Handle non-objects in the user_controller

2017-07-31 08:40:01 -05:00 · 2017-07-31 08:40:01 -05:00 · 48443c4ee2
parent 1af81cfed3
commit 48443c4ee2
3 changed files with 29 additions and 11 deletions
--- a/app/controllers/api/tokens_controller.rb
+++ b/app/controllers/api/tokens_controller.rb
@ -4,10 +4,13 @@ module Api
    skip_before_action :check_fbos_version, only: :create
    CREDS    = Auth::CreateTokenFromCredentials
    NO_CREDS = Auth::CreateToken
+    NO_USER_ATTR = "API requets need a `user` attribute that is a JSON object."

    def create
-      klass = (auth_params[:credentials]) ? CREDS : NO_CREDS
-      mutate klass.run(auth_params).tap{ |result| maybe_halt_login(result) }
+      if_properly_formatted do |auth_params|
+        klass = (auth_params[:credentials]) ? CREDS : NO_CREDS
+        mutate klass.run(auth_params).tap { |result| maybe_halt_login(result) }
+      end
    end

    private
@ -16,14 +19,19 @@ module Api
      result.result[:user].try(:require_consent!) if result.success?
    end

-    def auth_params
+    def if_properly_formatted
      user = params.as_json.deep_symbolize_keys.fetch(:user, {})
-
-      { email:          user.fetch(:email, "").downcase,
-        password:       user[:password],
-        credentials:    user[:credentials],
-        agree_to_terms: !!user[:agree_to_terms],
-        host:           $API_URL }
+      # If data handling for this method gets any more complicated,
+      # extract into a mutation.
+      if(user.is_a?(Hash))
+        yield({ email:          user.fetch(:email, "").downcase,
+                password:       user[:password],
+                credentials:    user[:credentials],
+                agree_to_terms: !!user[:agree_to_terms],
+                host:           $API_URL })
+      else
+        render json: {error: NO_USER_ATTR}, status: 422
+      end
    end
  end
 end
--- a/spec/controllers/api/tokens/tokens_controller_create_spec.rb
+++ b/spec/controllers/api/tokens/tokens_controller_create_spec.rb
@ -13,5 +13,12 @@ describe Api::TokensController do
      expect(token[:iss].last).not_to eq("/") # Trailing slashes are BAD!
      expect(token[:iss]).to include($API_URL)
    end
+
+    it 'handles bad params' do
+      err_msg = Api::TokensController::NO_USER_ATTR
+      payload = {user: "NOPE!"}
+      post :create, params: payload
+      expect(json[:error]).to include(err_msg)
+    end
  end
 end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -9,9 +9,12 @@ SimpleCov.start do
 end

 require 'codecov'
-SimpleCov.formatter = SimpleCov::Formatter::Codecov
+SimpleCov.formatters = SimpleCov::Formatter::MultiFormatter.new([
+  SimpleCov::Formatter::HTMLFormatter,
+  SimpleCov::Formatter::Codecov,
+])
 require 'pry'
-# This file is copied to spec/ when you run 'rails generate rspec:install'
+
 ENV['RAILS_ENV'] ||= 'test'
 require File.expand_path('../../config/environment', __FILE__)
 require 'rspec/rails'