Support optional fields in update_user() endpoint

Turbo87 · Turbo87 · commit 3816fba9520f · 2024-09-12T11:28:07.000-04:00
Currently only the `email` field is supported, but that is about to change. Unfortunately with `serde_json` it is hard to differentiate between `email: null` and the `email` field not existing, since both are decoded as `Option::None`. Since our frontend does not send `email: null` and the endpoint does not appear to be used via token authentication this seems like a viable change.

Side note: This endpoint is behaving like a `PATCH` endpoint, but is currently using the `PUT` HTTP method for legacy reasons.
diff --git a/src/controllers/user/update.rs b/src/controllers/user/update.rs
@@ -44,45 +44,44 @@ pub async fn update_user(
             return Err(bad_request("current user does not match requested user"));
         }
 
-        let user_email = match &user_update.user.email {
-            Some(email) => email.trim(),
-            None => return Err(bad_request("empty email rejected")),
-        };
+        if let Some(user_email) = &user_update.user.email {
+            let user_email = user_email.trim();
 
-        if user_email.is_empty() {
-            return Err(bad_request("empty email rejected"));
-        }
+            if user_email.is_empty() {
+                return Err(bad_request("empty email rejected"));
+            }
+
+            user_email
+                .parse::<Address>()
+                .map_err(|_| bad_request("invalid email address"))?;
+
+            let new_email = NewEmail {
+                user_id: user.id,
+                email: user_email,
+            };
+
+            let token = diesel::insert_into(emails::table)
+                .values(&new_email)
+                .on_conflict(emails::user_id)
+                .do_update()
+                .set(&new_email)
+                .returning(emails::token)
+                .get_result(conn)
+                .map(SecretString::new)
+                .map_err(|_| server_error("Error in creating token"))?;
+
+            // This swallows any errors that occur while attempting to send the email. Some users have
+            // an invalid email set in their GitHub profile, and we should let them sign in even though
+            // we're trying to silently use their invalid address during signup and can't send them an
+            // email. They'll then have to provide a valid email address.
+            let email = UserConfirmEmail {
+                user_name: &user.gh_login,
+                domain: &state.emails.domain,
+                token,
+            };
 
-        user_email
-            .parse::<Address>()
-            .map_err(|_| bad_request("invalid email address"))?;
-
-        let new_email = NewEmail {
-            user_id: user.id,
-            email: user_email,
-        };
-
-        let token = diesel::insert_into(emails::table)
-            .values(&new_email)
-            .on_conflict(emails::user_id)
-            .do_update()
-            .set(&new_email)
-            .returning(emails::token)
-            .get_result(conn)
-            .map(SecretString::new)
-            .map_err(|_| server_error("Error in creating token"))?;
-
-        // This swallows any errors that occur while attempting to send the email. Some users have
-        // an invalid email set in their GitHub profile, and we should let them sign in even though
-        // we're trying to silently use their invalid address during signup and can't send them an
-        // email. They'll then have to provide a valid email address.
-        let email = UserConfirmEmail {
-            user_name: &user.gh_login,
-            domain: &state.emails.domain,
-            token,
-        };
-
-        let _ = state.emails.send(user_email, email);
+            let _ = state.emails.send(user_email, email);
+        }
 
         ok_true()
     })
diff --git a/src/tests/routes/users/update.rs b/src/tests/routes/users/update.rs
@@ -45,13 +45,30 @@ async fn test_empty_email_not_added() {
         response.json(),
         json!({ "errors": [{ "detail": "empty email rejected" }] })
     );
+}
 
-    let response = user.update_email_more_control(model.id, None).await;
-    assert_eq!(response.status(), StatusCode::BAD_REQUEST);
-    assert_eq!(
-        response.json(),
-        json!({ "errors": [{ "detail": "empty email rejected" }] })
-    );
+#[tokio::test(flavor = "multi_thread")]
+async fn test_ignore_empty() {
+    let (_app, _anon, user) = TestApp::init().with_user();
+    let model = user.as_model();
+
+    let url = format!("/api/v1/users/{}", model.id);
+    let payload = json!({"user": {}});
+    let response = user.put::<()>(&url, payload.to_string()).await;
+    assert_eq!(response.status(), StatusCode::OK);
+    assert_snapshot!(response.text(), @r###"{"ok":true}"###);
+}
+
+#[tokio::test(flavor = "multi_thread")]
+async fn test_ignore_nulls() {
+    let (_app, _anon, user) = TestApp::init().with_user();
+    let model = user.as_model();
+
+    let url = format!("/api/v1/users/{}", model.id);
+    let payload = json!({"user": { "email": null }});
+    let response = user.put::<()>(&url, payload.to_string()).await;
+    assert_eq!(response.status(), StatusCode::OK);
+    assert_snapshot!(response.text(), @r###"{"ok":true}"###);
 }
 
 /// Check to make sure that neither other signed in users nor anonymous users can edit another
