FIX: handle nil user value on password reset

FIX: handle nil user value on password reset

From 22a7f1e7f2f399c824a62fa47a45f3641c67ac51 Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Tue, 20 Nov 2018 21:49:47 +0530
Subject: [PATCH] FIX: handle nil user value on password reset


diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 5a25f7c..2a5005b 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -546,10 +546,10 @@ class UsersController < ApplicationController
           end
         else
           render json: {
-            is_developer: UsernameCheckerService.is_developer?(@user.email),
-            admin: @user.admin?,
+            is_developer: UsernameCheckerService.is_developer?(@user&.email),
+            admin: @user&.admin?,
             second_factor_required: !valid_second_factor,
-            backup_enabled: @user.backup_codes_enabled?
+            backup_enabled: @user&.backup_codes_enabled?
           }
         end
       end

GitHub

I don’t understand this, if we have no user we should return an error on password reset like a 400, no an object full of nulls

Good catch Sam. I was basing this fix on my previous similar fix.

After careful observation again I realized that we were not handling errors at all in case of json GET requests. Now fixed properly via:

1 Like