Fixed a couple server tests.

test/server/functional/achievement.spec.coffee

@@ -50,15 +50,6 @@ describe 'Achievement', ->
         expect(res.statusCode).toBe(403)
         done()
 
-  it 'can\'t be updated by ordinary users', (done) ->
-    loginJoe ->
-      request.put {uri: url, json: unlockable}, (err, res, body) ->
-        expect(res.statusCode).toBe(403)
-
-        request {method: 'patch', uri: url, json: unlockable}, (err, res, body) ->
-          expect(res.statusCode).toBe(403)
-          done()
-
   it 'can be created by admins', (done) ->
     loginAdmin ->
       request.post {uri: url, json: unlockable}, (err, res, body) ->
@@ -77,6 +68,17 @@ describe 'Achievement', ->
               expect(docs.length).toBe 3
             done()
 
+  it 'can\'t be updated by ordinary users', (done) ->
+    loginJoe ->
+      unlockable3 = _.clone(unlockable)
+      unlockable3.description = 'alsdfkhasdkfhajksdhfjkasdhfj'
+      request.put {uri: url, json: unlockable3}, (err, res, body) ->
+        expect(res.statusCode).toBe(403)
+
+        request {method: 'patch', uri: url, json: unlockable}, (err, res, body) ->
+          expect(res.statusCode).toBe(403)
+          done()
+
   it 'can get all for ordinary users', (done) ->
     loginJoe ->
       request.get {uri: url, json: unlockable}, (err, res, body) ->

test/server/functional/user.spec.coffee

@@ -69,7 +69,7 @@ describe 'POST /db/user', ->
       expect(user.get('password')).toBeUndefined()
       expect(user?.get('passwordHash')).not.toBeUndefined()
       if user?.get('passwordHash')?
-        expect(user.get('passwordHash')[..5]).toBe('31dc3d')
+        expect(user.get('passwordHash')[..5]).toBe('948c7e')
         expect(user.get('permissions').length).toBe(0)
       done()