Commit c61cef1f337380a215bffc48f290e8b4755535bb
Exists in
staging
and in
4 other branches
Merge branch 'api_new_password' into 'master'
new_password: rescue exceptions on api requests See merge request !989
Showing
2 changed files
with
12 additions
and
7 deletions
Show diff stats
app/api/v1/session.rb
... | ... | @@ -141,14 +141,13 @@ module Api |
141 | 141 | # Example Request: |
142 | 142 | # PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret |
143 | 143 | patch "/new_password" do |
144 | - change_password = ChangePassword.find_by code: params[:code] | |
145 | - not_found! if change_password.nil? | |
146 | - | |
147 | - if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation]) | |
144 | + begin | |
145 | + change_password = ChangePassword.find_by! code: params[:code] | |
146 | + change_password.update_attributes!(:password => params[:password], :password_confirmation => params[:password_confirmation]) | |
148 | 147 | change_password.finish |
149 | 148 | present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person |
150 | - else | |
151 | - something_wrong! | |
149 | + rescue Exception => ex | |
150 | + render_api_error!(ex.message, 400) | |
152 | 151 | end |
153 | 152 | end |
154 | 153 | ... | ... |
test/api/session_test.rb
... | ... | @@ -178,13 +178,19 @@ class SessionTest < ActiveSupport::TestCase |
178 | 178 | patch "/api/v1/new_password?#{params.to_query}" |
179 | 179 | assert_equal Task::Status::ACTIVE, task.reload.status |
180 | 180 | assert !user.reload.authenticated?('secret') |
181 | + json = JSON.parse(last_response.body) | |
182 | + assert_match /doesn't match/, json['message'] | |
183 | + | |
181 | 184 | assert_equal 400, last_response.status |
182 | 185 | end |
183 | 186 | |
184 | 187 | should 'render not found when provide a wrong code on password change' do |
185 | 188 | params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'} |
186 | 189 | patch "/api/v1/new_password?#{params.to_query}" |
187 | - assert_equal 404, last_response.status | |
190 | + json = JSON.parse(last_response.body) | |
191 | + assert_match /Couldn't find/, json['message'] | |
192 | + | |
193 | + assert_equal 400, last_response.status | |
188 | 194 | end |
189 | 195 | |
190 | 196 | should 'not return private token when the registered user is inactive' do | ... | ... |