From accd8207b2fd57bf3c9387b5cd6b1882797a711f Mon Sep 17 00:00:00 2001 From: James Allen Date: Wed, 8 Oct 2014 17:18:24 +0100 Subject: [PATCH] Show password reset expired message rather than server error if that's what has happened --- .../PasswordReset/PasswordResetController.coffee | 11 ++++++----- .../PasswordReset/PasswordResetHandler.coffee | 9 +++++---- .../PasswordResetControllerTests.coffee | 16 ++++++++-------- .../PasswordResetHandlerTests.coffee | 9 +++++---- 4 files changed, 24 insertions(+), 21 deletions(-) diff --git a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee index d5030cffaa..8b1a7b6e2c 100644 --- a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee +++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee @@ -34,9 +34,10 @@ module.exports = setNewUserPassword: (req, res)-> {passwordResetToken, password} = req.body if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0 - return res.send 500 - PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err)-> - if err? - res.send 500 + return res.send 400 + PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err, found) -> + return next(err) if err? + if found + res.send 200 else - res.send 200 \ No newline at end of file + res.send 404, {message: req.i18n.translate("password_reset_token_expired")} \ No newline at end of file diff --git a/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee b/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee index eee8d51a72..16f0cbbe43 100644 --- a/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee +++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee @@ -23,10 +23,11 @@ module.exports = return callback(error) if error? callback null, true - setNewUserPassword: (token, password, callback)-> + setNewUserPassword: (token, password, callback = (error, found) ->)-> PasswordResetTokenHandler.getUserIdFromTokenAndExpire token, (err, user_id)-> if err then return callback(err) if !user_id? - logger.err user_id:user_id, "token for password reset did not find user_id" - return callback("no user found") - AuthenticationManager.setUserPassword user_id, password, callback \ No newline at end of file + return callback null, false + AuthenticationManager.setUserPassword user_id, password, (err) -> + if err then return callback(err) + callback null, true \ No newline at end of file diff --git a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee index c7665e0546..a6590b31da 100644 --- a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee +++ b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee @@ -87,34 +87,34 @@ describe "PasswordResetController", -> describe "setNewUserPassword", -> it "should tell the user handler to reset the password", (done)-> - @PasswordResetHandler.setNewUserPassword.callsArgWith(2) + @PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, true) @res.send = (code)=> code.should.equal 200 @PasswordResetHandler.setNewUserPassword.calledWith(@token, @password).should.equal true done() @PasswordResetController.setNewUserPassword @req, @res - it "should send a 500 if there is an error", (done)-> - @PasswordResetHandler.setNewUserPassword.callsArgWith(2, "error") + it "should send 404 if the token didn't work", (done)-> + @PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, false) @res.send = (code)=> - code.should.equal 500 + code.should.equal 404 done() @PasswordResetController.setNewUserPassword @req, @res - it "should error if there is no password", (done)-> + it "should return 400 (Bad Request) if there is no password", (done)-> @req.body.password = "" @PasswordResetHandler.setNewUserPassword.callsArgWith(2) @res.send = (code)=> - code.should.equal 500 + code.should.equal 400 @PasswordResetHandler.setNewUserPassword.called.should.equal false done() @PasswordResetController.setNewUserPassword @req, @res - it "should error if there is no password", (done)-> + it "should return 400 (Bad Request) if there is no passwordResetToken", (done)-> @req.body.passwordResetToken = "" @PasswordResetHandler.setNewUserPassword.callsArgWith(2) @res.send = (code)=> - code.should.equal 500 + code.should.equal 400 @PasswordResetHandler.setNewUserPassword.called.should.equal false done() @PasswordResetController.setNewUserPassword @req, @res diff --git a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee index ce5aaa0f75..4e614b855b 100644 --- a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee +++ b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee @@ -63,17 +63,18 @@ describe "PasswordResetHandler", -> describe "setNewUserPassword", -> - it "should return err if no user id can be found", (done)-> + it "should return false if no user id can be found", (done)-> @PasswordResetTokenHandler.getUserIdFromTokenAndExpire.callsArgWith(1) - @PasswordResetHandler.setNewUserPassword @token, @password, (err)=> - err.should.exists + @PasswordResetHandler.setNewUserPassword @token, @password, (err, found) => + found.should.equal false @AuthenticationManager.setUserPassword.called.should.equal false done() it "should set the user password", (done)-> @PasswordResetTokenHandler.getUserIdFromTokenAndExpire.callsArgWith(1, null, @user_id) @AuthenticationManager.setUserPassword.callsArgWith(2) - @PasswordResetHandler.setNewUserPassword @token, @password, (err)=> + @PasswordResetHandler.setNewUserPassword @token, @password, (err, found) => + found.should.equal true @AuthenticationManager.setUserPassword.calledWith(@user_id, @password).should.equal true done()