diff --git a/src/routes/profile.js b/src/routes/profile.js index f5d812117..d7f8eafde 100644 --- a/src/routes/profile.js +++ b/src/routes/profile.js @@ -68,8 +68,8 @@ function changePassword(req, res, next) { assert.strictEqual(typeof req.body, 'object'); assert.strictEqual(typeof req.user, 'object'); - if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires the users old password.')); - if (typeof req.body.newPassword !== 'string') return next(new HttpError(400, 'API call requires the users new password.')); + if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be set to old password')); + if (typeof req.body.newPassword !== 'string') return next(new HttpError(400, 'newPassword must be a string')); if (req.user.tokenType !== tokendb.TYPE_USER) return next(new HttpError(403, 'Token type not allowed')); diff --git a/src/routes/test/profile-test.js b/src/routes/test/profile-test.js index d0e33252e..f52207b1c 100644 --- a/src/routes/test/profile-test.js +++ b/src/routes/test/profile-test.js @@ -153,7 +153,7 @@ describe('Profile API', function () { after(cleanup); it('change email fails due to missing token', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .send({ email: EMAIL_0_NEW }) .end(function (error, result) { expect(result.statusCode).to.equal(401); @@ -162,7 +162,7 @@ describe('Profile API', function () { }); it('change email fails due to invalid email', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .send({ email: 'foo@bar' }) .end(function (error, result) { @@ -172,7 +172,7 @@ describe('Profile API', function () { }); it('change user succeeds without email nor displayName', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .send({}) .end(function (error, result) { @@ -182,7 +182,7 @@ describe('Profile API', function () { }); it('change email succeeds', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .send({ email: EMAIL_0_NEW }) .end(function (error, result) { @@ -203,7 +203,7 @@ describe('Profile API', function () { }); it('change displayName succeeds', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .send({ displayName: DISPLAY_NAME_0_NEW }) .end(function (error, result) { @@ -229,7 +229,7 @@ describe('Profile API', function () { after(cleanup); it('fails due to missing current password', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ newPassword: 'some wrong password' }) .end(function (err, res) { @@ -239,7 +239,7 @@ describe('Profile API', function () { }); it('fails due to missing new password', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ password: PASSWORD }) .end(function (err, res) { @@ -249,7 +249,7 @@ describe('Profile API', function () { }); it('fails due to wrong password', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ password: 'some wrong password', newPassword: 'MOre#$%34' }) .end(function (err, res) { @@ -259,7 +259,7 @@ describe('Profile API', function () { }); it('fails due to invalid password', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ password: PASSWORD, newPassword: 'five' }) .end(function (err, res) { @@ -269,7 +269,7 @@ describe('Profile API', function () { }); it('succeeds', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ password: PASSWORD, newPassword: 'MOre#$%34' }) .end(function (err, res) { @@ -284,7 +284,7 @@ describe('Profile API', function () { after(cleanup); it('fails due to missing showTutorial', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile/tutorial') + superagent.post(SERVER_URL + '/api/v1/profile/tutorial') .query({ access_token: token_0 }) .send({}) .end(function (err, res) { @@ -294,7 +294,7 @@ describe('Profile API', function () { }); it('fails due to wrong showTutorial type', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile/tutorial') + superagent.post(SERVER_URL + '/api/v1/profile/tutorial') .query({ access_token: token_0 }) .send({ showTutorial: 'true' }) .end(function (err, res) { @@ -304,7 +304,7 @@ describe('Profile API', function () { }); it('succeeds', function (done) { - superagent.put(SERVER_URL + '/api/v1/profile/tutorial') + superagent.post(SERVER_URL + '/api/v1/profile/tutorial') .query({ access_token: token_0 }) .send({ showTutorial: false }) .end(function (err, res) { diff --git a/src/server.js b/src/server.js index a8d68f6ad..d4f08520d 100644 --- a/src/server.js +++ b/src/server.js @@ -102,9 +102,9 @@ function initializeExpressSync() { // profile api, working off the user behind the provided token router.get ('/api/v1/profile', profileScope, routes.profile.get); - router.put ('/api/v1/profile', profileScope, routes.profile.update); - router.put ('/api/v1/profile/password', profileScope, routes.user.verifyPassword, routes.profile.changePassword); - router.put ('/api/v1/profile/tutorial', profileScope, routes.profile.setShowTutorial); + router.post('/api/v1/profile', profileScope, routes.profile.update); + router.post('/api/v1/profile/password', profileScope, routes.user.verifyPassword, routes.profile.changePassword); + router.post('/api/v1/profile/tutorial', profileScope, routes.profile.setShowTutorial); // user routes router.get ('/api/v1/users', usersScope, routes.user.requireAdmin, routes.user.list); diff --git a/webadmin/src/js/client.js b/webadmin/src/js/client.js index d7972ae70..2ac4b76bc 100644 --- a/webadmin/src/js/client.js +++ b/webadmin/src/js/client.js @@ -676,7 +676,7 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification', newPassword: newPassword }; - $http.put(client.apiOrigin + '/api/v1/profile/password', data).success(function(data, status) { + $http.post(client.apiOrigin + '/api/v1/profile/password', data).success(function(data, status) { if (status !== 204) return callback(new ClientError(status, data)); callback(null, data); }).error(defaultErrorHandler(callback)); @@ -822,7 +822,7 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification', Client.prototype.setShowTutorial = function (show, callback) { var data = { showTutorial: show }; - $http.put(client.apiOrigin + '/api/v1/profile/tutorial', data).success(function (data, status) { + $http.post(client.apiOrigin + '/api/v1/profile/tutorial', data).success(function (data, status) { if (status !== 204) return callback(new ClientError(status, data)); callback(null); }).error(defaultErrorHandler(callback));