Replace 404 errors

This commit is contained in:
Christoph Hagen 2022-10-12 19:43:16 +02:00
parent ff916945df
commit fe429ea7d5
2 changed files with 41 additions and 35 deletions

View File

@ -59,14 +59,14 @@ final class SQLiteDatabase {
Send a password reset email.
Possible errors:
- `404`: Player name or email not found.
- `417`: Player name or email not found.
*/
func sendPasswordResetEmailIfPossible(name: PlayerName, in database: Database) async throws {
guard let user = try await User.query(on: database).filter(\.$name == name).first() else {
throw Abort(.notFound)
throw Abort(.expectationFailed)
}
guard let email = user.recoveryEmail else {
throw Abort(.notFound)
throw Abort(.expectationFailed)
}
try await user.$resetRequest.load(on: database)
if let request = user.resetRequest {
@ -115,7 +115,7 @@ final class SQLiteDatabase {
Change the password of a user with a recovery token
Possible errors:
- `404`: Reset token not found or expired
- `417`: Reset token not found or expired
*/
func updatePassword(password: String, forResetToken token: String, in database: Database) async throws {
// 1. Find and validate the reset request
@ -146,7 +146,7 @@ final class SQLiteDatabase {
.query(on: database)
.filter(\.$name == name)
.first()
.unwrap(or: Abort(.notFound))
.unwrap(or: Abort(.unauthorized))
.passwordHash
}

View File

@ -74,12 +74,12 @@ func registerPlayer(_ app: Application) {
Possible responses:
- `200`: Success, email will be sent
- `400`: Missing name header
- `404`: Player name not found or no email registered
- `417`: Player name not found or no email registered
*/
func requestPlayerPasswordReset(_ app: Application) {
app.post("player", "password", "reset") { request async throws -> HTTPResponseStatus in
let name = try request.header(.name) // Error: 400
try await server.sendPasswordResetEmailIfPossible(name: name, in: request.db)
try await server.sendPasswordResetEmailIfPossible(name: name, in: request.db) // 417
return .ok
}
}
@ -94,14 +94,14 @@ func requestPlayerPasswordReset(_ app: Application) {
Possible responses:
- `200`: Success, password changed
- `400`: Missing token or password header
- `404`: Player name not found or no email registered
- `417`: Player name not found or no email registered
- `424`: Password could not be hashed
*/
func resetPlayerPasswordWithEmailToken(_ app: Application) {
app.post("player", "reset") { req async throws -> HTTPResponseStatus in
let token = try req.header(.token)
let token = try req.header(.token) // 400
let hash = try req.hashedPassword() // errors: 400, 424
try await server.updatePassword(password: hash, forResetToken: token, in: req.db)
try await server.updatePassword(password: hash, forResetToken: token, in: req.db) // 417
return .ok
}
}
@ -111,10 +111,11 @@ func resetPlayerPasswordWithEmailToken(_ app: Application) {
- Parameter name: The name of the player, included in the url
- Parameter password: The password of the player, as a string in the request body
- Throws:
- 400: Missing name or password
- 403: The password or user name is invalid
- 424: The password could not be hashed
Possible errors:
- `400`: Missing name or password
- `401`: The password or user name is invalid
- `424`: The password could not be hashed
- Returns: Nothing
*/
func deletePlayer(_ app: Application) {
@ -125,21 +126,23 @@ func deletePlayer(_ app: Application) {
}
let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db)
guard try request.password.verify(password, created: hash) else {
return .forbidden // 403
return .unauthorized // 401
}
try await server.deletePlayer(named: name, in: request.db)
return .ok
}
}
/**
/**
Log in as an existing player.
- Parameter name: The name of the player, included in the url
- Parameter password: The password of the player, as a string in the request body
- Throws:
- 400: Missing name or password
- 403: The password or user name is invalid
- 424: The password could not be hashed
Possible errors:
- `400`: Missing name or password
- `401`: The password or user name is invalid
- `424`: The password could not be hashed
- Returns: The session token for the user
*/
func loginPlayer(_ app: Application) {
@ -150,7 +153,7 @@ func loginPlayer(_ app: Application) {
}
let hash = try await server.passwordHashForExistingPlayer(named: name, in: request.db)
guard try request.password.verify(password, created: hash) else {
throw Abort(.forbidden) // 403
throw Abort(.unauthorized) // 401
}
return server.startNewSessionForRegisteredPlayer(named: name)
}
@ -269,12 +272,15 @@ func createTable(_ app: Application) {
}
}
/**
/**
List the public tables.
- Parameter token: The session token of the player, as a string in the request body
- Throws:
- 400: Missing token
- 403: The session token is invalid
**Headers**
- `token`: The session token of the player, as a string in the request body
**Possible errors**
- `400`: Missing token
- `401`: The session token is invalid
- Returns: A JSON object with a list of public tables (id, name, player list)
*/
func getPublicTables(_ app: Application) {
@ -283,7 +289,7 @@ func getPublicTables(_ app: Application) {
throw Abort(.badRequest) // 400
}
guard server.isValid(sessionToken: token) else {
throw Abort(.forbidden) // 403
throw Abort(.unauthorized) // 401
}
let list = server.getPublicTableInfos()
return try encodeJSON(list)