[Git][noosfero/noosfero][master] 2 commits: new_password: rescue exceptions on api requests

Thu Jul 28 11:52:07 BRT 2016

Victor Costa pushed to branch master at Noosfero / noosfero


Commits:
669bea95 by Daniela Soares Feitosa at 2016-07-27T11:51:45-03:00
new_password: rescue exceptions on api requests

- - - - -
c61cef1f by Victor Costa at 2016-07-28T14:50:06+00:00
Merge branch 'api_new_password' into 'master'

new_password: rescue exceptions on api requests



See merge request !989
- - - - -


2 changed files:

- app/api/v1/session.rb
- test/api/session_test.rb


Changes:

=====================================
app/api/v1/session.rb
=====================================

--- a/app/api/v1/session.rb
+++ b/app/api/v1/session.rb
@@ -141,14 +141,13 @@ module Api
       # Example Request:
       #   PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
       patch "/new_password" do
-        change_password = ChangePassword.find_by code: params[:code]
-        not_found! if change_password.nil?
-
-        if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation])
+        begin
+          change_password = ChangePassword.find_by! code: params[:code]
+          change_password.update_attributes!(:password => params[:password], :password_confirmation => params[:password_confirmation])
           change_password.finish
           present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person
-        else
-          something_wrong!
+        rescue Exception => ex
+          render_api_error!(ex.message, 400)
         end
       end
 


=====================================
test/api/session_test.rb
=====================================
--- a/test/api/session_test.rb
+++ b/test/api/session_test.rb
@@ -178,13 +178,19 @@ class SessionTest < ActiveSupport::TestCase
     patch "/api/v1/new_password?#{params.to_query}"
     assert_equal Task::Status::ACTIVE, task.reload.status
     assert !user.reload.authenticated?('secret')
+    json = JSON.parse(last_response.body)
+    assert_match /doesn't match/, json['message']
+
     assert_equal 400, last_response.status
   end
 
   should 'render not found when provide a wrong code on password change' do
     params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
     patch "/api/v1/new_password?#{params.to_query}"
-    assert_equal 404, last_response.status
+    json = JSON.parse(last_response.body)
+    assert_match /Couldn't find/, json['message']
+
+    assert_equal 400, last_response.status
   end
 
   should 'not return private token when the registered user is inactive' do



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/775ee2a5e0f537e73dcf08fa86ce53cdb3d829f2...c61cef1f337380a215bffc48f290e8b4755535bb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160728/db5744f1/attachment-0001.html>
