Fix HTTP error status for session endpoints

Author: jtgeibel

src/controllers/user/session.rs

@@ -1,14 +1,15 @@
-use crate::controllers::prelude::*;
+use crate::controllers::frontend_prelude::*;
 
 use crate::github;
 use conduit_cookie::RequestSession;
+use failure::Fail;
 use oauth2::{prelude::*, AuthorizationCode, TokenResponse};
 
 use crate::models::user;
 use crate::models::user::UserNoEmailType;
 use crate::models::{NewUser, User};
 use crate::schema::users;
-use crate::util::errors::{AppError, ReadOnlyMode};
+use crate::util::errors::{AppError, ChainError, ReadOnlyMode};
 
 /// Handles the `GET /authorize_url` route.
 ///
@@ -85,7 +86,7 @@ pub fn github_access_token(req: &mut dyn Request) -> AppResult<Response> {
         let session_state = req.session().remove(&"github_oauth_state".to_string());
         let session_state = session_state.as_ref().map(|a| &a[..]);
         if Some(&state[..]) != session_state {
-            return Err(cargo_err("invalid state parameter"));
+            return Err(bad_request("invalid state parameter"));
         }
     }
 
@@ -96,7 +97,8 @@ pub fn github_access_token(req: &mut dyn Request) -> AppResult<Response> {
         .app()
         .github
         .exchange_code(code)
-        .map_err(|s| cargo_err(&s))?;
+        .map_err(|e| e.compat())
+        .chain_error(|| server_error("Error obtaining token"))?;
     let token = token.access_token();
     let ghuser = github::github_api::<GithubUser>(req.app(), "/user", token)?;
     let user = ghuser.save_to_database(&token.secret(), &*req.db_conn()?)?;

src/tests/user.rs

@@ -113,7 +113,7 @@ fn auth_gives_a_token() {
 #[test]
 fn access_token_needs_data() {
     let (_, anon) = TestApp::init().empty();
-    let json = anon.get::<()>("/authorize").bad_with_status(200); // Change endpoint to 400?
+    let json = anon.get::<()>("/authorize").bad_with_status(400);
     assert!(json.errors[0].detail.contains("invalid state"));
 }