krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 07:07:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Prevent class from being changed via PUT /user

Browse Source
This commit is contained in:
Blade Barringer
2015-10-26 17:25:51 -05:00
parent c7b162271c
commit 13bca6b9a9
2 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
test/api/user/PUT-user.test.js
View File

@@ -53,4 +53,23 @@ describe.only('PUT /user', () => {
});
});
});
context('sub-level protected paths', () => {
let protectedPaths = {
'class stat': {'stats.class': 'wizard'},
};
each(protectedPaths, (data, testName) => {
it(`does not allow updating ${testName}`, () => {
let errorText = [];
each(data, (value, path) => {
errorText.push(`path \`${path}\` was not saved, as it's a protected path. See https://github.com/HabitRPG/habitrpg/blob/develop/API.md for PUT /api/v2/user.`);
});
return expect(api.put('/user', data)).to.eventually.be.rejected.and.eql({
code: 401,
text: errorText,
});
});
});
});
});