API authentication returns 400 when providing the wrong credentials

One-sentence description

The API /token-auth/ returns a 400 status code when the user passed incorrect credentials, which makes it unclear why the request was denied.

Why?

To make use of the correct HTTP status code, which could clarify the reason an authentication request was denied.

Current implementation

/token-auth/ returns a 400 when providing incorrect credentials

Suggested implementation

/token-auth/ returns a 401(?) when providing incorrect credentials

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information