issue #724 closed

0a4a021e · Arturo Montejo Ráez · df6f0dd0 · 0a4a021e · 0a4a021e · 0a4a021e
Commit 0a4a021e authored Dec 30, 2016 by Arturo Montejo Ráez
Showing with 93 additions and 54 deletions
sails/src/api/controllers/StudentController.js
sails/src/api/responses/badRequest.js
sails/src/api/responses/notFound.js
sails/src/api/responses/serverError.js
sails/src/api/responses/unauthorized.js
--- a/sails/src/api/controllers/StudentController.js
+++ b/sails/src/api/controllers/StudentController.js
@@ -43,42 +43,48 @@ module.exports = {
   *     token: '... asd90jkas ...',
   *     server_time: 123912932312
   *   }
+   * @param {response} Errors:
+   *   - 400 (Bad request) with error message "Missing parameters"
+   *   - 401 (Unauthorized) with error message "Student has an invalid license"
+   *   - 401 (Unauthorized) with error message "Invalid username/password"
+   *   - 404 (Not found) with error message "Student not found"
+   *   - 500 (Server error) with error message "Error when connecting to database"
   */
  login: function (req, res) {
    var bcrypt = require('bcrypt-nodejs');
-    Student.findOne({
+    if (!req.body.username || !req.body.password)
-        username: req.body.username
+      return res.badRequest("Missing parameters");
-      })
+    Student.findOne({ username: req.body.username })
-      .populate('license')
+    .populate('license')
-      .then(function (student) {
+    .then(function (student) {
-        if (student) {
+      if (student) {
-          if (bcrypt.compareSync(req.body.password, student.password)) {
+        if (bcrypt.compareSync(req.body.password, student.password)) {
-            student.isStudent = true;
+          student.isStudent = true;
-            if (!student.license || !student.license[0] || student.license[0].hasExpired()) {
+          if (!student.license || !student.license[0] || student.license[0].hasExpired()) {
-              sails.log.error(`Tried to login with non valid license ${req.body.username}`);
+            sails.log.error(`Tried to login with non valid license ${req.body.username}`);
-              return res.badRequest("Student has an invalid license");
+            return res.unauthorized("Student has an invalid license");
-            } else
+          } else
-              student = student.toObject(); // to enable overwrite license field
+            student = student.toObject(); // to enable overwrite license field
-              student.license = student.license[0];
+            student.license = student.license[0];
-              return res.ok({
+            return res.ok({
-                user: student,
+              user: student,
-                token: sailsTokenAuth.issueToken(student, sails.config.jwt.expiresInMinutes),
+              token: sailsTokenAuth.issueToken(student, sails.config.jwt.expiresInMinutes),
-                server_time: (new Date()).getTime()
+              server_time: (new Date()).getTime()
-              });
+            });
-          } else {
-            sails.log.error(`Invalid student login: user ${student.username}, password\
-              "${req.body.password}"`);
-            res.badRequest();
-          }
        } else {
-          sails.log.error(`Tried to login as non-existing student ${req.body.username}`);
+          sails.log.error(`Invalid student login: user ${student.username}, password\
-          res.badRequest();
+            "${req.body.password}"`);
+          res.unauthorized("Invalid username/password");
        }
-      })
+      } else {
-      .catch(function () {
+        sails.log.error(`Tried to login as non-existing student ${req.body.username}`);
-        sails.log.error(`Error getting student ${req.body.username} for login`);
+        res.notFound("Student not found");
-        res.serverError();
+      }
-      });
+    })
+    .catch(function () {
+      sails.log.error(`Error getting student ${req.body.username} for login`);
+      res.serverError("Error when connecting to database");
+    });
  },
  /**

--- a/sails/src/api/responses/badRequest.js
+++ b/sails/src/api/responses/badRequest.js
@@ -31,13 +31,6 @@ module.exports = function badRequest(data, options) {
  }
  else sails.log.verbose('Sending 400 ("Bad Request") response');
-  // Only include errors in response if application environment
-  // is not set to 'production'.  In production, we shouldn't
-  // send back any identifying information about errors.
-  if (sails.config.environment === 'production') {
-    data = undefined;
-  }
  // If the user-agent wants JSON, always respond with JSON
  if (req.wantsJSON) {
    return res.jsonx(data);
@@ -61,4 +54,3 @@ module.exports = function badRequest(data, options) {
  });
 };
--- a/sails/src/api/responses/notFound.js
+++ b/sails/src/api/responses/notFound.js
@@ -33,13 +33,6 @@ module.exports = function notFound (data, options) {
  }
  else sails.log.verbose('Sending 404 ("Not Found") response');
-  // Only include errors in response if application environment
-  // is not set to 'production'.  In production, we shouldn't
-  // send back any identifying information about errors.
-  if (sails.config.environment === 'production') {
-    data = undefined;
-  }
  // If the user-agent wants JSON, always respond with JSON
  if (req.wantsJSON) {
    return res.jsonx(data);
@@ -79,4 +72,3 @@ module.exports = function notFound (data, options) {
  });
 };
--- a/sails/src/api/responses/serverError.js
+++ b/sails/src/api/responses/serverError.js
@@ -28,13 +28,6 @@ module.exports = function serverError (data, options) {
  }
  else sails.log.error('Sending empty 500 ("Server Error") response');
-  // Only include errors in response if application environment
-  // is not set to 'production'.  In production, we shouldn't
-  // send back any identifying information about errors.
-  if (sails.config.environment === 'production') {
-    data = undefined;
-  }
  // If the user-agent wants JSON, always respond with JSON
  if (req.wantsJSON) {
    return res.jsonx(data);

--- a/sails/src/api/responses/unauthorized.js
+++ b/sails/src/api/responses/unauthorized.js
+/**
+ * 401 (Unauthorized) Handler
+ *
+ * Usage:
+ * return res.unauthorized();
+ * return res.unauthorized(data);
+ * return res.unauthorized(data, 'some/specific/badRequest/view');
+ *
+ * e.g.:
+ * ```
+ * return res.unauthorized(
+ *   'Invalid username',
+ *   'trial/signup'
+ * );
+ * ```
+ */
+module.exports = function unauthorized(data, options) {
+  // Get access to `req`, `res`, & `sails`
+  var req = this.req;
+  var res = this.res;
+  var sails = req._sails;
+  // Set status code
+  res.status(401);
+  // Log error to console
+  if (data !== undefined) {
+    sails.log.verbose('Sending 401 ("Unauthorized") response: \n',data);
+  }
+  else sails.log.verbose('Sending 401 ("Unauthorized") response');
+  // If the user-agent wants JSON, always respond with JSON
+  if (req.wantsJSON) {
+    return res.jsonx(data);
+  }
+  // If second argument is a string, we take that to mean it refers to a view.
+  // If it was omitted, use an empty object (`{}`)
+  options = (typeof options === 'string') ? { view: options } : options || {};
+  // If a view was provided in options, serve it.
+  // Otherwise try to guess an appropriate view, or if that doesn't
+  // work, just send JSON.
+  if (options.view) {
+    return res.view(options.view, { data: data });
+  }
+  // If no second argument provided, try to serve the implied view,
+  // but fall back to sending JSON(P) if no view can be inferred.
+  else return res.guessView({ data: data }, function couldNotGuessView () {
+    return res.jsonx(data);
+  });
+};