fix(user/settings): Add theme server validations

2018-01-29 11:26:24 -08:00
parent b8f8ea80cf
commit ae3ccdd672
6 changed files with 47 additions and 34 deletions
--- a/server/boot/settings.js
+++ b/server/boot/settings.js
@@ -5,6 +5,7 @@ import {
  createValidatorErrorHandler
 } from '../utils/middleware';
 import supportedLanguages from '../../common/utils/supported-languages.js';
+import { themes } from '../../common/utils/themes.js';

 export default function settingsController(app) {
  const api = app.loopback.Router();
@@ -79,22 +80,29 @@ export default function settingsController(app) {
    updateMyCurrentChallenge
  );

+  const updateMyThemeValidators = [
+    check('theme')
+      .isIn(Object.keys(themes))
+      .withMessage('Theme is invalid.')
+  ];
  function updateMyTheme(req, res, next) {
-    req.checkBody('theme', 'Theme is invalid.').isLength({ min: 4 });
    const { body: { theme } } = req;
-    const errors = req.validationErrors(true);
-    if (errors) {
-      return res.status(403).json({ errors });
-    }
    if (req.user.theme === theme) {
-      return res.json({ msg: 'Theme already set' });
+      return res.sendFlash('info', 'Theme already set');
    }
-    return req.user.updateTheme('' + theme)
+    return req.user.updateTheme(theme)
      .then(
-        data => res.json(data),
+        () => res.sendFlash('info', 'Your theme has been updated'),
        next
      );
  }
+  api.post(
+    '/update-my-theme',
+    ifNoUser401,
+    updateMyThemeValidators,
+    createValidatorErrorHandler('errors'),
+    updateMyTheme
+  );

  api.post(
    '/toggle-available-for-hire',
@@ -131,11 +139,6 @@ export default function settingsController(app) {
    ifNoUser401,
    updateMyLang
  );
-  api.post(
-    '/update-my-theme',
-    ifNoUser401,
-    updateMyTheme
-  );

  app.use(api);
 }
--- a/server/utils/create-handled-error.js
+++ b/server/utils/create-handled-error.js
@@ -19,13 +19,14 @@ export function wrapHandledError(err, {
 }

 // for use with express-validator error formatter
-export const createValidatorErrorFormatter = (type, redirectTo, status) =>
+export const createValidatorErrorFormatter = (type, redirectTo) =>
  ({ msg }) => wrapHandledError(
    new Error(msg),
    {
      type,
      message: msg,
      redirectTo,
-      status
+      // we default to 400 as these are malformed requests
+      status: 400
    }
  );