Refactors Login to return 401 unauthorized with message

Hans Jakob Håland · Hans Jakob Håland · commit 59943bc020de · 2025-09-15T14:41:24.000+02:00
diff --git a/exercise.wwwapi/Endpoints/UserEndpoints.cs b/exercise.wwwapi/Endpoints/UserEndpoints.cs
@@ -95,6 +95,7 @@ private static IResult Register(RegisterRequestDTO request, IRepository<User> se
 
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
         private static IResult Login(LoginRequestDTO request, IRepository<User> service, IConfigurationSettings config, IMapper mapper)
         {
             //if (string.IsNullOrEmpty(request.username)) request.username = request.email;
@@ -117,8 +118,11 @@ private static IResult Login(LoginRequestDTO request, IRepository<User> service,
             
             if (!BCrypt.Net.BCrypt.Verify(request.password, user.PasswordHash))
             {
-                // should probably be 401 unauthorized
-                return Results.BadRequest(new ResponseDTO<string>() { Message = "Invalid email and/or password provided" });
+                // TypedResults.Unauthorized did not support Message. "Custom" solution which includes message. 
+                return Results.Json(new ResponseDTO<string>
+                {
+                    Message = "Invalid email and/or password provided"
+                }, statusCode: StatusCodes.Status401Unauthorized);
             }
 
             string token = CreateToken(user, config);

Original file line number	Diff line number	Diff line change
`@@ -95,6 +95,7 @@ private static IResult Register(RegisterRequestDTO request, IRepository<User> se`
`95`	`95`
`96`	`96`	`[ProducesResponseType(StatusCodes.Status200OK)]`
`97`	`97`	`[ProducesResponseType(StatusCodes.Status400BadRequest)]`
	`98`	`+ [ProducesResponseType(StatusCodes.Status401Unauthorized)]`
`98`	`99`	`private static IResult Login(LoginRequestDTO request, IRepository<User> service, IConfigurationSettings config, IMapper mapper)`
`99`	`100`	`{`
`100`	`101`	`//if (string.IsNullOrEmpty(request.username)) request.username = request.email;`
`@@ -117,8 +118,11 @@ private static IResult Login(LoginRequestDTO request, IRepository<User> service,`
`117`	`118`
`118`	`119`	`if (!BCrypt.Net.BCrypt.Verify(request.password, user.PasswordHash))`
`119`	`120`	`{`
`120`		`- // should probably be 401 unauthorized`
`121`		`- return Results.BadRequest(new ResponseDTO<string>() { Message = "Invalid email and/or password provided" });`
	`121`	`+ // TypedResults.Unauthorized did not support Message. "Custom" solution which includes message.`
	`122`	`+ return Results.Json(new ResponseDTO<string>`
	`123`	`+ {`
	`124`	`+ Message = "Invalid email and/or password provided"`
	`125`	`+ }, statusCode: StatusCodes.Status401Unauthorized);`
`122`	`126`	`}`
`123`	`127`
`124`	`128`	`string token = CreateToken(user, config);`