spec/controllers/spree/user_sessions_controller_spec.rb index 808b6320af..7bc3970938 100644 --- a/spec/controllers/spree/user_sessions_controller_spec.rb +++ b/spec/controllers/spree/user_sessions_controller_spec.rb @@ -39,7 +39,7 @@ RSpec.describe Spree::UserSessionsController do spree_post :create, spree_user: { email: user.email, password: "wrong" }, format: :turbo_stream - expect(response).to have_http_status(:unauthorized) + expect(response).to have_http_status(:unprocessable_entity) expect(response.body).to include "Invalid email or password" end end