From 758b9a3c30a73fd985943fb7a887f0373be3a833 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 12:29:08 +0100
Subject: split up and expand account integration test

---
 users/test/integration/api/update_account_test.rb | 44 +++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 users/test/integration/api/update_account_test.rb

(limited to 'users/test/integration/api/update_account_test.rb')

diff --git a/users/test/integration/api/update_account_test.rb b/users/test/integration/api/update_account_test.rb
new file mode 100644
index 0000000..16c2357
--- /dev/null
+++ b/users/test/integration/api/update_account_test.rb
@@ -0,0 +1,44 @@
+require 'test_helper'
+require_relative 'srp_test'
+
+class UpdateAccountTest < SrpTest
+
+  setup do
+    register_user
+  end
+
+  test "require authentication" do
+    update_user password: "No! Verify me instead."
+    assert_access_denied
+  end
+
+  test "update password via api" do
+    authenticate
+    update_user password: "No! Verify me instead."
+    authenticate
+    assert last_response.successful?
+    assert_nil server_auth["errors"]
+    assert server_auth["M2"]
+  end
+
+  test "change login with password_verifier" do
+    authenticate
+    new_login = 'zaph'
+    cleanup_user new_login
+    update_user login: new_login, password: @password
+    authenticate
+    assert last_response.successful?
+    assert_equal new_login, @user.reload.login
+  end
+
+  test "prevent changing login without changing password_verifier" do
+    authenticate
+    original_login = @user.login
+    new_login = 'zaph'
+    cleanup_user new_login
+    update_user login: new_login
+    assert last_response.successful?
+    # does not change login if no password_verifier is present
+    assert_equal original_login, @user.reload.login
+  end
+end
-- 
cgit v1.2.3


From cbd757cf151cd61bfdd5637d09f43e4831fec3bb Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 16:15:46 +0100
Subject: require token when updating user via API

---
 users/test/integration/api/update_account_test.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'users/test/integration/api/update_account_test.rb')

diff --git a/users/test/integration/api/update_account_test.rb b/users/test/integration/api/update_account_test.rb
index 16c2357..63429e7 100644
--- a/users/test/integration/api/update_account_test.rb
+++ b/users/test/integration/api/update_account_test.rb
@@ -12,6 +12,13 @@ class UpdateAccountTest < SrpTest
     assert_access_denied
   end
 
+  test "require token" do
+    authenticate
+    put "http://api.lvh.me:3000/1/users/" + @user.id + '.json',
+      user_params(password: "No! Verify me instead.")
+    assert_access_denied
+  end
+
   test "update password via api" do
     authenticate
     update_user password: "No! Verify me instead."
-- 
cgit v1.2.3