From 325bccc1649c928d512ce7c7b11e14566a8c9eeb Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Sun, 17 Sep 2017 09:54:55 +0200
Subject: fix: sanity checks on user params

fixes #8801

Includes a test reproducing 500 on lynx

We now make use of ActionController::Parameters require and permit
methods.
---
 test/integration/api/update_account_test.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'test/integration/api/update_account_test.rb')

diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb
index f083dbc..dd28b06 100644
--- a/test/integration/api/update_account_test.rb
+++ b/test/integration/api/update_account_test.rb
@@ -19,6 +19,14 @@ class UpdateAccountTest < SrpTest
     assert_login_required
   end
 
+  test "empty request" do
+    authenticate
+    update_user
+    refute last_response.successful?
+    assert_equal 400, last_response.status
+    assert_equal '', last_response.body
+  end
+
   test "update password via api" do
     authenticate
     update_user password: "No! Verify me instead."
-- 
cgit v1.2.3