From 1d21d0ff1efadaba83ee04bf0acf9ed2284fcf30 Mon Sep 17 00:00:00 2001
From: Antoine Gersant <antoine.gersant@lesforges.org>
Date: Sun, 2 Jul 2017 14:56:46 -0700
Subject: [PATCH] Fixed a bug where using an incorrect username would cause
 HTTP 500 response

---
 src/errors.rs |  4 +++-
 src/user.rs   | 11 ++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/errors.rs b/src/errors.rs
index 3ce22c7..ebbaabd 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -55,7 +55,9 @@ impl From<Error> for IronError {
 			}
 			e @ Error(ErrorKind::MissingUsername, _) => IronError::new(e, Status::BadRequest),
 			e @ Error(ErrorKind::MissingPassword, _) => IronError::new(e, Status::BadRequest),
-			e @ Error(ErrorKind::IncorrectCredentials, _) => IronError::new(e, Status::BadRequest),
+			e @ Error(ErrorKind::IncorrectCredentials, _) => {
+				IronError::new(e, Status::Unauthorized)
+			}
 			e @ Error(ErrorKind::CannotServeDirectory, _) => IronError::new(e, Status::BadRequest),
 			e @ Error(ErrorKind::UnsupportedFileType, _) => IronError::new(e, Status::BadRequest),
 			e => IronError::new(e, Status::InternalServerError),
diff --git a/src/user.rs b/src/user.rs
index fc242fe..1d8d2f4 100644
--- a/src/user.rs
+++ b/src/user.rs
@@ -1,4 +1,5 @@
 use core::ops::Deref;
+use diesel;
 use diesel::prelude::*;
 use rand;
 use ring::{digest, pbkdf2};
@@ -58,9 +59,13 @@ pub fn auth<T>(db: &T, username: &str, password: &str) -> Result<bool>
 	let connection = db.get_connection();
 	let connection = connection.lock().unwrap();
 	let connection = connection.deref();
-	let user: User = users
+	let user: QueryResult<User> = users
 		.select((name, password_salt, password_hash))
 		.filter(name.eq(username))
-		.get_result(connection)?;
-	Ok(user.verify_password(password))
+		.get_result(connection);
+	match user {
+		Err(diesel::result::Error::NotFound) => Ok(false),
+		Ok(u) => Ok(u.verify_password(password)),
+		Err(e) => Err(e.into()),
+	}
 }