diff options
author | jessib <jessib@leap.se> | 2013-01-29 12:09:38 -0800 |
---|---|---|
committer | jessib <jessib@leap.se> | 2013-01-29 12:09:38 -0800 |
commit | afd5697f17a90654b6c058611896e3542a601ef5 (patch) | |
tree | f4382bae154b2d7c1f9538473a71f235b5c69ef8 /users/test/integration | |
parent | 90b64fdffdc33f0204af6ac2e315bd4be6bc200a (diff) |
A user's public_key is the only attribute they should be able to update via API.
Diffstat (limited to 'users/test/integration')
-rw-r--r-- | users/test/integration/api/account_flow_test.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index b763be5..653f7d9 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -96,7 +96,15 @@ class AccountFlowTest < ActiveSupport::TestCase test_public_key = 'asdlfkjslfdkjasd' put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => test_public_key}, :format => :json @user.reload - assert_equal @user.public_key, test_public_key + assert_equal test_public_key, @user.public_key + end + + test "cannot update login via api" do + server_auth = @srp.authenticate(self) + original_login = @user.login + put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:login => 'failed_login_name'}, :format => :json + @user.reload + assert_equal original_login, @user.login end end |