Fix order of promises in login to not wrongfully congratulate on failing login

Change-Id: Ia651f25c020158566c97e1f341b57a9f16e64e16
diff --git a/Changes b/Changes
index c0d5a7b..50fefb7 100755
--- a/Changes
+++ b/Changes
@@ -1,4 +1,4 @@
-0.38 2020-05-08
+0.38 2020-05-15
         - Support X-Forwarded-Host name for proxy.
         - Document API URI.
         - Improve redirect handling in proxy.
@@ -18,6 +18,7 @@
         - Recommend log in on zero matches in search results
           in case not logged in (addresses #67).
         - Update Mojolicious requirement for security reasons.
+        - Fix order of promises in login handling.
 
 0.37 2020-01-16
         - Removed deprecated 'kalamar_test_port' helper.
diff --git a/lib/Kalamar/Plugin/Auth.pm b/lib/Kalamar/Plugin/Auth.pm
index 070ad32..7f45281 100644
--- a/lib/Kalamar/Plugin/Auth.pm
+++ b/lib/Kalamar/Plugin/Auth.pm
@@ -545,6 +545,16 @@
             # Set the tokens and return a promise
             return $c->auth->set_tokens_p(shift->result->json)
           }
+        )->then(
+          sub {
+            # Set user info
+            $c->session(user => $user);
+            $c->stash(user => $user);
+
+            # Notify on success
+            $c->app->log->debug(qq!Login successful: "$user"!);
+            $c->notify(success => $c->loc('Auth_loginSuccess'));
+          }
         )->catch(
           sub {
 
@@ -570,16 +580,6 @@
 
             $c->app->log->debug(qq!Login fail: "$user"!);
           }
-        )->then(
-          sub {
-            # Set user info
-            $c->session(user => $user);
-            $c->stash(user => $user);
-
-            # Notify on success
-            $c->app->log->debug(qq!Login successful: "$user"!);
-            $c->notify(success => $c->loc('Auth_loginSuccess'));
-          }
         )->finally(
           sub {
             # Redirect to slash
@@ -1029,7 +1029,6 @@
             # Set stash info
             $c->stash(user => $user);
             $c->stash(auth => $auth);
-
             $c->notify(success => $c->loc('Auth_loginSuccess'));
           }
         )->catch(
diff --git a/t/plugin/auth-oauth.t b/t/plugin/auth-oauth.t
index 802f9d2..f8ad55f 100644
--- a/t/plugin/auth-oauth.t
+++ b/t/plugin/auth-oauth.t
@@ -158,6 +158,7 @@
   ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
   ->element_exists('input[name=handle_or_email][value=test]')
   ->element_exists_not('div.button.top a')
+  ->element_exists_not('div.notify-success')
   ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
   ;