Return unauthorized, not forbidden, when authenticating with an invalid cookie

1 files changed, 4 insertions, 4 deletions

diff --git a/src/login/extract/login.rs b/src/login/extract/login.rs
index a5f648b..8b5bb41 100644
--- a/src/login/extract/login.rs
+++ b/src/login/extract/login.rs
@@ -23,18 +23,18 @@ impl FromRequestParts<App> for Login {
         let identity_token = IdentityToken::from_request_parts(parts, state).await?;
         let RequestedAt(used_at) = RequestedAt::from_request_parts(parts, state).await?;
 
-        let secret = identity_token.secret().ok_or(LoginError::Forbidden)?;
+        let secret = identity_token.secret().ok_or(LoginError::Unauthorized)?;
 
         let app = State::<App>::from_request_parts(parts, state).await?;
         let login = app.logins().validate(secret, used_at).await?;
 
-        login.ok_or(LoginError::Forbidden)
+        login.ok_or(LoginError::Unauthorized)
     }
 }
 
 pub enum LoginError<E> {
     Failure(E),
-    Forbidden,
+    Unauthorized,
 }
 
 impl<E> IntoResponse for LoginError<E>
@@ -43,7 +43,7 @@ where
 {
     fn into_response(self) -> Response {
         match self {
-            Self::Forbidden => (StatusCode::FORBIDDEN, "forbidden").into_response(),
+            Self::Unauthorized => (StatusCode::UNAUTHORIZED, "unauthorized").into_response(),
             Self::Failure(e) => e.into_response(),
         }
     }