From cbd757cf151cd61bfdd5637d09f43e4831fec3bb Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 16:15:46 +0100
Subject: require token when updating user via API

---
 users/test/integration/api/update_account_test.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'users/test/integration/api/update_account_test.rb')

diff --git a/users/test/integration/api/update_account_test.rb b/users/test/integration/api/update_account_test.rb
index 16c2357..63429e7 100644
--- a/users/test/integration/api/update_account_test.rb
+++ b/users/test/integration/api/update_account_test.rb
@@ -12,6 +12,13 @@ class UpdateAccountTest < SrpTest
     assert_access_denied
   end
 
+  test "require token" do
+    authenticate
+    put "http://api.lvh.me:3000/1/users/" + @user.id + '.json',
+      user_params(password: "No! Verify me instead.")
+    assert_access_denied
+  end
+
   test "update password via api" do
     authenticate
     update_user password: "No! Verify me instead."
-- 
cgit v1.2.3