From 37ceffb74c50a2d463a4b45ef4b10016e488280b Mon Sep 17 00:00:00 2001
From: Karl Persson <kalle.persson@grafana.com>
Date: Tue, 29 Aug 2023 15:44:04 +0200
Subject: [PATCH] Authn: Standardize errors (#74012)

---
 pkg/services/authn/clients/password.go      | 10 ++++------
 pkg/services/authn/clients/password_test.go |  4 ++--
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/pkg/services/authn/clients/password.go b/pkg/services/authn/clients/password.go
index 8af6e0794ce..a809686a5dd 100644
--- a/pkg/services/authn/clients/password.go
+++ b/pkg/services/authn/clients/password.go
@@ -12,10 +12,8 @@ import (
 )
 
 var (
-	errEmptyPassword       = errutil.Unauthorized("password-auth.empty", errutil.WithPublicMessage("Invalid username or password"))
-	errPasswordAuthFailed  = errutil.Unauthorized("password-auth.failed", errutil.WithPublicMessage("Invalid username or password"))
-	errInvalidPassword     = errutil.Unauthorized("password-auth.invalid", errutil.WithPublicMessage("Invalid password or username"))
-	errLoginAttemptBlocked = errutil.Unauthorized("login-attempt.blocked", errutil.WithPublicMessage("Invalid username or password"))
+	errInvalidPassword    = errutil.Unauthorized("password-auth.invalid", errutil.WithPublicMessage("Invalid password or username"))
+	errPasswordAuthFailed = errutil.Unauthorized("password-auth.failed", errutil.WithPublicMessage("Invalid username or password"))
 )
 
 var _ authn.PasswordClient = new(Password)
@@ -38,11 +36,11 @@ func (c *Password) AuthenticatePassword(ctx context.Context, r *authn.Request, u
 		return nil, err
 	}
 	if !ok {
-		return nil, errLoginAttemptBlocked.Errorf("too many consecutive incorrect login attempts for user - login for user temporarily blocked")
+		return nil, errPasswordAuthFailed.Errorf("too many consecutive incorrect login attempts for user - login for user temporarily blocked")
 	}
 
 	if len(password) == 0 {
-		return nil, errEmptyPassword.Errorf("no password provided")
+		return nil, errPasswordAuthFailed.Errorf("no password provided")
 	}
 
 	var clientErrs error
diff --git a/pkg/services/authn/clients/password_test.go b/pkg/services/authn/clients/password_test.go
index 85997429041..dda54325146 100644
--- a/pkg/services/authn/clients/password_test.go
+++ b/pkg/services/authn/clients/password_test.go
@@ -45,7 +45,7 @@ func TestPassword_AuthenticatePassword(t *testing.T) {
 			username:    "test",
 			password:    "",
 			req:         &authn.Request{},
-			expectedErr: errEmptyPassword,
+			expectedErr: errPasswordAuthFailed,
 		},
 		{
 			desc:        "should if login is blocked by to many attempts",
@@ -53,7 +53,7 @@ func TestPassword_AuthenticatePassword(t *testing.T) {
 			password:    "test",
 			req:         &authn.Request{},
 			blockLogin:  true,
-			expectedErr: errLoginAttemptBlocked,
+			expectedErr: errPasswordAuthFailed,
 		},
 		{
 			desc:        "should fail when not found in any clients",