Commit 669bea9556b8ae17f9e1352a885ae8a9cf75fe34
1 parent
8b7475ad
Exists in
staging
and in
4 other branches
new_password: rescue exceptions on api requests
Showing
2 changed files
with
12 additions
and
7 deletions
Show diff stats
app/api/v1/session.rb
| ... | ... | @@ -141,14 +141,13 @@ module Api |
| 141 | 141 | # Example Request: |
| 142 | 142 | # PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret |
| 143 | 143 | patch "/new_password" do |
| 144 | - change_password = ChangePassword.find_by code: params[:code] | |
| 145 | - not_found! if change_password.nil? | |
| 146 | - | |
| 147 | - if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation]) | |
| 144 | + begin | |
| 145 | + change_password = ChangePassword.find_by! code: params[:code] | |
| 146 | + change_password.update_attributes!(:password => params[:password], :password_confirmation => params[:password_confirmation]) | |
| 148 | 147 | change_password.finish |
| 149 | 148 | present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person |
| 150 | - else | |
| 151 | - something_wrong! | |
| 149 | + rescue Exception => ex | |
| 150 | + render_api_error!(ex.message, 400) | |
| 152 | 151 | end |
| 153 | 152 | end |
| 154 | 153 | ... | ... |
test/api/session_test.rb
| ... | ... | @@ -178,13 +178,19 @@ class SessionTest < ActiveSupport::TestCase |
| 178 | 178 | patch "/api/v1/new_password?#{params.to_query}" |
| 179 | 179 | assert_equal Task::Status::ACTIVE, task.reload.status |
| 180 | 180 | assert !user.reload.authenticated?('secret') |
| 181 | + json = JSON.parse(last_response.body) | |
| 182 | + assert_match /doesn't match/, json['message'] | |
| 183 | + | |
| 181 | 184 | assert_equal 400, last_response.status |
| 182 | 185 | end |
| 183 | 186 | |
| 184 | 187 | should 'render not found when provide a wrong code on password change' do |
| 185 | 188 | params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'} |
| 186 | 189 | patch "/api/v1/new_password?#{params.to_query}" |
| 187 | - assert_equal 404, last_response.status | |
| 190 | + json = JSON.parse(last_response.body) | |
| 191 | + assert_match /Couldn't find/, json['message'] | |
| 192 | + | |
| 193 | + assert_equal 400, last_response.status | |
| 188 | 194 | end |
| 189 | 195 | |
| 190 | 196 | should 'not return private token when the registered user is inactive' do | ... | ... |