From 669bea9556b8ae17f9e1352a885ae8a9cf75fe34 Mon Sep 17 00:00:00 2001
From: Daniela Soares Feitosa <danielafeitosa@colivre.coop.br>
Date: Wed, 27 Jul 2016 11:51:45 -0300
Subject: [PATCH] new_password: rescue exceptions on api requests

---
 app/api/v1/session.rb    | 11 +++++------
 test/api/session_test.rb |  8 +++++++-
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/app/api/v1/session.rb b/app/api/v1/session.rb
index 7d02ef2..5752d05 100644
--- a/app/api/v1/session.rb
+++ b/app/api/v1/session.rb
@@ -141,14 +141,13 @@ module Api
       # Example Request:
       #   PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
       patch "/new_password" do
-        change_password = ChangePassword.find_by code: params[:code]
-        not_found! if change_password.nil?
-
-        if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation])
+        begin
+          change_password = ChangePassword.find_by! code: params[:code]
+          change_password.update_attributes!(:password => params[:password], :password_confirmation => params[:password_confirmation])
           change_password.finish
           present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person
-        else
-          something_wrong!
+        rescue Exception => ex
+          render_api_error!(ex.message, 400)
         end
       end
 
diff --git a/test/api/session_test.rb b/test/api/session_test.rb
index 080818a..3b2ef79 100644
--- a/test/api/session_test.rb
+++ b/test/api/session_test.rb
@@ -178,13 +178,19 @@ class SessionTest < ActiveSupport::TestCase
     patch "/api/v1/new_password?#{params.to_query}"
     assert_equal Task::Status::ACTIVE, task.reload.status
     assert !user.reload.authenticated?('secret')
+    json = JSON.parse(last_response.body)
+    assert_match /doesn't match/, json['message']
+
     assert_equal 400, last_response.status
   end
 
   should 'render not found when provide a wrong code on password change' do
     params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
     patch "/api/v1/new_password?#{params.to_query}"
-    assert_equal 404, last_response.status
+    json = JSON.parse(last_response.body)
+    assert_match /Couldn't find/, json['message']
+
+    assert_equal 400, last_response.status
   end
 
   should 'not return private token when the registered user is inactive' do
--
libgit2 0.21.2