Merge branch 'master' into session-get-by-bearer-token-missing-return…

…-promise
getodk · Jan 30, 2025 · c7a63b7 · c7a63b7
2 parents d41a2b0 + 20e27f3
commit c7a63b7
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 6 deletions.
diff --git a/lib/resources/users.js b/lib/resources/users.js
@@ -56,7 +56,7 @@ module.exports = (service, endpoint) => {
 
     // TODO/SECURITY: subtle timing attack here.
     service.post('/users/reset/initiate', endpoint(({ Users, mail }, { auth, body, query }) =>
-      Users.getByEmail(body.email)
+      (!body.email ? Problem.user.missingParameter({ field: 'email' }) : Users.getByEmail(body.email)
         .then((maybeUser) => maybeUser
           .map((user) => ((isTrue(query.invalidate))
             ? auth.canOrReject('user.password.invalidate', user.actor)
@@ -71,7 +71,7 @@ module.exports = (service, endpoint) => {
               .then((existed) => ((existed === true)
                 ? mail(body.email, 'accountResetDeleted')
                 : resolve()))))
-          .then(success))));
+          .then(success)))));
 
     // TODO: some standard URL structure for RPC-style methods.
     service.post('/users/reset/verify', endpoint(({ Actors, Sessions, Users }, { body, auth }) =>

diff --git a/test/integration/api/datasets.js b/test/integration/api/datasets.js
@@ -8,7 +8,7 @@ const { getOrNotFound } = require('../../../lib/util/promise');
 const should = require('should');
 const { sql } = require('slonik');
 const { QueryOptions } = require('../../../lib/util/db');
-const { createConflict } = require('../fixtures/scenarios');
+const { createConflict } = require('../../util/scenarios');
 const { omit } = require('ramda');
 
 const { exhaust } = require(appRoot + '/lib/worker/worker');

diff --git a/test/integration/api/forms/test.js b/test/integration/api/forms/test.js
@@ -2,7 +2,7 @@ const config = require('config');
 const { testService } = require('../../setup');
 const testData = require('../../../data/xml');
 
-describe('api: /projects/:id/forms (testing drafts)', () => {
+describe('api: /test/:key/projects/:id/forms (testing drafts)', () => {
 
   ////////////////////////////////////////////////////////////////////////////////
   // DRAFT FORM TESTING

diff --git a/test/integration/api/projects.js b/test/integration/api/projects.js
@@ -5,7 +5,7 @@ const { testService } = require('../setup');
 const testData = require('../../data/xml');
 const { QueryOptions } = require('../../../lib/util/db');
 const { Actor } = require('../../../lib/model/frames');
-const { createConflict } = require('../fixtures/scenarios');
+const { createConflict } = require('../../util/scenarios');
 // eslint-disable-next-line import/no-dynamic-require
 const { exhaust } = require(appRoot + '/lib/worker/worker');
 

diff --git a/test/integration/api/users.js b/test/integration/api/users.js
@@ -401,6 +401,16 @@ describe('api: /users', () => {
             asAlice.post('/v1/users/reset/verify')
               .send({ new: 'coolpassword' })
               .expect(403))));
+
+        it('should fail the request if email field is sent blank in request body', testService((service) =>
+          service.login('alice', (asAlice) =>
+            asAlice.post('/v1/users/reset/initiate')
+              .send({ email: '' })
+              .expect(400)
+              .then(({ body: { code, details } }) => {
+                details.should.eql({ field: 'email' });
+                code.should.eql(400.2);
+              }))));
       });
     }
   });

diff --git a/test/integration/fixtures/scenarios.js → test/util/scenarios.js b/test/integration/fixtures/scenarios.js → test/util/scenarios.js
@@ -1,6 +1,6 @@
 const appRoot = require('app-root-path');
 const { exhaust } = require(appRoot + '/lib/worker/worker');
-const testData = require('../../data/xml');
+const testData = require(appRoot + '/test/data/xml');
 
 const createConflict = async (user, container) => {
   await user.post('/v1/projects/1/forms/simpleEntity/submissions')