fix(updateMyCurrentChallenge): Bad mongo id will return user error
Mark these errors to be reported to the user instead of logged as a server fault
This commit is contained in:
Berkeley Martinez
@ -3,13 +3,13 @@ import { Observable } from 'rx';
|
||||
import dedent from 'dedent';
|
||||
// import debugFactory from 'debug';
|
||||
import { isEmail } from 'validator';
|
||||
import { check, validationResult } from 'express-validator/check';
|
||||
import { check } from 'express-validator/check';
|
||||
|
||||
import { ifUserRedirectTo } from '../utils/middleware';
|
||||
import {
|
||||
wrapHandledError,
|
||||
createValidatorErrorFormatter
|
||||
} from '../utils/create-handled-error.js';
|
||||
ifUserRedirectTo,
|
||||
createValidatorErrorHandler
|
||||
} from '../utils/middleware';
|
||||
import { wrapHandledError } from '../utils/create-handled-error.js';
|
||||
|
||||
const isSignUpDisabled = !!process.env.DISABLE_SIGNUP;
|
||||
// const debug = debugFactory('fcc:boot:auth');
|
||||
@ -82,13 +82,6 @@ module.exports = function enableAuthentication(app) {
|
||||
token: authTokenId
|
||||
} = {}
|
||||
} = req;
|
||||
const validation = validationResult(req)
|
||||
.formatWith(createValidatorErrorFormatter('errors', '/email-signup'));
|
||||
|
||||
if (!validation.isEmpty()) {
|
||||
const errors = validation.array();
|
||||
return next(errors.pop());
|
||||
}
|
||||
|
||||
const email = User.decodeEmail(encodedEmail);
|
||||
if (!isEmail(email)) {
|
||||
@ -188,6 +181,7 @@ module.exports = function enableAuthentication(app) {
|
||||
'/passwordless-auth',
|
||||
ifUserRedirect,
|
||||
passwordlessGetValidators,
|
||||
createValidatorErrorHandler('errors', '/email-signup'),
|
||||
getPasswordlessAuth
|
||||
);
|
||||
|
||||
@ -198,12 +192,6 @@ module.exports = function enableAuthentication(app) {
|
||||
];
|
||||
function postPasswordlessAuth(req, res, next) {
|
||||
const { body: { email } = {} } = req;
|
||||
const validation = validationResult(req)
|
||||
.formatWith(createValidatorErrorFormatter('errors', '/email-signup'));
|
||||
if (!validation.isEmpty()) {
|
||||
const errors = validation.array();
|
||||
return next(errors.pop());
|
||||
}
|
||||
|
||||
return User.findOne$({ where: { email } })
|
||||
.flatMap(_user => Observable.if(
|
||||
@ -222,6 +210,7 @@ module.exports = function enableAuthentication(app) {
|
||||
'/passwordless-auth',
|
||||
ifUserRedirect,
|
||||
passwordlessPostValidators,
|
||||
createValidatorErrorHandler('errors', '/email-signup'),
|
||||
postPasswordlessAuth
|
||||
);
|
||||
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
import { isMongoId } from 'validator';
|
||||
import { check } from 'express-validator/check';
|
||||
|
||||
import { ifNoUser401 } from '../utils/middleware';
|
||||
import {
|
||||
ifNoUser401,
|
||||
createValidatorErrorHandler
|
||||
} from '../utils/middleware';
|
||||
import supportedLanguages from '../../common/utils/supported-languages.js';
|
||||
|
||||
export default function settingsController(app) {
|
||||
@ -51,11 +54,14 @@ export default function settingsController(app) {
|
||||
);
|
||||
}
|
||||
|
||||
const updateMyCurrentChallengeValidators = [
|
||||
check('currentChallengeId')
|
||||
.isMongoId()
|
||||
.withMessage('currentChallengeId is not a valid challenge ID')
|
||||
];
|
||||
|
||||
function updateMyCurrentChallenge(req, res, next) {
|
||||
const { user, body: { currentChallengeId } } = req;
|
||||
if (!isMongoId('' + currentChallengeId)) {
|
||||
return next(new Error(`${currentChallengeId} is not a valid ObjectId`));
|
||||
}
|
||||
return user.update$({ currentChallengeId }).subscribe(
|
||||
() => res.json({
|
||||
message:
|
||||
@ -65,6 +71,14 @@ export default function settingsController(app) {
|
||||
);
|
||||
}
|
||||
|
||||
api.post(
|
||||
'/update-my-current-challenge',
|
||||
ifNoUser401,
|
||||
updateMyCurrentChallengeValidators,
|
||||
createValidatorErrorHandler('errors'),
|
||||
updateMyCurrentChallenge
|
||||
);
|
||||
|
||||
function updateMyTheme(req, res, next) {
|
||||
req.checkBody('theme', 'Theme is invalid.').isLength({ min: 4 });
|
||||
const { body: { theme } } = req;
|
||||
@ -117,13 +131,6 @@ export default function settingsController(app) {
|
||||
ifNoUser401,
|
||||
updateMyLang
|
||||
);
|
||||
|
||||
api.post(
|
||||
'/update-my-current-challenge',
|
||||
ifNoUser401,
|
||||
updateMyCurrentChallenge
|
||||
);
|
||||
|
||||
api.post(
|
||||
'/update-my-theme',
|
||||
ifNoUser401,
|
||||
|
||||
@ -18,6 +18,7 @@ export function wrapHandledError(err, {
|
||||
return err;
|
||||
}
|
||||
|
||||
// for use with express-validator error formatter
|
||||
export const createValidatorErrorFormatter = (type, redirectTo, status) =>
|
||||
({ msg }) => wrapHandledError(
|
||||
new Error(msg),
|
||||
|
||||
@ -1,4 +1,7 @@
|
||||
import dedent from 'dedent';
|
||||
import { validationResult } from 'express-validator/check';
|
||||
|
||||
import { createValidatorErrorFormatter } from './create-handled-error.js';
|
||||
|
||||
export function ifNoUserRedirectTo(url, message, type = 'errors') {
|
||||
return function(req, res, next) {
|
||||
@ -56,3 +59,16 @@ export function ifUserRedirectTo(path = '/', status) {
|
||||
return next();
|
||||
};
|
||||
}
|
||||
|
||||
// for use with express-validator error formatter
|
||||
export const createValidatorErrorHandler = (...args) => (req, res, next) => {
|
||||
const validation = validationResult(req)
|
||||
.formatWith(createValidatorErrorFormatter(...args));
|
||||
|
||||
if (!validation.isEmpty()) {
|
||||
const errors = validation.array();
|
||||
return next(errors.pop());
|
||||
}
|
||||
|
||||
return next();
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user