[Git][noosfero/noosfero][master] 2 commits: new_password: rescue exceptions on api requests
Victor Costa
gitlab at mg.gitlab.com
Thu Jul 28 11:52:07 BRT 2016
Victor Costa pushed to branch master at Noosfero / noosfero
Commits:
669bea95 by Daniela Soares Feitosa at 2016-07-27T11:51:45-03:00
new_password: rescue exceptions on api requests
- - - - -
c61cef1f by Victor Costa at 2016-07-28T14:50:06+00:00
Merge branch 'api_new_password' into 'master'
new_password: rescue exceptions on api requests
See merge request !989
- - - - -
2 changed files:
- app/api/v1/session.rb
- test/api/session_test.rb
Changes:
=====================================
app/api/v1/session.rb
=====================================
--- a/app/api/v1/session.rb
+++ b/app/api/v1/session.rb
@@ -141,14 +141,13 @@ module Api
# Example Request:
# PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
patch "/new_password" do
- change_password = ChangePassword.find_by code: params[:code]
- not_found! if change_password.nil?
-
- if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation])
+ begin
+ change_password = ChangePassword.find_by! code: params[:code]
+ change_password.update_attributes!(:password => params[:password], :password_confirmation => params[:password_confirmation])
change_password.finish
present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person
- else
- something_wrong!
+ rescue Exception => ex
+ render_api_error!(ex.message, 400)
end
end
=====================================
test/api/session_test.rb
=====================================
--- a/test/api/session_test.rb
+++ b/test/api/session_test.rb
@@ -178,13 +178,19 @@ class SessionTest < ActiveSupport::TestCase
patch "/api/v1/new_password?#{params.to_query}"
assert_equal Task::Status::ACTIVE, task.reload.status
assert !user.reload.authenticated?('secret')
+ json = JSON.parse(last_response.body)
+ assert_match /doesn't match/, json['message']
+
assert_equal 400, last_response.status
end
should 'render not found when provide a wrong code on password change' do
params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
patch "/api/v1/new_password?#{params.to_query}"
- assert_equal 404, last_response.status
+ json = JSON.parse(last_response.body)
+ assert_match /Couldn't find/, json['message']
+
+ assert_equal 400, last_response.status
end
should 'not return private token when the registered user is inactive' do
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/775ee2a5e0f537e73dcf08fa86ce53cdb3d829f2...c61cef1f337380a215bffc48f290e8b4755535bb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160728/db5744f1/attachment-0001.html>
More information about the Noosfero-dev
mailing list