FIX: handle invalid password reset token

2018-01-09 23:31:59 +05:30 · 2018-01-09 23:31:59 +05:30 · 672888f526
parent c1cb6053b7
commit 672888f526
2 changed files with 14 additions and 6 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -504,8 +504,8 @@ class UsersController < ApplicationController
              success: false,
              message: @error,
              errors: @user&.errors&.to_hash,
-              is_developer: UsernameCheckerService.is_developer?(@user.email),
-              admin: @user.admin?
+              is_developer: UsernameCheckerService.is_developer?(@user&.email),
+              admin: @user&.admin?
            }
          else
            render json: {
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -303,11 +303,9 @@ describe UsersController do
    context 'invalid token' do
      render_views

-      before do
-        get :password_reset, params: { token: "evil_trout!" }
-      end
-
      it 'disallows login' do
+        get :password_reset, params: { token: "evil_trout!" }
+
        expect(response).to be_success

        expect(CGI.unescapeHTML(response.body))
@ -319,6 +317,16 @@ describe UsersController do

        expect(session[:current_user_id]).to be_blank
      end
+
+      it "responds with proper error message" do
+        put :password_reset, params: {
+          token: "evil_trout!", password: "awesomeSecretPassword"
+        }, format: :json
+
+        expect(response).to be_success
+        expect(JSON.parse(response.body)["message"]).to eq(I18n.t('password_reset.no_token'))
+        expect(session[:current_user_id]).to be_blank
+      end
    end

    context 'valid token' do