From 9037b807aebd1af1d2a5b86e981aeea6988aa77a Mon Sep 17 00:00:00 2001
From: DDDHuang <44492639+DDDHuang@users.noreply.github.com>
Date: Thu, 24 Mar 2022 11:31:31 +0800
Subject: [PATCH] fix: add api auth failed code def & fix bad spelling

---
 apps/emqx/include/http_api.hrl             | 8 ++++++++
 apps/emqx_dashboard/src/emqx_dashboard.erl | 5 +++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/include/http_api.hrl b/apps/emqx/include/http_api.hrl
index 870f25c18..08c17f274 100644
--- a/apps/emqx/include/http_api.hrl
+++ b/apps/emqx/include/http_api.hrl
@@ -14,6 +14,12 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
+%% HTTP API Auth
+-define(WRONG_USERNAME_OR_PWD, 'WRONG_USERNAME_OR_PWD').
+-define(WRONG_USERNAME_OR_PWD_OR_API_KEY_OR_API_SECRET,
+    'WRONG_USERNAME_OR_PWD_OR_API_KEY_OR_API_SECRET'
+).
+
 %% Bad Request
 -define(BAD_REQUEST, 'BAD_REQUEST').
 -define(NOT_MATCH, 'NOT_MATCH').
@@ -50,6 +56,8 @@
 
 %% All codes
 -define(ERROR_CODES, [
+    {'WRONG_USERNAME_OR_PWD', <<"Wrong username or pwd">>},
+    {'WRONG_USERNAME_OR_PWD_OR_API_KEY_OR_API_SECRET', <<"Wrong username & pwd or key & secret">>},
     {'BAD_REQUEST', <<"Request parameters are not legal">>},
     {'NOT_MATCH', <<"Conditions are not matched">>},
     {'ALREADY_EXISTS', <<"Resource already existed">>},
diff --git a/apps/emqx_dashboard/src/emqx_dashboard.erl b/apps/emqx_dashboard/src/emqx_dashboard.erl
index 8e618cb0e..74c7dd0c2 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard.erl
@@ -26,6 +26,7 @@
 -export([authorize/1]).
 
 -include_lib("emqx/include/logger.hrl").
+-include_lib("emqx/include/http_api.hrl").
 
 -define(BASE_PATH, "/api/v5").
 
@@ -166,11 +167,11 @@ authorize(Req) ->
                             ok;
                         {error, <<"not_allowed">>} ->
                             return_unauthorized(
-                                <<"WORNG_USERNAME_OR_PWD">>,
+                                ?WRONG_USERNAME_OR_PWD,
                                 <<"Check username/password">>);
                         {error, _} ->
                             return_unauthorized(
-                                <<"WORNG_USERNAME_OR_PWD_OR_API_KEY_OR_API_SECRET">>,
+                                ?WRONG_USERNAME_OR_PWD_OR_API_KEY_OR_API_SECRET,
                                 <<"Check username/password or api_key/api_secret">>)
                     end;
                 {error, _} ->