Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Return 422 (was 500) when empty body for sign up and account update #204

Merged
merged 1 commit into from
Apr 9, 2015
Merged

Return 422 (was 500) when empty body for sign up and account update #204

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions app/controllers/devise_token_auth/registrations_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
module DeviseTokenAuth
class RegistrationsController < DeviseTokenAuth::ApplicationController
before_filter :set_user_by_token, :only => [:destroy, :update]
before_filter :validate_sign_up_params, :only => :create
before_filter :validate_account_update_params, :only => :update
skip_after_filter :update_auth_header, :only => [:create, :destroy]

def create
Expand Down Expand Up @@ -134,5 +136,22 @@ def sign_up_params
def account_update_params
params.permit(devise_parameter_sanitizer.for(:account_update))
end

private

def validate_sign_up_params
validate_post_data sign_up_params, 'Please submit proper sign up data in request body.'
end

def validate_account_update_params
validate_post_data account_update_params, 'Please submit proper account update data in request body.'
end

def validate_post_data which, message
render json: {
status: 'error',
errors: [message]
}, status: :unprocessable_entity if which.empty?
end
end
end
53 changes: 53 additions & 0 deletions test/controllers/devise_token_auth/registrations_controller_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,32 @@

class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTest
describe DeviseTokenAuth::RegistrationsController do
describe 'Validate non-empty body' do
before do
# need to post empty data
post '/auth', {}

@resource = assigns(:resource)
@data = JSON.parse(response.body)
end

test 'request should fail' do
assert_equal 422, response.status
end

test 'returns error message' do
assert_not_empty @data['errors']
end

test 'return error status' do
assert_equal 'error', @data['status']
end

test 'user should not have been saved' do
assert @resource.nil?
end
end

describe "Successful registration" do
before do
@mails_sent = ActionMailer::Base.deliveries.count
Expand Down Expand Up @@ -416,6 +442,33 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
end
end

describe 'validate non-empty body' do
before do
# get the email so we can check it wasn't updated
@email = @existing_user.email
put '/auth', {}, @auth_headers

@data = JSON.parse(response.body)
@existing_user.reload
end

test 'request should fail' do
assert_equal 422, response.status
end

test 'returns error message' do
assert_not_empty @data['errors']
end

test 'return error status' do
assert_equal 'error', @data['status']
end

test 'user should not have been saved' do
assert_equal @email, @existing_user.email
end
end

describe "error" do
before do
# test invalid update param
Expand Down