From 45d754e4b054f51b9cf0b58d5eaa6f56118463ad Mon Sep 17 00:00:00 2001
From: Aleh Zasypkin <aleh.zasypkin@gmail.com>
Date: Mon, 30 Jul 2018 17:12:33 +0200
Subject: [PATCH] [6.x] Make `/api/security/v1/login` to return `204` status
 code if no payload is provided. (#21406)

---
 .../security/server/routes/api/v1/__tests__/authenticate.js   | 3 +++
 x-pack/plugins/security/server/routes/api/v1/authenticate.js  | 3 +++
 x-pack/test/api_integration/apis/security/basic_login.js      | 4 ++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/x-pack/plugins/security/server/routes/api/v1/__tests__/authenticate.js b/x-pack/plugins/security/server/routes/api/v1/__tests__/authenticate.js
index 7604f4eff7b85d..4139569e51b345 100644
--- a/x-pack/plugins/security/server/routes/api/v1/__tests__/authenticate.js
+++ b/x-pack/plugins/security/server/routes/api/v1/__tests__/authenticate.js
@@ -64,6 +64,9 @@ describe('Authentication routes', () => {
             username: Joi.string().required(),
             password: Joi.string().required()
           }
+        },
+        response: {
+          emptyStatusCode: 204,
         }
       });
     });
diff --git a/x-pack/plugins/security/server/routes/api/v1/authenticate.js b/x-pack/plugins/security/server/routes/api/v1/authenticate.js
index 4b5d847b724b21..e92a0a2a9536c9 100644
--- a/x-pack/plugins/security/server/routes/api/v1/authenticate.js
+++ b/x-pack/plugins/security/server/routes/api/v1/authenticate.js
@@ -23,6 +23,9 @@ export function initAuthenticateApi(server) {
           username: Joi.string().required(),
           password: Joi.string().required()
         }
+      },
+      response: {
+        emptyStatusCode: 204,
       }
     },
     async handler(request, reply) {
diff --git a/x-pack/test/api_integration/apis/security/basic_login.js b/x-pack/test/api_integration/apis/security/basic_login.js
index 864bf3fcbaad8c..d2a666a2166e41 100644
--- a/x-pack/test/api_integration/apis/security/basic_login.js
+++ b/x-pack/test/api_integration/apis/security/basic_login.js
@@ -54,7 +54,7 @@ export default function ({ getService }) {
       const loginResponse = await supertest.post('/api/security/v1/login')
         .set('kbn-xsrf', 'xxx')
         .send({ username: validUsername, password: validPassword })
-        .expect(200);
+        .expect(204);
 
       const cookies = loginResponse.headers['set-cookie'];
       expect(cookies).to.have.length(1);
@@ -111,7 +111,7 @@ export default function ({ getService }) {
         const loginResponse = await supertest.post('/api/security/v1/login')
           .set('kbn-xsrf', 'xxx')
           .send({ username: validUsername, password: validPassword })
-          .expect(200);
+          .expect(204);
 
         sessionCookie = request.cookie(loginResponse.headers['set-cookie'][0]);
       });