fix: GET /accounts/{id} with user session (#214)

hoodiehq · Oct 22, 2016 · 4025365 · 4025365
1 parent f6328fa
commit 4025365
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 4 deletions.
diff --git a/routes/accounts.js b/routes/accounts.js
@@ -143,6 +143,15 @@ function accountRoutes (server, options, next) {
         throw error
       })
 
+      .catch(function (error) {
+        // pouchdb-admins throws MISSING_DOC with status 404 if the admin doc is not found
+        if (error.status === 404) {
+          throw errors.INVALID_SESSION
+        }
+
+        throw error
+      })
+
       .then(function () {
         return accounts.find(request.params.id, {
           sessionId: sessionId,
@@ -161,7 +170,13 @@ function accountRoutes (server, options, next) {
       .then(reply)
 
       .catch(function (error) {
-        reply(Boom.wrap(error, error.status))
+        if (error.status === 401) {
+          error.message = 'Session invalid'
+        }
+
+        error = errors.parse(error)
+
+        reply(Boom.create(error.status, error.message))
       })
     }
   }

diff --git a/tests/integration/routes/accounts/get-accounts-test.js b/tests/integration/routes/accounts/get-accounts-test.js
@@ -271,7 +271,8 @@ getServer(function (error, server) {
       var options = _.defaultsDeep({
         url: '/accounts/abc1234',
         headers: {
-          authorization: 'Session InvalidKey'
+          authorization: 'Session someInvalidSession',
+          accept: 'application/vnd.api+json'
         }
       }, routeOptions)
       server.inject(options, function (response) {
@@ -283,8 +284,22 @@ getServer(function (error, server) {
       })
     })
 
-    group.test('Not an admin', {todo: true}, function (t) {
-      t.end()
+    group.test('Not an admin', function (t) {
+      server.inject({
+        method: 'GET',
+        url: '/accounts/abc1234',
+        headers: {
+          // Session ID based on 'pat-doe', 'salt123', 'secret', 1209600
+          authorization: 'Session cGF0LWRvZToxMjc1MDA6zEZsQ1BuO-W8SthDSrg8KXQ8OlQ',
+          accept: 'application/vnd.api+json'
+        }
+      }, function (response) {
+        t.is(response.statusCode, 401, 'returns 401 status')
+        t.is(response.result.errors.length, 1, 'returns one error')
+        t.is(response.result.errors[0].title, 'Unauthorized', 'returns "Unauthorized" error')
+        t.is(response.result.errors[0].detail, 'Session invalid', 'returns Invalid session message')
+        t.end()
+      })
     })
 
     group.test('with ?include=profile', function (t) {