krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 15:17:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
13bca6b9a93c6bd888558395db768a500eebf5a2
habitica/test/api/user/PUT-user.test.js
Blade Barringer 13bca6b9a9 Prevent class from being changed via PUT /user
2015-10-26 17:25:51 -05:00

76 lines
2.5 KiB
JavaScript
Raw Blame History

import {
generateUser,
requester,
} from '../../helpers/api.helper';
import { each } from 'lodash';
describe.only('PUT /user', () => {
let api, user;
beforeEach(() => {
return generateUser().then((usr) => {
user = usr;
api = requester(user);
});
});
context('allowed paths', () => {
it('updates the user', () => {
return api.put('/user', {
'profile.name' : 'Frodo',
'preferences.costume': true,
'stats.hp': 14,
}).then((updatedUser) => {
expect(updatedUser.profile.name).to.eql('Frodo');
expect(updatedUser.preferences.costume).to.eql(true);
expect(updatedUser.stats.hp).to.eql(14);
});
});
});
context('top level protected paths', () => {
let protectedPaths = {
'gem balance': {balance: 100},
'auth': {'auth.blocked': true, 'auth.timestamps.created': new Date()},
'contributor': {'contributor.level': 9, 'contributor.admin': true, 'contributor.text': 'some text'},
'backer': {'backer.tier': 10, 'backer.npc': 'Bilbo'},
'subscriptions': {'purchased.plan.extraMonths': 500, 'purchased.plan.consecutive.trinkets': 1000},
'customization gem purchases': {'purchased.background.tavern': true, 'purchased.skin.bear': true},
'tasks': {todos: [], habits: [], dailys: [], rewards: []},
};
each(protectedPaths, (data, testName) => {
it(`does not allow updating ${testName}`, () => {
let errorText = [];
each(data, (value, path) => {
errorText.push(`path \`${path}\` was not saved, as it's a protected path. See https://github.com/HabitRPG/habitrpg/blob/develop/API.md for PUT /api/v2/user.`);
});
return expect(api.put('/user', data)).to.eventually.be.rejected.and.eql({
code: 401,
text: errorText,
});
});
});
});
context('sub-level protected paths', () => {
let protectedPaths = {
'class stat': {'stats.class': 'wizard'},
};
each(protectedPaths, (data, testName) => {
it(`does not allow updating ${testName}`, () => {
let errorText = [];
each(data, (value, path) => {
errorText.push(`path \`${path}\` was not saved, as it's a protected path. See https://github.com/HabitRPG/habitrpg/blob/develop/API.md for PUT /api/v2/user.`);
});
return expect(api.put('/user', data)).to.eventually.be.rejected.and.eql({
code: 401,
text: errorText,
});
});
});
});
});
Reference in New Issue View Git Blame Copy Permalink