summaryrefslogtreecommitdiff
path: root/test/integration
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2017-09-17 09:54:55 +0200
committerAzul <azul@riseup.net>2017-10-24 13:33:03 +0200
commit325bccc1649c928d512ce7c7b11e14566a8c9eeb (patch)
tree4a9adacadce129529bed44792e6a4de1dc158519 /test/integration
parentfecd710de6c574ac8e2b0c45ad9e081badd59b61 (diff)
fix: sanity checks on user params
fixes #8801 Includes a test reproducing 500 on lynx We now make use of ActionController::Parameters require and permit methods.
Diffstat (limited to 'test/integration')
-rw-r--r--test/integration/api/srp_test.rb2
-rw-r--r--test/integration/api/update_account_test.rb8
2 files changed, 9 insertions, 1 deletions
diff --git a/test/integration/api/srp_test.rb b/test/integration/api/srp_test.rb
index b9605f9..ef5d9b8 100644
--- a/test/integration/api/srp_test.rb
+++ b/test/integration/api/srp_test.rb
@@ -46,7 +46,7 @@ class SrpTest < RackTest
@password = password
end
- def update_user(params)
+ def update_user(params = {})
put api_url("users/#{@user.id}.json"),
user_params(params),
auth_headers
diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb
index f083dbc..dd28b06 100644
--- a/test/integration/api/update_account_test.rb
+++ b/test/integration/api/update_account_test.rb
@@ -19,6 +19,14 @@ class UpdateAccountTest < SrpTest
assert_login_required
end
+ test "empty request" do
+ authenticate
+ update_user
+ refute last_response.successful?
+ assert_equal 400, last_response.status
+ assert_equal '', last_response.body
+ end
+
test "update password via api" do
authenticate
update_user password: "No! Verify me instead."