Added User password_reset spec and some refactor

*Make returned error in errors array
*Use constants

app/components/users/javascripts/init_component.js

@@ -33,7 +33,7 @@
               Ext.Msg.alert("Success", "New Password: "+data.password);
             },
             error: function(data,textStatus) {
-              Ext.Msg.alert( "Error", JSON.parse(data.responseText)["error"]);
+              Ext.Msg.alert( "Error", JSON.parse(data.responseText)["errors"][0]);
             }
           });
         }

app/controllers/api/v1/users_controller.rb

@@ -1,18 +1,22 @@
 require 'securerandom'
 class Api::V1::UsersController < Api::V1::BaseController
+  CANNOT_MANAGE = "You do not have the permission to manager users"
+  NOT_FOUND = "User not found"
+  NOT_ALLOWED = "Not allowed to reset your own password in this fashion"
+  PASS_LENGTH = 8
 
   def password_reset
     if can? :manage, User
       user = User.find_by_id(params[:user_id])
-      render :json => { "error" => "User not found"}, :status => 404 and return if user.nil?
+      render :json => { "errors" => [NOT_FOUND]}, :status => 404 and return if user.nil?
-      render :json => { "error" => "Not allowed to reset your own password in this fashion."}, :status => 403 and return if user.id == current_user.id
+      render :json => { "errors" => [NOT_ALLOWED]}, :status => 403 and return if user.id == current_user.id
 
-      new_pass = SecureRandom.hex[0,8]
+      new_pass = SecureRandom.hex[0,PASS_LENGTH]
       user.password = new_pass
       user.save
       render :json => { "password" => new_pass}, :status => 200 and return
     else
-      render :json => { "error" => "You do not have the permission"}, :status => 403 and return
+      render :json => { "errors" => [CANNOT_MANAGE]}, :status => 403 and return
     end
   end
 

spec/controllers/api/users_controller_spec.rb

@@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe Api::V1::UsersController do
+
+  describe "#password_reset" do
+
+    context "as a user" do
+      before(:each) do
+        @user = FactoryGirl.create(:user)
+        sign_in @user
+      end
+
+      it "returns 403" do
+        post :password_reset
+        expect(@response.code.to_i).to eql 403
+      end
+
+      it "returns an error message" do
+        post :password_reset
+        json = JSON.parse(@response.body)
+        expect(json["errors"].first).to eql Api::V1::UsersController::CANNOT_MANAGE
+      end
+
+    end
+
+    context "as an admin" do
+      before(:each) do
+        @user = FactoryGirl.create(:admin)
+        sign_in @user
+      end
+
+      it "forbids a user to reset their own password" do
+        post :password_reset, user_id: @user.id
+        expect(@response.code.to_i).to eql 403
+        json = JSON.parse(@response.body)
+        expect(json["errors"].first).to eql Api::V1::UsersController::NOT_ALLOWED
+      end
+
+      context "with no user in json data" do
+        it "returns 404" do
+          post :password_reset
+          expect(@response.code.to_i).to eql 404
+        end
+
+        it "returns an error message" do
+          post :password_reset
+          json = JSON.parse(@response.body)
+          expect(json["errors"].first).to eql Api::V1::UsersController::NOT_FOUND
+        end
+      end
+
+      context "another user exists" do
+        before(:each) do
+          @user2 = FactoryGirl.create(:user)
+        end
+
+        it "returns 200" do
+          post :password_reset, user_id: @user2.id
+          expect(@response.code.to_i).to eql 200
+        end
+
+        it "returns that users new password" do
+          post :password_reset, user_id: @user2.id
+          json = JSON.parse(@response.body)
+          expect(json["password"].length).to eql Api::V1::UsersController::PASS_LENGTH
+        end
+
+      end
+
+    end
+  end
+end