From bb4172acf4b8690d50551f30866613e741d6895f Mon Sep 17 00:00:00 2001
From: Simon J <simojenki@users.noreply.github.com>
Date: Mon, 8 Nov 2021 17:26:09 +1100
Subject: [PATCH] Catch any unexpected error during login and return 403 (#76)

---
 src/server.ts        | 33 ++++++++++++++++++++-------------
 tests/server.test.ts | 21 +++++++++++++++++++++
 2 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/src/server.ts b/src/server.ts
index 292057d..7d4693f 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -219,28 +219,35 @@ function server(
     const lang = langFor(req);
     const { username, password, linkCode } = req.body;
     if (!linkCodes.has(linkCode)) {
-      res.status(400).render("failure", {
+      return res.status(400).render("failure", {
         lang,
         message: lang("invalidLinkCode"),
       });
     } else {
-      const authResult = await musicService.generateToken({
+      return musicService.generateToken({
         username,
         password,
-      });
-      if (isSuccess(authResult)) {
-        linkCodes.associate(linkCode, authResult);
-        res.render("success", {
-          lang,
-          message: lang("loginSuccessful"),
-        });
-      } else {
-        res.status(403).render("failure", {
+      }).then(authResult => {
+        if (isSuccess(authResult)) {
+          linkCodes.associate(linkCode, authResult);
+          return res.render("success", {
+            lang,
+            message: lang("loginSuccessful"),
+          });
+        } else {
+          return res.status(403).render("failure", {
+            lang,
+            message: lang("loginFailed"),
+            cause: authResult.message,
+          });
+        }
+      }).catch(e => {
+        return res.status(403).render("failure", {
           lang,
           message: lang("loginFailed"),
-          cause: authResult.message,
+          cause: `Unexpected error occured - ${e}`,
         });
-      }
+      });
     }
   });
 
diff --git a/tests/server.test.ts b/tests/server.test.ts
index d1526c2..7129eff 100644
--- a/tests/server.test.ts
+++ b/tests/server.test.ts
@@ -680,6 +680,27 @@ describe("server", () => {
           });
         });
 
+        describe("when an unexpected failure occurs", () => {
+          it("should return 403 with message", async () => {
+            const username = "userDoesntExist";
+            const password = "password";
+            const linkCode = uuid();
+
+            linkCodes.has.mockReturnValue(true);
+            musicService.generateToken.mockRejectedValue("BOOOOOOM");
+
+            const res = await request(server)
+              .post(bonobUrl.append({ pathname: "/login" }).pathname())
+              .set("accept-language", acceptLanguage)
+              .type("form")
+              .send({ username, password, linkCode })
+              .expect(403);
+
+            expect(res.text).toContain(lang("loginFailed"));
+            expect(res.text).toContain('Unexpected error occured - BOOOOOOM');
+          });
+        });
+
         describe("when linkCode is invalid", () => {
           it("should return 400 with message", async () => {
             const username = "jane";