Commit 075773a677cb28e3db808b0326aca392719e377e
Exists in
send_email_to_admins
and in
5 other branches
Merge branch 'fix_api_login' into 'master'
api: fix validation of inactive users in login See merge request !866
Showing
2 changed files
with
8 additions
and
1 deletions
Show diff stats
lib/noosfero/api/session.rb
| @@ -15,7 +15,7 @@ module Noosfero | @@ -15,7 +15,7 @@ module Noosfero | ||
| 15 | post "/login" do | 15 | post "/login" do |
| 16 | begin | 16 | begin |
| 17 | user ||= User.authenticate(params[:login], params[:password], environment) | 17 | user ||= User.authenticate(params[:login], params[:password], environment) |
| 18 | - rescue NoosferoExceptions::UserNotActivated => e | 18 | + rescue User::UserNotActivated => e |
| 19 | render_api_error!(e.message, 401) | 19 | render_api_error!(e.message, 401) |
| 20 | end | 20 | end |
| 21 | 21 |
test/api/session_test.rb
| @@ -20,6 +20,13 @@ class SessionTest < ActiveSupport::TestCase | @@ -20,6 +20,13 @@ class SessionTest < ActiveSupport::TestCase | ||
| 20 | assert_equal 401, last_response.status | 20 | assert_equal 401, last_response.status |
| 21 | end | 21 | end |
| 22 | 22 | ||
| 23 | + should 'return 401 when login with an user that was not activated' do | ||
| 24 | + user.deactivate | ||
| 25 | + params = {:login => "testapi", :password => "testapi"} | ||
| 26 | + post "/api/v1/login?#{params.to_query}" | ||
| 27 | + assert_equal 401, last_response.status | ||
| 28 | + end | ||
| 29 | + | ||
| 23 | should 'register a user' do | 30 | should 'register a user' do |
| 24 | Environment.default.enable('skip_new_user_email_confirmation') | 31 | Environment.default.enable('skip_new_user_email_confirmation') |
| 25 | params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } | 32 | params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } |