fix: fix oauth login bad credentials (#4688)

CHANGELOG.md

@@ -11,6 +11,7 @@
 ### Fixes:
 
 * Fix update activity with emotions
+* Fix bad return with wrong credential on oauth/login api
 
 
 # RELEASED VERSIONS:

app/Http/Controllers/Api/Auth/OAuthController.php

@@ -88,7 +88,7 @@ public function login(Request $request): ?Response
             return Route::respondWithRoute('oauth.verify');
         }
 
-        return null;
+        return $this->respondUnauthorized();
     }
 
     /**

tests/Browser/Auth/AuthControllerTest.php

@@ -69,6 +69,41 @@ public function test_oauth_login()
         }
     }
 
+    public function test_oauth_login_bad_password()
+    {
+        $repository = new ClientRepository();
+        $client = null;
+        try {
+            $client = $repository->createPasswordGrantClient(
+                null, config('app.name'), config('app.url')
+            );
+
+            $this->setEnvironmentValue([
+                'PASSPORT_PERSONAL_ACCESS_CLIENT_ID' => $client->id,
+                'PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET' => $client->secret,
+            ]);
+
+            $userPassword = 'password';
+            $user = factory(User::class)->create([
+                'password' => bcrypt($userPassword),
+            ]);
+
+            $response = $this->postClient(self::OAUTH_LOGIN_URL, [
+                'email' => $user->email,
+                'password' => 'wrongPassword',
+            ]);
+
+            $this->expectNotAuthorized($response);
+        } finally {
+            if ($client) {
+                $repository->delete($client);
+            }
+            if ($user) {
+                $user->account->delete();
+            }
+        }
+    }
+
     public function test_oauth_login_wrong_mail()
     {
         $response = $this->postClient(self::OAUTH_LOGIN_URL, [