diff --git a/test/api/v3/integration/user/POST-user_update_email.test.js b/test/api/v3/integration/user/PUT-user_update_email.test.js similarity index 87% rename from test/api/v3/integration/user/POST-user_update_email.test.js rename to test/api/v3/integration/user/PUT-user_update_email.test.js index 5a8392ec1e..38fd7da53e 100644 --- a/test/api/v3/integration/user/POST-user_update_email.test.js +++ b/test/api/v3/integration/user/PUT-user_update_email.test.js @@ -4,7 +4,7 @@ import { } from '../../../../helpers/api-v3-integration.helper'; import { model as User } from '../../../../../website/src/models/user'; -describe('POST /user/update-email', () => { +describe('PUT /user/update-email', () => { let user; let fbUser; let endpoint = '/user/update-email'; @@ -17,7 +17,7 @@ describe('POST /user/update-email', () => { }); it('does not change email if one is not provided', async () => { - await expect(user.post(endpoint)).to.eventually.be.rejected.and.eql({ + await expect(user.put(endpoint)).to.eventually.be.rejected.and.eql({ code: 400, error: 'BadRequest', message: t('invalidReqParams'), @@ -25,7 +25,7 @@ describe('POST /user/update-email', () => { }); it('does not change email if password is not provided', async () => { - await expect(user.post(endpoint, { + await expect(user.put(endpoint, { newEmail, })).to.eventually.be.rejected.and.eql({ code: 400, @@ -35,7 +35,7 @@ describe('POST /user/update-email', () => { }); it('does not change email if wrong password is provided', async () => { - await expect(user.post(endpoint, { + await expect(user.put(endpoint, { newEmail, password: 'wrong password', })).to.eventually.be.rejected.and.eql({ @@ -46,7 +46,7 @@ describe('POST /user/update-email', () => { }); it('changes email if new email and existing password are provided', async () => { - let response = await user.post(endpoint, { + let response = await user.put(endpoint, { newEmail, password: thePassword, }); @@ -64,7 +64,7 @@ describe('POST /user/update-email', () => { }); it('does not change email if user.auth.local.email does not exist for this user', async () => { - await expect(fbUser.post(endpoint, { + await expect(fbUser.put(endpoint, { newEmail, password: thePassword, })).to.eventually.be.rejected.and.eql({ diff --git a/test/api/v3/integration/user/POST-user_update_password.test.js b/test/api/v3/integration/user/PUT-user_update_password.test.js similarity index 87% rename from test/api/v3/integration/user/POST-user_update_password.test.js rename to test/api/v3/integration/user/PUT-user_update_password.test.js index 728abb13db..18f17177ab 100644 --- a/test/api/v3/integration/user/POST-user_update_password.test.js +++ b/test/api/v3/integration/user/PUT-user_update_password.test.js @@ -3,7 +3,7 @@ import { translate as t, } from '../../../../helpers/api-integration/v3'; -describe('POST /user/update-password', async () => { +describe('PUT /user/update-password', async () => { let endpoint = '/user/update-password'; let user; let password = 'password'; @@ -16,7 +16,7 @@ describe('POST /user/update-password', async () => { it('successfully changes the password', async () => { let previousHashedPassword = user.auth.local.hashed_password; - let response = await user.post(endpoint, { + let response = await user.put(endpoint, { password, newPassword, confirmPassword: newPassword, @@ -27,7 +27,7 @@ describe('POST /user/update-password', async () => { }); it('new passwords mismatch', async () => { - await expect(user.post(endpoint, { + await expect(user.put(endpoint, { password, newPassword, confirmPassword: `${newPassword}-wrong-confirmation`, @@ -39,7 +39,7 @@ describe('POST /user/update-password', async () => { }); it('existing password is wrong', async () => { - await expect(user.post(endpoint, { + await expect(user.put(endpoint, { password: wrongPassword, newPassword, confirmPassword: newPassword, diff --git a/test/api/v3/integration/user/POST-user_update_username.test.js b/test/api/v3/integration/user/PUT-user_update_username.test.js similarity index 89% rename from test/api/v3/integration/user/POST-user_update_username.test.js rename to test/api/v3/integration/user/PUT-user_update_username.test.js index 4e59fcb5b8..b48831c010 100644 --- a/test/api/v3/integration/user/POST-user_update_username.test.js +++ b/test/api/v3/integration/user/PUT-user_update_username.test.js @@ -4,7 +4,7 @@ import { } from '../../../../helpers/api-integration/v3'; import { model as User } from '../../../../../website/src/models/user'; -describe('POST /user/update-username', async () => { +describe('PUT /user/update-username', async () => { let endpoint = '/user/update-username'; let user; let newUsername = 'new-username'; @@ -17,7 +17,7 @@ describe('POST /user/update-username', async () => { }); it('successfully changes username', async () => { - let response = await user.post(endpoint, { + let response = await user.put(endpoint, { username: newUsername, password, }); @@ -32,8 +32,9 @@ describe('POST /user/update-username', async () => { user = await generateUser(); await user.update({'auth.local.username': existingUsername, 'auth.local.lowerCaseUsername': existingUsername }); }); + it('prevents username update', async () => { - await expect(user.post(endpoint, { + await expect(user.put(endpoint, { username: existingUsername, password, })).to.eventually.be.rejected.and.eql({ @@ -43,8 +44,9 @@ describe('POST /user/update-username', async () => { }); }); }); + it('password is wrong', async () => { - await expect(user.post(endpoint, { + await expect(user.put(endpoint, { username: newUsername, password: wrongPassword, })).to.eventually.be.rejected.and.eql({ @@ -53,13 +55,15 @@ describe('POST /user/update-username', async () => { message: t('wrongPassword'), }); }); + describe('social-only user', async () => { beforeEach(async () => { user = await generateUser(); await user.update({ 'auth.local': { ok: true } }); }); + it('prevents username update', async () => { - await expect(user.post(endpoint, { + await expect(user.put(endpoint, { username: newUsername, password, })).to.eventually.be.rejected.and.eql({ @@ -69,8 +73,9 @@ describe('POST /user/update-username', async () => { }); }); }); + it('new username is not provided', async () => { - await expect(user.post(endpoint, { + await expect(user.put(endpoint, { password, })).to.eventually.be.rejected.and.eql({ code: 400, diff --git a/website/src/controllers/api-v3/user.js b/website/src/controllers/api-v3/user.js index 17c37aaf84..896f648d19 100644 --- a/website/src/controllers/api-v3/user.js +++ b/website/src/controllers/api-v3/user.js @@ -43,7 +43,7 @@ api.getUser = { }; /** - * @api {post} /user/update-password + * @api {put} /user/update-password * @apiVersion 3.0.0 * @apiName updatePassword * @apiGroup User @@ -53,7 +53,7 @@ api.getUser = { * @apiSuccess {Object} The success message **/ api.updatePassword = { - method: 'POST', + method: 'PUT', middlewares: [authWithHeaders(), cron], url: '/user/update-password', async handler (req, res) { @@ -82,7 +82,7 @@ api.updatePassword = { }; /** - * @api {post} /user/update-username + * @api {put} /user/update-username * @apiVersion 3.0.0 * @apiName updateUsername * @apiGroup User @@ -91,7 +91,7 @@ api.updatePassword = { * @apiSuccess {Object} The new username **/ api.updateUsername = { - method: 'POST', + method: 'PUT', middlewares: [authWithHeaders(), cron], url: '/user/update-username', async handler (req, res) { @@ -128,7 +128,7 @@ api.updateUsername = { /** - * @api {post} /user/update-email + * @api {put} /user/update-email * @apiVersion 3.0.0 * @apiName UpdateEmail * @apiGroup User @@ -139,7 +139,7 @@ api.updateUsername = { * @apiSuccess {Object} An object containing the new email address */ api.updateEmail = { - method: 'POST', + method: 'PUT', middlewares: [authWithHeaders(), cron], url: '/user/update-email', async handler (req, res) {