Fixed wrong status code for incorrect token requests (#9374)

closes #9346

- server returned 500, happened when you send an empty username/password
- return 400 instead
- error message is/was correct

core/server/services/auth/oauth.js

@@ -179,7 +179,13 @@ oauth = {
             accessToken: authUtils.getBearerAutorizationToken(req)
         };
 
-        return oauthServer.token()(req, res, next);
+        return oauthServer.token()(req, res, function (err) {
+            if (err && err.status === 400) {
+                err = new common.errors.BadRequestError({err: err, message: err.message});
+            }
+
+            next(err);
+        });
     }
 };
 

core/test/unit/services/auth/oauth_spec.js

@@ -112,6 +112,38 @@ describe('OAuth', function () {
             });
         });
 
+        it('Can\'t generate access token without username.', function (done) {
+            req.body = {};
+
+            req.authInfo = {ip: '127.0.0.1'};
+            req.body.grant_type = 'password';
+            req.body.password = 'password';
+
+            res.setHeader = {};
+            res.end = {};
+
+            oAuth.generateAccessToken(req, res, function (err) {
+                err.errorType.should.eql('BadRequestError');
+                done();
+            });
+        });
+
+        it('Can\'t generate access token without password.', function (done) {
+            req.body = {};
+
+            req.authInfo = {ip: '127.0.0.1'};
+            req.body.grant_type = 'password';
+            req.body.username = 'username';
+
+            res.setHeader = {};
+            res.end = {};
+
+            oAuth.generateAccessToken(req, res, function (err) {
+                err.errorType.should.eql('BadRequestError');
+                done();
+            });
+        });
+
         it('Handles database error.', function (done) {
             req.body = {};
             req.client = {