fixes bug with password confirmation

app/controllers/client_api/users/users_controller.rb

@@ -55,7 +55,8 @@ module ClientApi
           bypass_sign_in(current_user)
           success_response
         else
-          unsuccess_response(current_user.errors.full_messages, :unauthorized)
+          unsuccess_response(current_user.errors.full_messages,
+                             :unprocessable_entity)
         end
       rescue CustomUserError => error
         unsuccess_response(error.to_s)

app/services/client_api/user_service.rb

@@ -2,19 +2,26 @@ module ClientApi
   class UserService < BaseService
     def update_user!
       error = I18n.t('client_api.user.passwords_dont_match')
-      raise CustomUserError, error unless check_password_confirmation
+      raise CustomUserError, error unless check_current_password
       @params.delete(:current_password) # removes unneeded element
       @current_user.update(@params)
     end
 
     private
 
-    def check_password_confirmation
+    def check_current_password
       return true unless @params[:email] || @params[:password]
-      error = I18n.t('client_api.user.blank_password_error')
+      pass_blank_err = I18n.t('client_api.user.blank_password_error')
-      password_confirmation = @params[:current_password]
+      pass_match_err = I18n.t('client_api.user.passwords_dont_match')
-      raise CustomUserError, error unless password_confirmation
+      current_password = @params[:current_password]
-      @current_user.valid_password? password_confirmation
+      raise CustomUserError, pass_blank_err unless current_password
+      raise CustomUserError, pass_match_err unless check_password_confirmation
+      @current_user.valid_password? current_password
+    end
+
+    def check_password_confirmation
+      return true if @params[:email]
+      @params[:password] == @params[:password_confirmation]
     end
   end
   CustomUserError = Class.new(StandardError)

spec/controllers/client_api/users/users_controller_spec.rb

@@ -17,6 +17,7 @@ describe ClientApi::Users::UsersController, type: :controller do
 
   describe 'POST update' do
     let(:new_password) { 'secretPassword' }
+    let(:new_email) { 'banana@fruit.com' }
 
     it 'responds successfully if all password params are set' do
       post :update,
@@ -52,6 +53,29 @@ describe ClientApi::Users::UsersController, type: :controller do
       expect(response).to have_http_status(:ok)
     end
 
+    it 'responds successfully if email is updated' do
+      post :update, params: { user: { email: new_email,
+                                      current_password: 'asdf1243' } },
+                              format: :json
+      expect(response).to have_http_status(:ok)
+      expect(@user.reload.email).to eq(new_email)
+    end
+
+    it 'responds unsuccessfully if email is updated without password' do
+      post :update, params: { user: { email: new_email } },
+                              format: :json
+      expect(response).to have_http_status(:unprocessable_entity)
+      expect(@user.reload.email).to_not eq(new_email)
+    end
+
+    it 'responds unsuccessfully if email is updated with invalid email' do
+      post :update, params: { user: { email: 'bananafruit.com',
+                                      current_password: 'asdf1243' } },
+                              format: :json
+      expect(response).to have_http_status(:unprocessable_entity)
+      expect(@user.reload.email).to_not eq(new_email)
+    end
+
     it 'changes timezone' do
       user = User.first
       expect(user.time_zone).to eq('UTC')

spec/services/client_api/user_service_spec.rb

@@ -59,8 +59,10 @@ describe ClientApi::UserService do
                   password_confirmation: 'hello1234567890',
                   current_password: 'asdf1234' }
       )
+
+      expect {
         user_service.update_user!
-      expect(user).to_not be_valid
+      }.to raise_error(ClientApi::CustomUserError, 'Passwords don\'t match')
     end
 
     it 'should update the password' do