From 9c7301deac80ae5e53de9026ad7f2f1847647fbf Mon Sep 17 00:00:00 2001
From: xbgmsharp <xbgmsharp@gmail.com>
Date: Wed, 4 Oct 2023 16:39:40 +0200
Subject: [PATCH] Update login fn to return 401 Unauthorized vs 403 Forbidden

---
 initdb/02_4_signalk_auth.sql | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/initdb/02_4_signalk_auth.sql b/initdb/02_4_signalk_auth.sql
index 3b271b4..af03c38 100644
--- a/initdb/02_4_signalk_auth.sql
+++ b/initdb/02_4_signalk_auth.sql
@@ -183,7 +183,10 @@ begin
   -- check email and password
   select auth.user_role(email, pass) into _role;
   if _role is null then
-    raise invalid_password using message = 'invalid user or password';
+    -- HTTP/403
+    --raise invalid_password using message = 'invalid user or password';
+    -- HTTP/401
+    raise insufficient_privilege using message = 'invalid user or password';
   end if;
 
   -- Get app_jwt_secret