🐛 Fix error message for login when password wrong (#8594)

closes #8565

- isPasswordCorrect fn returns a specific error, which we simply forward
- no need to wrap a custom error into a new custom error
- the rule is always: if you are using a Ghost unit/function, you can expect that this unit returns a custom error

core/server/models/user.js

@@ -673,11 +673,7 @@ User = ghostBookshelf.Model.extend({
                         });
                 })
                 .catch(function onError(err) {
-                    return Promise.reject(new errors.UnauthorizedError({
-                        err: err,
-                        context: i18n.t('errors.models.user.incorrectPassword'),
-                        help: i18n.t('errors.models.user.userUpdateError.help')
-                    }));
+                    return Promise.reject(err);
                 });
         }, function handleError(error) {
             if (error.message === 'NotFound' || error.message === 'EmptyResponse') {
@@ -705,6 +701,7 @@ User = ghostBookshelf.Model.extend({
                 }
 
                 return Promise.reject(new errors.ValidationError({
+                    context: i18n.t('errors.models.user.incorrectPassword'),
                     message: i18n.t('errors.models.user.incorrectPassword'),
                     help: i18n.t('errors.models.user.userUpdateError.help'),
                     code: 'PASSWORD_INCORRECT'

core/test/functional/routes/api/authentication_spec.js

@@ -120,14 +120,14 @@ describe('Authentication API', function () {
                 client_secret: 'not_available'
             }).expect('Content-Type', /json/)
             .expect('Cache-Control', testUtils.cacheRules.private)
-            .expect(401)
+            .expect(422)
             .end(function (err, res) {
                 if (err) {
                     return done(err);
                 }
                 var jsonResponse = res.body;
                 should.exist(jsonResponse.errors[0].errorType);
-                jsonResponse.errors[0].errorType.should.eql('UnauthorizedError');
+                jsonResponse.errors[0].errorType.should.eql('ValidationError');
                 done();
             });
     });

core/test/functional/routes/api/spam_prevention_spec.js

@@ -98,7 +98,7 @@ describe('Spam Prevention API', function () {
                     client_secret: 'not_available'
                 })
                 .expect('Content-Type', /json/)
-                .expect(401)
+                .expect(422)
                 .end(function (err) {
                     if (err) {
                         return done(err);
@@ -155,7 +155,7 @@ describe('Spam Prevention API', function () {
                     client_id: 'ghost-admin',
                     client_secret: 'not_available'
                 }).expect('Content-Type', /json/)
-                .expect(401)
+                .expect(422)
                 .end(function (err) {
                     if (err) {
                         return done(err);
@@ -220,7 +220,7 @@ describe('Spam Prevention API', function () {
                     client_id: 'ghost-admin',
                     client_secret: 'not_available'
                 }).expect('Content-Type', /json/)
-                .expect(401)
+                .expect(422)
                 .end(function (err) {
                     if (err) {
                         return done(err);

core/test/integration/model/model_users_spec.js

@@ -628,7 +628,7 @@ describe('User Model', function run() {
             return UserModel.check(object).then(userWasLoggedIn)
                 .catch(function checkError(error) {
                     should.exist(error);
-                    error.errorType.should.equal('UnauthorizedError');
+                    error.errorType.should.equal('ValidationError');
                 });
         });
     });