Show password reset expired message rather than server error if that's what has happened

2024-11-07 20:31:06 -05:00 · 2014-10-08 17:18:24 +01:00 · 2014-10-08 17:18:24 +01:00 · accd8207b2
commit accd8207b2
parent 7258fadd17
4 changed files with 24 additions and 21 deletions
--- a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
+++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
@ -34,9 +34,10 @@ module.exports =
 	setNewUserPassword: (req, res)->
 		{passwordResetToken, password} = req.body
 		if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0
-			return res.send 500
-		PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err)->
-			if err?
-				res.send 500
-			else
+			return res.send 400
+		PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err, found) ->
+			return next(err) if err?
+			if found
 				res.send 200
+			else
+				res.send 404, {message: req.i18n.translate("password_reset_token_expired")}
--- a/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee
+++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee
@ -23,10 +23,11 @@ module.exports =
 					return callback(error) if error?
 					callback null, true

-	setNewUserPassword: (token, password, callback)->
+	setNewUserPassword: (token, password, callback = (error, found) ->)->
 		PasswordResetTokenHandler.getUserIdFromTokenAndExpire token, (err, user_id)->
 			if err then return callback(err)
 			if !user_id?
-				logger.err user_id:user_id, "token for password reset did not find user_id"
-				return callback("no user found")
-			AuthenticationManager.setUserPassword user_id, password, callback
+				return callback null, false
+			AuthenticationManager.setUserPassword user_id, password, (err) ->
+				if err then return callback(err)
+				callback null, true
--- a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee
@ -87,34 +87,34 @@ describe "PasswordResetController", ->
 	describe "setNewUserPassword", ->

 		it "should tell the user handler to reset the password", (done)->
-			@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
+			@PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, true)
 			@res.send = (code)=>
 				code.should.equal 200
 				@PasswordResetHandler.setNewUserPassword.calledWith(@token, @password).should.equal true
 				done()
 			@PasswordResetController.setNewUserPassword @req, @res

-		it "should send a 500 if there is an error", (done)->
-			@PasswordResetHandler.setNewUserPassword.callsArgWith(2, "error")
+		it "should send 404 if the token didn't work", (done)->
+			@PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, false)
 			@res.send = (code)=>
-				code.should.equal 500
+				code.should.equal 404
 				done()
 			@PasswordResetController.setNewUserPassword @req, @res

-		it "should error if there is no password", (done)->
+		it "should return 400 (Bad Request) if there is no password", (done)->
 			@req.body.password = ""
 			@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
 			@res.send = (code)=>
-				code.should.equal 500
+				code.should.equal 400
 				@PasswordResetHandler.setNewUserPassword.called.should.equal false
 				done()
 			@PasswordResetController.setNewUserPassword @req, @res

-		it "should error if there is no password", (done)->
+		it "should return 400 (Bad Request) if there is no passwordResetToken", (done)->
 			@req.body.passwordResetToken = ""
 			@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
 			@res.send = (code)=>
-				code.should.equal 500
+				code.should.equal 400
 				@PasswordResetHandler.setNewUserPassword.called.should.equal false
 				done()
 			@PasswordResetController.setNewUserPassword @req, @res
--- a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee
+++ b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee
@ -63,17 +63,18 @@ describe "PasswordResetHandler", ->

 	describe "setNewUserPassword", ->

-		it "should return err if no user id can be found", (done)->
+		it "should return false if no user id can be found", (done)->
 			@PasswordResetTokenHandler.getUserIdFromTokenAndExpire.callsArgWith(1)
-			@PasswordResetHandler.setNewUserPassword @token, @password, (err)=>
-				err.should.exists
+			@PasswordResetHandler.setNewUserPassword @token, @password, (err, found) =>
+				found.should.equal false
 				@AuthenticationManager.setUserPassword.called.should.equal false
 				done()		

 		it "should set the user password", (done)->
 			@PasswordResetTokenHandler.getUserIdFromTokenAndExpire.callsArgWith(1, null, @user_id)
 			@AuthenticationManager.setUserPassword.callsArgWith(2)
-			@PasswordResetHandler.setNewUserPassword @token, @password, (err)=>
+			@PasswordResetHandler.setNewUserPassword @token, @password, (err, found) =>
+				found.should.equal true
 				@AuthenticationManager.setUserPassword.calledWith(@user_id, @password).should.equal true
 				done()