From de99c42c3af28544e116fdda632ca254873a7bae Mon Sep 17 00:00:00 2001 From: Vincent Hardouin Date: Tue, 8 Oct 2024 13:26:58 +0200 Subject: [PATCH] feat: protect pass creation --- src/infrastructure/PassInterface.js | 3 ++- tests/acceptance/passes_tests.js | 9 +++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/infrastructure/PassInterface.js b/src/infrastructure/PassInterface.js index bcc83a3..7765eb3 100644 --- a/src/infrastructure/PassInterface.js +++ b/src/infrastructure/PassInterface.js @@ -65,9 +65,10 @@ export class PassInterface { }, }, { - method: 'GET', + method: 'POST', path: '/pass', options: { + pre: [{ method: (request, h) => { return this.authService.validateFromPass(request, h); } }], handler: async (request, h) => { return this.passController.create(request, h); }, diff --git a/tests/acceptance/passes_tests.js b/tests/acceptance/passes_tests.js index 039ddd3..6b16194 100644 --- a/tests/acceptance/passes_tests.js +++ b/tests/acceptance/passes_tests.js @@ -229,11 +229,13 @@ describe('Acceptance | Endpoints | Passes', function () { }); it('should return pass', async function () { + const token = await generateAuthorizationToken(); await knex('reservations').insert({ code: '12345', start_at: new Date('2024-01-10'), court: '10', activity: 'Badminton', status: 'reserved', updated_at: new Date('2024-01-02') }); const response = await server.inject({ - method: 'GET', + method: 'POST', url: '/pass', + headers: { authorization: token }, }); expect(response.statusCode).to.equal(201); @@ -243,9 +245,12 @@ describe('Acceptance | Endpoints | Passes', function () { context('when next event does not exist', function () { it('should return 503', async function () { + const token = await generateAuthorizationToken(); + const response = await server.inject({ - method: 'GET', + method: 'POST', url: '/pass', + headers: { authorization: token }, }); expect(response.statusCode).to.equal(503);