hashtopolis · jessevz · Mar 17, 2026 · Mar 17, 2026 · Mar 17, 2026
diff --git a/ci/apiv2/test_user.py b/ci/apiv2/test_user.py
@@ -49,8 +49,8 @@ def test_disable_enable_user(self):
         helper = Helper()
         with self.assertRaises(HashtopolisError) as e:
             helper._test_authentication(user.name, password)
-        self.assertEqual(e.exception.status_code, 401)
-        self.assertEqual(e.exception.title, f"Authentication failed")
+        self.assertEqual(e.exception.status_code, 403)
+        self.assertEqual(e.exception.title, f"Cannot log in. Please contact your administrator for further information")
 
         #  Enable user
         user.isValid = True

diff --git a/src/inc/apiv2/auth/HashtopolisAuthenticator.php b/src/inc/apiv2/auth/HashtopolisAuthenticator.php
@@ -11,6 +11,7 @@
 use Hashtopolis\dba\Factory;
 use Hashtopolis\dba\models\User;
 use Hashtopolis\dba\QueryFilter;
+use Hashtopolis\inc\apiv2\error\HttpForbidden;
 use Tuupola\Middleware\HttpBasicAuthentication\AuthenticatorInterface;
 use Hashtopolis\inc\Util;
 
@@ -27,7 +28,7 @@ public function __invoke(array $arguments): bool {
     }
 
     if ($user->getIsValid() != 1) {
-      return false;
+      throw new HttpForbidden("Cannot log in. Please contact your administrator for further information");
     }
     else if (!Encryption::passwordVerify($password, $user->getPasswordSalt(), $user->getPasswordHash())) {
       Util::createLogEntry(DLogEntryIssuer::USER, $user->getId(), DLogEntry::WARN, "Failed login attempt due to wrong password!");