test fixes

src/metabase/api/common.clj

@@ -107,7 +107,7 @@
 ;;; #### checkp- functions: as in "check param". These functions expect that you pass a symbol so they can throw ApiExceptions w/ relevant error messages.
 
 (defmacro checkp-with
-  "Check (TEST-FN VALUE), or throw a 400.
+  "Check (TEST-FN VALUE), or throw an exception with STATUS-CODE (default is 400).
    SYMB is passed in order to give the user a relevant error message about which parameter was bad.
 
    Returns VALUE upon success.
@@ -118,13 +118,17 @@
       -> ApiException: Invalid value ':bad' for 'f': test failed: (partial? contains? {:all :mine}
 
    You may optionally pass a MESSAGE to append to the ApiException upon failure;
-   this will be used in place of the \"test failed: ...\" message."
-  ([test-fn symb value message]
+   this will be used in place of the \"test failed: ...\" message.
+
+   MESSAGE may be either a string or a pair like `[status-code message]`."
+  ([test-fn symb value message-or-status+message-pair]
    {:pre [(symbol? symb)]}
-   `(let [value# ~value]
-      (check (~test-fn value#)
-        [400 (format "Invalid value '%s' for '%s': %s" (str value#) ~symb ~message)])
-      value#))
+   (let [[status-code message] (if (string? message-or-status+message-pair) [400 message-or-status+message-pair]
+                                   message-or-status+message-pair)]
+     `(let [value# ~value]
+        (check (~test-fn value#)
+          [~status-code (format "Invalid value '%s' for '%s': %s" (str value#) ~symb ~message)])
+        value#)))
   ([test-fn symb value]
    `(checkp-with ~test-fn ~symb ~value ~(str "test failed: " test-fn))))
 

src/metabase/api/setup.clj

@@ -9,18 +9,17 @@
 
 (defannotation SetupToken
   "Check that param matches setup token or throw a 403."
-  [_ token]
-  (check (setup/token-match? token)
-    [403 "Token does not match the setup token."]))
+  [symb value]
+  (checkp-with setup/token-match? symb value [403 "Token does not match the setup token."]))
 
 ;; special endpoint for creating the first user during setup
 ;; this endpoint both creates the user AND logs them in and returns a session id
 (defendpoint POST "/user" [:as {{:keys [token first_name last_name email password] :as body} :body}]
-  {token      [Required SetupToken]
-   first_name [Required NonEmptyString]
+  {first_name [Required NonEmptyString]
    last_name  [Required NonEmptyString]
    email      [Required Email]
-   password   [Required ComplexPassword]}
+   password   [Required ComplexPassword]
+   token      [Required SetupToken]}
   ;; extra check.  don't continue if there is already a user in the db.
   (let [session-id (str (java.util.UUID/randomUUID))
         new-user (ins User

test/metabase/api/setup_test.clj

@@ -27,36 +27,36 @@
 
 
 ;; Test input validations
-(expect "'token' is a required param."
-  (http/client :post 400 "setup/user" {}))
-
 (expect "'first_name' is a required param."
-  (http/client :post 400 "setup/user" {:token "anything"}))
+  (http/client :post 400 "setup/user" {}))
 
 (expect "'last_name' is a required param."
-  (http/client :post 400 "setup/user" {:token "anything"
-                                       :first_name "anything"}))
+  (http/client :post 400 "setup/user" {:first_name "anything"}))
 
 (expect "'email' is a required param."
-  (http/client :post 400 "setup/user" {:token "anything"
-                                       :first_name "anything"
+  (http/client :post 400 "setup/user" {:first_name "anything"
                                        :last_name "anything"}))
 
 (expect "'password' is a required param."
-  (http/client :post 400 "setup/user" {:token "anything"
-                                       :first_name "anything"
+  (http/client :post 400 "setup/user" {:first_name "anything"
+                                       :last_name "anything"
+                                       :email "anything@metabase.com"}))
+
+(expect "'token' is a required param."
+  (http/client :post 400 "setup/user" {:first_name "anything"
                                        :last_name "anything"
-                                       :email "anything"}))
+                                       :email "anything@metabase.com"
+                                       :password "anythingUP12!!"}))
 
 ;; valid email + complex password
-(expect "Invalid Request."
+(expect "Invalid value 'anything' for 'email': Not a valid email address."
   (http/client :post 400 "setup/user" {:token "anything"
                                        :first_name "anything"
                                        :last_name "anything"
                                        :email "anything"
                                        :password "anything"}))
 
-(expect "Invalid Request."
+(expect "Invalid value 'anything' for 'password': Insufficient password strength"
   (http/client :post 400 "setup/user" {:token "anything"
                                        :first_name "anything"
                                        :last_name "anything"
@@ -64,7 +64,7 @@
                                        :password "anything"}))
 
 ;; token match
-(expect "You don't have permissions to do that."
+(expect "Invalid value 'anything' for 'token': Token does not match the setup token."
   (http/client :post 403 "setup/user" {:token "anything"
                                        :first_name "anything"
                                        :last_name "anything"