Merge branch '8801-500-on-lynx' into 'master'

fix: sanity checks on user params Closes #8801 See merge request leap/webapp!50
author: azul <azul@riseup.net> 2017-10-24 11:40:46 +0000
committer: azul <azul@riseup.net> 2017-10-24 11:40:46 +0000
commit: d717aba320abc5cc2ebf5650cbd52a69a56926b5 (patch)
tree: 4a9adacadce129529bed44792e6a4de1dc158519 /test/integration
parent: fecd710de6c574ac8e2b0c45ad9e081badd59b61 (diff)
parent: 325bccc1649c928d512ce7c7b11e14566a8c9eeb (diff)
2 files changed, 9 insertions, 1 deletions
diff --git a/test/integration/api/srp_test.rb b/test/integration/api/srp_test.rb
index b9605f9..ef5d9b8 100644
--- a/test/integration/api/srp_test.rb
+++ b/test/integration/api/srp_test.rb
@@ -46,7 +46,7 @@ class SrpTest < RackTest
     @password = password
   end
 
-  def update_user(params)
+  def update_user(params = {})
     put api_url("users/#{@user.id}.json"),
       user_params(params),
       auth_headers
diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb
index f083dbc..dd28b06 100644
--- a/test/integration/api/update_account_test.rb
+++ b/test/integration/api/update_account_test.rb
@@ -19,6 +19,14 @@ class UpdateAccountTest < SrpTest
     assert_login_required
   end
 
+  test "empty request" do
+    authenticate
+    update_user
+    refute last_response.successful?
+    assert_equal 400, last_response.status
+    assert_equal '', last_response.body
+  end
+
   test "update password via api" do
     authenticate
     update_user password: "No! Verify me instead."
author	azul <azul@riseup.net>	2017-10-24 11:40:46 +0000
committer	azul <azul@riseup.net>	2017-10-24 11:40:46 +0000
commit	d717aba320abc5cc2ebf5650cbd52a69a56926b5 (patch)
tree	4a9adacadce129529bed44792e6a4de1dc158519 /test/integration
parent	fecd710de6c574ac8e2b0c45ad9e081badd59b61 (diff)
parent	325bccc1649c928d512ce7c7b11e14566a8c9eeb (diff)