Replace 404 errors

This commit is contained in:
Christoph Hagen 2022-10-12 19:43:16 +02:00
parent ff916945df
commit fe429ea7d5
2 changed files with 41 additions and 35 deletions

View File

@ -59,14 +59,14 @@ final class SQLiteDatabase {
Send a password reset email. Send a password reset email.
Possible errors: Possible errors:
- `404`: Player name or email not found. - `417`: Player name or email not found.
*/ */
func sendPasswordResetEmailIfPossible(name: PlayerName, in database: Database) async throws { func sendPasswordResetEmailIfPossible(name: PlayerName, in database: Database) async throws {
guard let user = try await User.query(on: database).filter(\.$name == name).first() else { guard let user = try await User.query(on: database).filter(\.$name == name).first() else {
throw Abort(.notFound) throw Abort(.expectationFailed)
} }
guard let email = user.recoveryEmail else { guard let email = user.recoveryEmail else {
throw Abort(.notFound) throw Abort(.expectationFailed)
} }
try await user.$resetRequest.load(on: database) try await user.$resetRequest.load(on: database)
if let request = user.resetRequest { if let request = user.resetRequest {
@ -115,7 +115,7 @@ final class SQLiteDatabase {
Change the password of a user with a recovery token Change the password of a user with a recovery token
Possible errors: Possible errors:
- `404`: Reset token not found or expired - `417`: Reset token not found or expired
*/ */
func updatePassword(password: String, forResetToken token: String, in database: Database) async throws { func updatePassword(password: String, forResetToken token: String, in database: Database) async throws {
// 1. Find and validate the reset request // 1. Find and validate the reset request
@ -146,7 +146,7 @@ final class SQLiteDatabase {
.query(on: database) .query(on: database)
.filter(\.$name == name) .filter(\.$name == name)
.first() .first()
.unwrap(or: Abort(.notFound)) .unwrap(or: Abort(.unauthorized))
.passwordHash .passwordHash
} }

View File

@ -74,12 +74,12 @@ func registerPlayer(_ app: Application) {
Possible responses: Possible responses:
- `200`: Success, email will be sent - `200`: Success, email will be sent
- `400`: Missing name header - `400`: Missing name header
- `404`: Player name not found or no email registered - `417`: Player name not found or no email registered
*/ */
func requestPlayerPasswordReset(_ app: Application) { func requestPlayerPasswordReset(_ app: Application) {
app.post("player", "password", "reset") { request async throws -> HTTPResponseStatus in app.post("player", "password", "reset") { request async throws -> HTTPResponseStatus in
let name = try request.header(.name) // Error: 400 let name = try request.header(.name) // Error: 400
try await server.sendPasswordResetEmailIfPossible(name: name, in: request.db) try await server.sendPasswordResetEmailIfPossible(name: name, in: request.db) // 417
return .ok return .ok
} }
} }
@ -94,14 +94,14 @@ func requestPlayerPasswordReset(_ app: Application) {
Possible responses: Possible responses:
- `200`: Success, password changed - `200`: Success, password changed
- `400`: Missing token or password header - `400`: Missing token or password header
- `404`: Player name not found or no email registered - `417`: Player name not found or no email registered
- `424`: Password could not be hashed - `424`: Password could not be hashed
*/ */
func resetPlayerPasswordWithEmailToken(_ app: Application) { func resetPlayerPasswordWithEmailToken(_ app: Application) {
app.post("player", "reset") { req async throws -> HTTPResponseStatus in app.post("player", "reset") { req async throws -> HTTPResponseStatus in
let token = try req.header(.token) let token = try req.header(.token) // 400
let hash = try req.hashedPassword() // errors: 400, 424 let hash = try req.hashedPassword() // errors: 400, 424
try await server.updatePassword(password: hash, forResetToken: token, in: req.db) try await server.updatePassword(password: hash, forResetToken: token, in: req.db) // 417
return .ok return .ok
} }
} }
@ -111,10 +111,11 @@ func resetPlayerPasswordWithEmailToken(_ app: Application) {
- Parameter name: The name of the player, included in the url - Parameter name: The name of the player, included in the url
- Parameter password: The password of the player, as a string in the request body - Parameter password: The password of the player, as a string in the request body
- Throws:
- 400: Missing name or password Possible errors:
- 403: The password or user name is invalid - `400`: Missing name or password
- 424: The password could not be hashed - `401`: The password or user name is invalid
- `424`: The password could not be hashed
- Returns: Nothing - Returns: Nothing
*/ */
func deletePlayer(_ app: Application) { func deletePlayer(_ app: Application) {
@ -125,7 +126,7 @@ func deletePlayer(_ app: Application) {
} }
let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db) let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db)
guard try request.password.verify(password, created: hash) else { guard try request.password.verify(password, created: hash) else {
return .forbidden // 403 return .unauthorized // 401
} }
try await server.deletePlayer(named: name, in: request.db) try await server.deletePlayer(named: name, in: request.db)
return .ok return .ok
@ -136,10 +137,12 @@ func deletePlayer(_ app: Application) {
Log in as an existing player. Log in as an existing player.
- Parameter name: The name of the player, included in the url - Parameter name: The name of the player, included in the url
- Parameter password: The password of the player, as a string in the request body - Parameter password: The password of the player, as a string in the request body
- Throws:
- 400: Missing name or password Possible errors:
- 403: The password or user name is invalid - `400`: Missing name or password
- 424: The password could not be hashed - `401`: The password or user name is invalid
- `424`: The password could not be hashed
- Returns: The session token for the user - Returns: The session token for the user
*/ */
func loginPlayer(_ app: Application) { func loginPlayer(_ app: Application) {
@ -150,7 +153,7 @@ func loginPlayer(_ app: Application) {
} }
let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db) let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db)
guard try request.password.verify(password, created: hash) else { guard try request.password.verify(password, created: hash) else {
throw Abort(.forbidden) // 403 throw Abort(.unauthorized) // 401
} }
return server.startNewSessionForRegisteredPlayer(named: name) return server.startNewSessionForRegisteredPlayer(named: name)
} }
@ -271,10 +274,13 @@ func createTable(_ app: Application) {
/** /**
List the public tables. List the public tables.
- Parameter token: The session token of the player, as a string in the request body
- Throws: **Headers**
- 400: Missing token - `token`: The session token of the player, as a string in the request body
- 403: The session token is invalid
**Possible errors**
- `400`: Missing token
- `401`: The session token is invalid
- Returns: A JSON object with a list of public tables (id, name, player list) - Returns: A JSON object with a list of public tables (id, name, player list)
*/ */
func getPublicTables(_ app: Application) { func getPublicTables(_ app: Application) {
@ -283,7 +289,7 @@ func getPublicTables(_ app: Application) {
throw Abort(.badRequest) // 400 throw Abort(.badRequest) // 400
} }
guard server.isValid(sessionToken: token) else { guard server.isValid(sessionToken: token) else {
throw Abort(.forbidden) // 403 throw Abort(.unauthorized) // 401
} }
let list = server.getPublicTableInfos() let list = server.getPublicTableInfos()
return try encodeJSON(list) return try encodeJSON(list)