return 401 for login failures (#15432)

* return 401 for login failures * only setup the rate limiter when configured
2024-12-10 07:42:55 -06:00
parent 0b9c4c18dd
commit 6b12a45a95
4 changed files with 13 additions and 6 deletions
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@@ -329,7 +329,7 @@ def login(request: Request, body: AppPostLoginBody):
    try:
        db_user: User = User.get_by_id(user)
    except DoesNotExist:
-        return JSONResponse(content={"message": "Login failed"}, status_code=400)
+        return JSONResponse(content={"message": "Login failed"}, status_code=401)

    password_hash = db_user.password_hash
    if verify_password(password, password_hash):
@@ -340,7 +340,7 @@ def login(request: Request, body: AppPostLoginBody):
            response, JWT_COOKIE_NAME, encoded_jwt, expiration, JWT_COOKIE_SECURE
        )
        return response
-    return JSONResponse(content={"message": "Login failed"}, status_code=400)
+    return JSONResponse(content={"message": "Login failed"}, status_code=401)


@router.get("/users")
--- a/frigate/api/fastapi_app.py
+++ b/frigate/api/fastapi_app.py
@@ -87,7 +87,11 @@ def create_fastapi_app(
        logger.info("FastAPI started")

    # Rate limiter (used for login endpoint)
-    auth.rateLimiter.set_limit(frigate_config.auth.failed_login_rate_limit or "")
+    if frigate_config.auth.failed_login_rate_limit is None:
+        limiter.enabled = False
+    else:
+        auth.rateLimiter.set_limit(frigate_config.auth.failed_login_rate_limit)
+
    app.state.limiter = limiter
    app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
    app.add_middleware(SlowAPIMiddleware)