From 14c757f7d24e1149bd32a03dbb7c1d01a022d3b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D0=BD=D1=82=D0=BE=D0=BD?= <a.sysoev@b2b-center.ru>
Date: Sat, 25 Oct 2025 11:51:18 +0300
Subject: [PATCH] =?UTF-8?q?=D0=9F=D0=BE=D0=B4=D0=B3=D0=BE=D1=82=D0=BE?=
 =?UTF-8?q?=D0=B2=D0=BA=D0=B0=20=D0=B8=D0=BD=D1=82=D0=B5=D0=B3=D1=80=D0=B0?=
 =?UTF-8?q?=D1=86=D0=B8=D0=BE=D0=BD=D0=BD=D0=BE=D0=B3=D0=BE=20=D1=82=D0=B5?=
 =?UTF-8?q?=D1=81=D1=82=D0=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/endpoints_handlers/AuthLoginExecutor.h    |  2 +-
 .../AuthLoginExecutor_TEST.cpp                | 36 ++++++++++++++++++-
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/src/endpoints_handlers/AuthLoginExecutor.h b/src/endpoints_handlers/AuthLoginExecutor.h
index ff2a10b..d49e35e 100644
--- a/src/endpoints_handlers/AuthLoginExecutor.h
+++ b/src/endpoints_handlers/AuthLoginExecutor.h
@@ -66,7 +66,7 @@ public:
 
     const std::optional<user> maybe_user = user_dao_->GetByLogin(login);
 
-    if (!maybe_user.has_value() && maybe_user.value().hashed_password != HashPassword(password))
+    if (!maybe_user.has_value() || maybe_user.value().hashed_password != HashPassword(password))
     {
       BOOST_LOG_TRIVIAL(info) << "POST /api/v1/Auth/Login - Response 403: Incorrect login or password";
       throw session_exception(http::status::forbidden,"Incorrect login or password");
diff --git a/tests/endpoint_handlers/AuthLoginExecutor_TEST.cpp b/tests/endpoint_handlers/AuthLoginExecutor_TEST.cpp
index 07090d1..81bf6d4 100644
--- a/tests/endpoint_handlers/AuthLoginExecutor_TEST.cpp
+++ b/tests/endpoint_handlers/AuthLoginExecutor_TEST.cpp
@@ -31,7 +31,7 @@ using RouteAuthLoginExecutor = AuthLoginExecutor<beast::http::string_body,
 using Request = boost::beast::http::request<beast::http::string_body,
                                             beast::http::basic_fields<std::allocator<char>>>;
 
-BOOST_AUTO_TEST_CASE(AuthRegistrationExecutor_Invalid_Login_Data)
+BOOST_AUTO_TEST_CASE(AuthRegistrationExecutor_Cannot_Serialize_JSON)
 {
   auto& argv = boost::unit_test::framework::master_test_suite().argv;
 
@@ -59,3 +59,37 @@ BOOST_AUTO_TEST_CASE(AuthRegistrationExecutor_Invalid_Login_Data)
   mysql_session->close();
   delete mysql_session;
 }
+
+BOOST_AUTO_TEST_CASE(AuthRegistrationExecutor_Invalid_Login_Data)
+{
+  auto& argv = boost::unit_test::framework::master_test_suite().argv;
+
+  const std::string mysql_credentials = argv[1];
+
+  mysqlx::Session* mysql_session = new mysqlx::Session(mysql_credentials);
+
+  uad::SetMySqlSession(mysql_session);
+
+  auto user_dao = make_shared<MySQLUserDAO>(GetMySqlSession());
+  auto auth_dao = make_shared<MemoryAuthDAO>(GetMySqlSession());
+  auto executor = RouteAuthLoginExecutor(GetMySqlSession(), user_dao, auth_dao);
+
+  Request req;
+  value req_body;
+
+  req_body.emplace_object();
+
+  req_body.as_object().emplace("login"s, "MyLogin123456780"s + kUUID);
+  req_body.as_object().emplace("password"s, "Qwerty123456"s);
+
+  req.body() = serialize(req_body);
+
+  BOOST_CHECK_EXCEPTION(executor(std::move(req)), session_exception,
+                        [](const session_exception& e) -> bool
+                        {
+                        return e.code == beast::http::status::forbidden;
+                        });
+
+  mysql_session->close();
+  delete mysql_session;
+}