diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 2a5005bfde2..e8d2c9ef9c1 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -545,12 +545,22 @@ class UsersController < ApplicationController } end else - render json: { - is_developer: UsernameCheckerService.is_developer?(@user&.email), - admin: @user&.admin?, - second_factor_required: !valid_second_factor, - backup_enabled: @user&.backup_codes_enabled? - } + if @error || @user&.errors&.any? + render json: { + success: false, + message: @error, + errors: @user&.errors&.to_hash, + is_developer: UsernameCheckerService.is_developer?(@user&.email), + admin: @user&.admin? + } + else + render json: { + is_developer: UsernameCheckerService.is_developer?(@user.email), + admin: @user.admin?, + second_factor_required: !valid_second_factor, + backup_enabled: @user.backup_codes_enabled? + } + end end end end diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index 52d9cc90fde..f6f1cafa000 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -122,11 +122,9 @@ describe UsersController do end context 'missing token' do - before do - get "/u/password-reset/#{token}" - end - it 'disallows login' do + get "/u/password-reset/#{token}" + expect(response.status).to eq(200) expect(CGI.unescapeHTML(response.body)) @@ -138,6 +136,14 @@ describe UsersController do expect(session[:current_user_id]).to be_blank end + + it "responds with proper error message" do + get "/u/password-reset/#{token}.json" + + expect(response.status).to eq(200) + expect(JSON.parse(response.body)["message"]).to eq(I18n.t('password_reset.no_token')) + expect(session[:current_user_id]).to be_blank + end end context 'invalid token' do