Fix HTTP error status for session endpoints

Author: jtgeibel

src/controllers/user/session.rs

@@ -1,12 +1,13 @@
-use crate::controllers::prelude::*;
+use crate::controllers::frontend_prelude::*;
 
 use crate::github;
 use conduit_cookie::RequestSession;
+use failure::Fail;
 use oauth2::{prelude::*, AuthorizationCode, TokenResponse};
 
 use crate::models::{NewUser, User};
 use crate::schema::users;
-use crate::util::errors::{AppError, ReadOnlyMode};
+use crate::util::errors::{AppError, ChainError, ReadOnlyMode};
 
 /// Handles the `GET /api/private/session/begin` route.
 ///
@@ -83,7 +84,7 @@ pub fn authorize(req: &mut dyn Request) -> AppResult<Response> {
         let session_state = req.session().remove(&"github_oauth_state".to_string());
         let session_state = session_state.as_ref().map(|a| &a[..]);
         if Some(&state[..]) != session_state {
-            return Err(cargo_err("invalid state parameter"));
+            return Err(bad_request("invalid state parameter"));
         }
     }
 
@@ -94,7 +95,8 @@ pub fn authorize(req: &mut dyn Request) -> AppResult<Response> {
         .app()
         .github
         .exchange_code(code)
-        .map_err(|s| cargo_err(&s))?;
+        .map_err(|e| e.compat())
+        .chain_error(|| server_error("Error obtaining token"))?;
     let token = token.access_token();
     let ghuser = github::github_api::<GithubUser>(req.app(), "/user", token)?;
     let user = ghuser.save_to_database(&token.secret(), &*req.db_conn()?)?;

src/tests/user.rs

@@ -115,7 +115,7 @@ fn access_token_needs_data() {
     let (_, anon) = TestApp::init().empty();
     let json = anon
         .get::<()>("/api/private/session/authorize")
-        .bad_with_status(200); // Change endpoint to 400?
+        .bad_with_status(400);
     assert!(json.errors[0].detail.contains("invalid state"));
 }