Merge branch 'api_new_password' into 'master'

new_password: rescue exceptions on api requests See merge request !989

Merge branch 'api_new_password' into 'master'
new_password: rescue exceptions on api requests See merge request !989
Victor Costa
2 parents 775ee2a5 669bea95
Showing 2 changed files with 12 additions and 7 deletions Show diff stats
app/api/v1/session.rb
test/api/session_test.rb
@@ -141,14 +141,13 @@ module Api
       # Example Request:
       #   PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
       patch "/new_password" do
-        change_password = ChangePassword.find_by code: params[:code]
-        not_found! if change_password.nil?
-
-        if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation])
+        begin
+          change_password = ChangePassword.find_by! code: params[:code]
+          change_password.update_attributes!(:password => params[:password], :password_confirmation => params[:password_confirmation])
           change_password.finish
           present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person
-        else
-          something_wrong!
+        rescue Exception => ex
+          render_api_error!(ex.message, 400)
         end
       end
  
@@ -178,13 +178,19 @@ class SessionTest &lt; ActiveSupport::TestCase
     patch "/api/v1/new_password?#{params.to_query}"
     assert_equal Task::Status::ACTIVE, task.reload.status
     assert !user.reload.authenticated?('secret')
+    json = JSON.parse(last_response.body)
+    assert_match /doesn't match/, json['message']
+
     assert_equal 400, last_response.status
   end
  
   should 'render not found when provide a wrong code on password change' do
     params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
     patch "/api/v1/new_password?#{params.to_query}"
-    assert_equal 404, last_response.status
+    json = JSON.parse(last_response.body)
+    assert_match /Couldn't find/, json['message']
+
+    assert_equal 400, last_response.status
   end
  
   should 'not return private token when the registered user is inactive' do
...	...	@@ -141,14 +141,13 @@ module Api
141	141	# Example Request:
142	142	# PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
143	143	patch "/new_password" do
144		- change_password = ChangePassword.find_by code: params[:code]
145		- not_found! if change_password.nil?
146		-
147		- if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation])
	144	+ begin
	145	+ change_password = ChangePassword.find_by! code: params[:code]
	146	+ change_password.update_attributes!(:password => params[:password], :password_confirmation => params[:password_confirmation])
148	147	change_password.finish
149	148	present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person
150		- else
151		- something_wrong!
	149	+ rescue Exception => ex
	150	+ render_api_error!(ex.message, 400)
152	151	end
153	152	end
154	153
...	...
...	...	@@ -178,13 +178,19 @@ class SessionTest < ActiveSupport::TestCase
178	178	patch "/api/v1/new_password?#{params.to_query}"
179	179	assert_equal Task::Status::ACTIVE, task.reload.status
180	180	assert !user.reload.authenticated?('secret')
	181	+ json = JSON.parse(last_response.body)
	182	+ assert_match /doesn't match/, json['message']
	183	+
181	184	assert_equal 400, last_response.status
182	185	end
183	186
184	187	should 'render not found when provide a wrong code on password change' do
185	188	params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
186	189	patch "/api/v1/new_password?#{params.to_query}"
187		- assert_equal 404, last_response.status
	190	+ json = JSON.parse(last_response.body)
	191	+ assert_match /Couldn't find/, json['message']
	192	+
	193	+ assert_equal 400, last_response.status
188	194	end
189	195
190	196	should 'not return private token when the registered user is inactive' do
...	...