From f2992b7f45e5f3af47c32d00f88dc6ee13e4b991 Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Mon, 20 Jul 2015 18:19:02 +0300
Subject: [PATCH] Return error when API user not found in REPP #2774

---
 app/api/repp/api.rb             | 5 +++++
 config/locales/en.yml           | 1 +
 spec/requests/v1/domain_spec.rb | 9 +++++++++
 3 files changed, 15 insertions(+)

diff --git a/app/api/repp/api.rb b/app/api/repp/api.rb
index 976376f76..7a9ecd1e8 100644
--- a/app/api/repp/api.rb
+++ b/app/api/repp/api.rb
@@ -5,6 +5,11 @@ module Repp
 
     http_basic do |username, password|
       @current_user ||= ApiUser.find_by(username: username, password: password)
+      if @current_user
+        true
+      else
+        error! I18n.t('api_user_not_found'), 401
+      end
     end
 
     before do
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 32199609b..8b2668bc3 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -871,3 +871,4 @@ en:
   parameter_value_range_error: 'Parameter value range error: %{key}'
   payment_received: 'Payment received'
   domain_registrant_updated: 'Domeeni %{name} registreerija vahetus teostatud / Registrant change of %{name} has been finished.'
+  api_user_not_found: 'API user not found'
diff --git a/spec/requests/v1/domain_spec.rb b/spec/requests/v1/domain_spec.rb
index a7502ad0e..47b37ea76 100644
--- a/spec/requests/v1/domain_spec.rb
+++ b/spec/requests/v1/domain_spec.rb
@@ -77,5 +77,14 @@ describe Repp::DomainV1 do
 
       # TODO: Log failed API requests too
     end
+
+    it 'returns an error with invalid credentials' do
+      invalid_user = OpenStruct.new(username: 'bla', password: 'blabala')
+      get_with_auth '/repp/v1/domains', {}, invalid_user
+      response.status.should == 401
+
+      body = JSON.parse(response.body)
+      body['error'].should == 'API user not found'
+    end
   end
 end