From 853770a9e867a9d21a0db056cba46dc3b05293e1 Mon Sep 17 00:00:00 2001
From: Alex Mikhalev <alexmikhalevalex@gmail.com>
Date: Mon, 2 Jul 2018 15:25:35 -0600
Subject: [PATCH] Actually comparing the password when granting a token is
 important

---
 server/express/authentication.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/express/authentication.ts b/server/express/authentication.ts
index 2aee1ef..d8913dd 100644
--- a/server/express/authentication.ts
+++ b/server/express/authentication.ts
@@ -104,13 +104,13 @@ export function authentication(state: ServerState) {
         }
         const user = await User.loadByUsername(state.database, username);
         if (!user) {
-            throw new ApiError(401, "User does not exist");
+            throw new ApiError(400, "User does not exist");
         }
-        const passwordMatches = user.comparePassword(password);
+        const passwordMatches = await user.comparePassword(password);
         if (passwordMatches) {
             return user;
         } else {
-            throw new ApiError(400, "User does not exist");
+            throw new ApiError(401, "Invalid user credentials");
         }
     }