FIX: respond with proper error message if user not found
This commit is contained in:
parent
539f1c6252
commit
10cc698df3
|
@ -545,12 +545,22 @@ class UsersController < ApplicationController
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
|
if @error || @user&.errors&.any?
|
||||||
render json: {
|
render json: {
|
||||||
|
success: false,
|
||||||
|
message: @error,
|
||||||
|
errors: @user&.errors&.to_hash,
|
||||||
is_developer: UsernameCheckerService.is_developer?(@user&.email),
|
is_developer: UsernameCheckerService.is_developer?(@user&.email),
|
||||||
admin: @user&.admin?,
|
admin: @user&.admin?
|
||||||
second_factor_required: !valid_second_factor,
|
|
||||||
backup_enabled: @user&.backup_codes_enabled?
|
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
render json: {
|
||||||
|
is_developer: UsernameCheckerService.is_developer?(@user.email),
|
||||||
|
admin: @user.admin?,
|
||||||
|
second_factor_required: !valid_second_factor,
|
||||||
|
backup_enabled: @user.backup_codes_enabled?
|
||||||
|
}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -122,11 +122,9 @@ describe UsersController do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'missing token' do
|
context 'missing token' do
|
||||||
before do
|
|
||||||
get "/u/password-reset/#{token}"
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'disallows login' do
|
it 'disallows login' do
|
||||||
|
get "/u/password-reset/#{token}"
|
||||||
|
|
||||||
expect(response.status).to eq(200)
|
expect(response.status).to eq(200)
|
||||||
|
|
||||||
expect(CGI.unescapeHTML(response.body))
|
expect(CGI.unescapeHTML(response.body))
|
||||||
|
@ -138,6 +136,14 @@ describe UsersController do
|
||||||
|
|
||||||
expect(session[:current_user_id]).to be_blank
|
expect(session[:current_user_id]).to be_blank
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "responds with proper error message" do
|
||||||
|
get "/u/password-reset/#{token}.json"
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(JSON.parse(response.body)["message"]).to eq(I18n.t('password_reset.no_token'))
|
||||||
|
expect(session[:current_user_id]).to be_blank
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'invalid token' do
|
context 'invalid token' do
|
||||||
|
|
Loading…
Reference in New Issue