Handle invalid params when trying update_username

Using strong params to require the presence of a username when calling `update_username`. Otherwise we'd raise a `NoMethodError` validating the paths on disk.
2018-04-04 09:59:35 +02:00 · 2018-04-04 09:59:35 +02:00 · 3faa7653d0
parent be1523c1ba
commit 3faa7653d0
2 changed files with 12 additions and 1 deletions
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@ -51,7 +51,7 @@ class ProfilesController < Profiles::ApplicationController
  end

  def update_username
-    result = Users::UpdateService.new(current_user, user: @user, username: user_params[:username]).execute
+    result = Users::UpdateService.new(current_user, user: @user, username: username_param).execute

    options = if result[:status] == :success
                { notice: "Username successfully changed" }
@ -72,6 +72,10 @@ class ProfilesController < Profiles::ApplicationController
    return render_404 unless @user.can_change_username?
  end

+  def username_param
+    @username_param ||= user_params.require(:username)
+  end
+
  def user_params
    @user_params ||= params.require(:user).permit(
      :avatar,
--- a/spec/controllers/profiles_controller_spec.rb
+++ b/spec/controllers/profiles_controller_spec.rb
@ -84,6 +84,13 @@ describe ProfilesController, :request_store do
      expect(user.username).to eq(new_username)
    end

+    it 'raises a correct error when the username is missing' do
+      sign_in(user)
+
+      expect { put :update_username, user: { gandalf: 'you shall not pass' } }
+        .to raise_error(ActionController::ParameterMissing)
+    end
+
    context 'with legacy storage' do
      it 'moves dependent projects to new namespace' do
        project = create(:project_empty_repo, :legacy_storage, namespace: namespace)