diff --git a/app/api/v1/session.rb b/app/api/v1/session.rb index 7d02ef2..5752d05 100644 --- a/app/api/v1/session.rb +++ b/app/api/v1/session.rb @@ -141,14 +141,13 @@ module Api # Example Request: # PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret patch "/new_password" do - change_password = ChangePassword.find_by code: params[:code] - not_found! if change_password.nil? - - if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation]) + begin + change_password = ChangePassword.find_by! code: params[:code] + change_password.update_attributes!(:password => params[:password], :password_confirmation => params[:password_confirmation]) change_password.finish present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person - else - something_wrong! + rescue Exception => ex + render_api_error!(ex.message, 400) end end diff --git a/test/api/session_test.rb b/test/api/session_test.rb index 080818a..3b2ef79 100644 --- a/test/api/session_test.rb +++ b/test/api/session_test.rb @@ -178,13 +178,19 @@ class SessionTest < ActiveSupport::TestCase patch "/api/v1/new_password?#{params.to_query}" assert_equal Task::Status::ACTIVE, task.reload.status assert !user.reload.authenticated?('secret') + json = JSON.parse(last_response.body) + assert_match /doesn't match/, json['message'] + assert_equal 400, last_response.status end should 'render not found when provide a wrong code on password change' do params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'} patch "/api/v1/new_password?#{params.to_query}" - assert_equal 404, last_response.status + json = JSON.parse(last_response.body) + assert_match /Couldn't find/, json['message'] + + assert_equal 400, last_response.status end should 'not return private token when the registered user is inactive' do -- libgit2 0.21.2