Describe the bug
When checking into a train via /trains/checkin using an unauthorized bearer token, the server does not return an error such as HTTP 401. Instead, it returns an HTTP 302 redirect to the HTML login page.
To Reproduce
Steps to reproduce the behavior:
Obtain a token from the API, e.g. via curl or travelynx.de
Revoke the token from the Träwelling settings page
Use /trains/checkin to check into a train
Expected behavior
The server should return HTTP 401 and preferably a JSON document explaining the error instead of HTML.
Note that I did not test whether this also happens with entirely invalid bearer tokens.
Describe the bug When checking into a train via /trains/checkin using an unauthorized bearer token, the server does not return an error such as HTTP 401. Instead, it returns an HTTP 302 redirect to the HTML login page.
To Reproduce Steps to reproduce the behavior:
Expected behavior The server should return HTTP 401 and preferably a JSON document explaining the error instead of HTML.
Note that I did not test whether this also happens with entirely invalid bearer tokens.
Travelynx Log