Switch sudo mode response to 401 Unauthorized

app/controllers/sudo_mode_handler.rb

@@ -216,7 +216,7 @@ def render_reauthentication_page(login: find_or_create_login!)
         default_factor:,
         forwarded_params:
       },
-      status: :unprocessable_entity
+      status: :unauthorized
     )
   end
 

spec/controllers/ach_transfers_controller_spec.rb

@@ -110,7 +110,7 @@ def ach_transfer_params
         }
       )
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(event.ach_transfers).to be_empty
       expect(response.body).to include("Confirm Access")
 

spec/controllers/features_controller_spec.rb

@@ -16,7 +16,7 @@
 
       post(:disable_feature, params: { feature: "sudo_mode_2015_07_21" })
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(Flipper.enabled?(:sudo_mode_2015_07_21, user)).to eq(true)
 
       post(

spec/controllers/sudo_mode_handler_spec.rb

@@ -66,7 +66,7 @@ def stub_login_code_service(email:, sms:)
 
       post(:create)
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
     end
 
@@ -84,7 +84,7 @@ def stub_login_code_service(email:, sms:)
 
       post(:create)
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
       expect(extract_submit_method(response)).to eq("email")
     end
@@ -98,7 +98,7 @@ def stub_login_code_service(email:, sms:)
 
       post(:create)
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
       expect(extract_submit_method(response)).to eq("sms")
     end
@@ -114,7 +114,7 @@ def stub_login_code_service(email:, sms:)
 
       post(:create)
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
       expect(extract_submit_method(response)).to eq("email")
     end
@@ -128,7 +128,7 @@ def stub_login_code_service(email:, sms:)
 
       post(:create, params: { _sudo: { switch_method: "email" } })
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
       expect(extract_submit_method(response)).to eq("email")
     end
@@ -154,7 +154,7 @@ def stub_login_code_service(email:, sms:)
 
       post(:create)
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
 
       # If there isn't an explicit user preference we favor WebAuthn
@@ -185,7 +185,7 @@ def stub_login_code_service(email:, sms:)
 
       post(:create, params:)
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
 
       form_params =
@@ -211,7 +211,7 @@ def stub_login_code_service(email:, sms:)
 
       post(:create)
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
 
       login_id = response.parsed_body.css("[name='_sudo[login_id]']").sole.attr("value")
@@ -229,7 +229,7 @@ def stub_login_code_service(email:, sms:)
 
       post(:create, params: { _sudo: { login_id: "nope", submit_method: "email" } })
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
       expect(flash[:error]).to eq("Login has expired. Please try again.")
     end
@@ -413,7 +413,7 @@ def stub_login_service(&)
         }
       )
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
       expect(flash[:error]).to eq("Turn it off and on again")
     end

spec/controllers/users_controller_spec.rb

@@ -57,7 +57,7 @@
         }
       )
 
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
       expect(user.reload.use_two_factor_authentication).to eq(true)
 

spec/controllers/wires_controller_spec.rb

@@ -81,7 +81,7 @@ def wire_params
       )
 
       expect(event.wires).to be_empty
-      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response).to have_http_status(:unauthorized)
       expect(response.body).to include("Confirm Access")
 
       post(