Merge pull request #204 from mchavarriagam/issue/203

Return 422 (was 500) when empty body for sign up and account update. Fixes #203
lynndylanhurley · Apr 9, 2015 · 16d1993 · 16d1993
2 parents f296406 + 180d69e
commit 16d1993
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 0 deletions.
diff --git a/app/controllers/devise_token_auth/registrations_controller.rb b/app/controllers/devise_token_auth/registrations_controller.rb
@@ -1,6 +1,8 @@
 module DeviseTokenAuth
   class RegistrationsController < DeviseTokenAuth::ApplicationController
     before_filter :set_user_by_token, :only => [:destroy, :update]
+    before_filter :validate_sign_up_params, :only => :create
+    before_filter :validate_account_update_params, :only => :update
     skip_after_filter :update_auth_header, :only => [:create, :destroy]
 
     def create
@@ -137,5 +139,22 @@ def sign_up_params
     def account_update_params
       params.permit(devise_parameter_sanitizer.for(:account_update))
     end
+
+    private
+
+    def validate_sign_up_params
+      validate_post_data sign_up_params, 'Please submit proper sign up data in request body.'
+    end
+
+    def validate_account_update_params
+      validate_post_data account_update_params, 'Please submit proper account update data in request body.'
+    end
+
+    def validate_post_data which, message
+      render json: {
+         status: 'error',
+         errors: [message]
+      }, status: :unprocessable_entity if which.empty?
+    end
   end
 end
diff --git a/test/controllers/devise_token_auth/registrations_controller_test.rb b/test/controllers/devise_token_auth/registrations_controller_test.rb
@@ -9,6 +9,32 @@
 
 class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTest
   describe DeviseTokenAuth::RegistrationsController do
+    describe 'Validate non-empty body' do
+      before do
+        # need to post empty data
+        post '/auth', {}
+
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+      end
+
+      test 'request should fail' do
+        assert_equal 422, response.status
+      end
+
+      test 'returns error message' do
+        assert_not_empty @data['errors']
+      end
+
+      test 'return error status' do
+        assert_equal 'error', @data['status']
+      end
+
+      test 'user should not have been saved' do
+        assert @resource.nil?
+      end
+    end
+
     describe "Successful registration" do
       before do
         @mails_sent = ActionMailer::Base.deliveries.count
@@ -416,6 +442,33 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
           end
         end
 
+        describe 'validate non-empty body' do
+          before do
+            # get the email so we can check it wasn't updated
+            @email = @existing_user.email
+            put '/auth', {}, @auth_headers
+
+            @data = JSON.parse(response.body)
+            @existing_user.reload
+          end
+
+          test 'request should fail' do
+            assert_equal 422, response.status
+          end
+
+          test 'returns error message' do
+            assert_not_empty @data['errors']
+          end
+
+          test 'return error status' do
+            assert_equal 'error', @data['status']
+          end
+
+          test 'user should not have been saved' do
+            assert_equal @email, @existing_user.email
+          end
+        end
+
         describe "error" do
           before do
             # test invalid update param