default json error responder

Replacing ID site verification error handler with this, so that we don’t show all the token cruft to the end-user.  Instead, just the error message string.

lib/controllers/id-site-verify.js

@@ -7,6 +7,8 @@ var stormpath = require('stormpath');
 var helpers = require('../helpers');
 var middleware = require('../middleware');
 
+var thisFileName = require('path').basename(__filename);
+
 /**
  * This controller handles a Stormpath ID Site authentication.  Once a user is
  * authenticated, they'll be returned to the site.
@@ -28,7 +30,7 @@ module.exports = function (req, res) {
   assertionAuthenticator.authenticate(stormpathToken, function (err) {
     if (err) {
       logger.info('During an IdSite login attempt, we were unable to verify the JWT response.');
-      return res.status(err.status || 400).json(err);
+      return helpers.defaultJsonErrorResponder(err, res, thisFileName);
     }
 
     var parsedToken = nJwt.verify(stormpathToken, config.client.apiKey.secret);
@@ -46,19 +48,19 @@ module.exports = function (req, res) {
       stormpathTokenAuthenticator.authenticate({ stormpath_token: stormpathToken }, function (err, authenticationResult) {
         if (err) {
           logger.info('During an IdSite login attempt, we were unable to create a Stormpath session.');
-          return res.status(err.status || 400).json(err);
+          return helpers.defaultJsonErrorResponder(err, res, thisFileName);
         }
 
         authenticationResult.getAccount(function (err, account) {
           if (err) {
             logger.info('During an IdSite login attempt, we were unable to retrieve an account from the authentication result.');
-            return res.status(err.status || 400).json(err);
+            return helpers.defaultJsonErrorResponder(err, res, thisFileName);
           }
 
           helpers.expandAccount(req.app, account, function (err, expandedAccount) {
             if (err) {
               logger.info('During an IdSite login attempt, we were unable to expand the Stormpath account.');
-              return res.status(err.status || 400).json(err);
+              return helpers.defaultJsonErrorResponder(err, res, thisFileName);
             }
 
             helpers.createSession(authenticationResult, expandedAccount, req, res);

lib/helpers/create-session.js

@@ -6,7 +6,8 @@ var Cookies = require('cookies');
  * Creates a JWT, stores it in a cookie, and provides it on the request object
  * for other middleware to use.
  *
- * @param  {Object} authenticationResult From the Node SDK.
+ * @param  {Object} authenticationResult From an authenticator in the Node SDK.
+ * @param  {Object} account              Expanded Account object.
  * @param  {Object} req                  Express HTTP request.
  * @param  {Object} res                  Express HTTP response.
  */

lib/helpers/default-json-error-responder.js

@@ -0,0 +1,20 @@
+'use strict';
+
+/**
+ * Use this method to render JSON error responses, for errors that arise from
+ * the underlying Node SDK
+ *
+ * @function
+ *
+ * @param {Object} err - An error object, likely from the Node SDK
+ * @param {Object} res - Express http response
+ * @param {Object} context - Describe where this error is coming from, for
+ * a fallback message when the error does not contain a message.
+ */
+function defaultJsonErrorResponder(err, res, context) {
+  return res.status(err.status || 500).json({
+    error: err.userMessage || err.message || ('Unexpected error in ' + context)
+  });
+}
+
+module.exports = defaultJsonErrorResponder;

lib/helpers/index.js

@@ -5,6 +5,7 @@ module.exports = {
   exchangeStormpathToken: require('./exchange-stormpath-token'),
   createStormpathSession: require('./create-stormpath-session'),
   createSession: require('./create-session'),
+  defaultJsonErrorResponder: require('./default-json-error-responder'),
   expandAccount: require('./expand-account'),
   getFormModel: require('./get-form-model'),
   getRequiredRegistrationFields: require('./get-required-registration-fields'),