From a890d1e0d30851741392e6e7f14acffe685d28e0 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 26 Sep 2018 16:28:15 +0200
Subject: Check current password on server side

---
 server/tests/api/check-params/users.ts | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

(limited to 'server/tests/api/check-params/users.ts')

diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index 95903c8a5..cbfa0c137 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -254,6 +254,7 @@ describe('Test users API validators', function () {
 
     it('Should fail with a too small password', async function () {
       const fields = {
+        currentPassword: 'my super password',
         password: 'bla'
       }
 
@@ -262,12 +263,31 @@ describe('Test users API validators', function () {
 
     it('Should fail with a too long password', async function () {
       const fields = {
+        currentPassword: 'my super password',
         password: 'super'.repeat(61)
       }
 
       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
     })
 
+    it('Should fail without the current password', async function () {
+      const fields = {
+        currentPassword: 'my super password',
+        password: 'super'.repeat(61)
+      }
+
+      await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
+    })
+
+    it('Should fail with an invalid current password', async function () {
+      const fields = {
+        currentPassword: 'my super password fail',
+        password: 'super'.repeat(61)
+      }
+
+      await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 401 })
+    })
+
     it('Should fail with an invalid NSFW policy attribute', async function () {
       const fields = {
         nsfwPolicy: 'hello'
@@ -286,6 +306,7 @@ describe('Test users API validators', function () {
 
     it('Should fail with an non authenticated user', async function () {
       const fields = {
+        currentPassword: 'my super password',
         password: 'my super password'
       }
 
@@ -300,8 +321,9 @@ describe('Test users API validators', function () {
       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
     })
 
-    it('Should succeed with the correct params', async function () {
+    it('Should succeed to change password with the correct params', async function () {
       const fields = {
+        currentPassword: 'my super password',
         password: 'my super password',
         nsfwPolicy: 'blur',
         autoPlayVideo: false,
@@ -310,6 +332,16 @@ describe('Test users API validators', function () {
 
       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
     })
+
+    it('Should succeed without password change with the correct params', async function () {
+      const fields = {
+        nsfwPolicy: 'blur',
+        autoPlayVideo: false,
+        email: 'super_email@example.com'
+      }
+
+      await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
+    })
   })
 
   describe('When updating my avatar', function () {
-- 
cgit v1.2.3