Only require user sessions on /db requests that are not GET
This commit is contained in:
Scott Erickson
parent
972c632d85
commit
ca83ed05e4
2 changed files with 5 additions and 2 deletions
|
|
@ -14,7 +14,10 @@ module.exports.setup = (app) ->
|
||||||
app.get('/auth/unsubscribe', mw.auth.unsubscribe)
|
app.get('/auth/unsubscribe', mw.auth.unsubscribe)
|
||||||
app.get('/auth/whoami', mw.auth.whoAmI)
|
app.get('/auth/whoami', mw.auth.whoAmI)
|
||||||
|
|
||||||
app.all('/db/*', mw.auth.checkHasUser())
|
app.delete('/db/*', mw.auth.checkHasUser())
|
||||||
|
app.patch('/db/*', mw.auth.checkHasUser())
|
||||||
|
app.post('/db/*', mw.auth.checkHasUser())
|
||||||
|
app.put('/db/*', mw.auth.checkHasUser())
|
||||||
|
|
||||||
Achievement = require '../models/Achievement'
|
Achievement = require '../models/Achievement'
|
||||||
app.get('/db/achievement', mw.achievements.fetchByRelated, mw.rest.get(Achievement))
|
app.get('/db/achievement', mw.achievements.fetchByRelated, mw.rest.get(Achievement))
|
||||||
|
|
|
||||||
|
|
@ -544,7 +544,7 @@ describe '/db/prepaid', ->
|
||||||
logoutUser () ->
|
logoutUser () ->
|
||||||
fetchPrepaid joeCode, (err, res) ->
|
fetchPrepaid joeCode, (err, res) ->
|
||||||
expect(err).toBeNull()
|
expect(err).toBeNull()
|
||||||
expect(res.statusCode).toEqual(401)
|
expect(res.statusCode).toEqual(403)
|
||||||
done()
|
done()
|
||||||
|
|
||||||
it 'User can fetch a prepaid code', (done) ->
|
it 'User can fetch a prepaid code', (done) ->
|
||||||
|
|
|
||||||
Reference in a new issue