Merge branch 'master' into develop

2 years ago · 892ac2eb20
parent 97d8b53fd3 2f9d8c350e
commit 892ac2eb20
3 changed files with 8 additions and 5 deletions
--- a/test/api.js
+++ b/test/api.js
@ -485,7 +485,7 @@ describe('API', async () => {
 					const affectedPaths = ['GET /api/user/{userslug}/edit/email'];
 					if (affectedPaths.includes(`${method.toUpperCase()} ${path}`)) {
 						await request({
-							uri: `${nconf.get('url')}/register/abort`,
+							uri: `${nconf.get('url')}/register/abort?_csrf=${csrfToken}`,
 							method: 'POST',
 							jar,
 							simple: false,
--- a/test/controllers.js
+++ b/test/controllers.js
@ -1237,8 +1237,10 @@ describe('Controllers', () => {

 	describe('account pages', () => {
 		let jar;
+		let csrf_token;
+
 		before(async () => {
-			({ jar } = await helpers.loginUser('foo', 'barbar'));
+			({ jar, csrf_token } = await helpers.loginUser('foo', 'barbar'));
 		});

 		it('should redirect to account page with logged in user', (done) => {
@ -1802,7 +1804,7 @@ describe('Controllers', () => {
 			assert.strictEqual(res.body, '/register/complete');

 			await requestAsync({
-				uri: `${nconf.get('url')}/register/abort`,
+				uri: `${nconf.get('url')}/register/abort?_csrf=${csrf_token}`,
 				method: 'post',
 				jar,
 				simple: false,
--- a/test/user.js
+++ b/test/user.js
@ -814,6 +814,7 @@ describe('User', () => {
 	describe('profile methods', () => {
 		let uid;
 		let jar;
+		let csrf_token;

 		before(async () => {
 			const newUid = await User.create({ username: 'updateprofile', email: 'update@me.com', password: '123456' });
@ -822,7 +823,7 @@ describe('User', () => {
 			await User.setUserField(uid, 'email', 'update@me.com');
 			await User.email.confirmByUid(uid);

-			({ jar } = await helpers.loginUser('updateprofile', '123456'));
+			({ jar, csrf_token } = await helpers.loginUser('updateprofile', '123456'));
 		});

 		it('should return error if not logged in', async () => {
@ -1287,7 +1288,7 @@ describe('User', () => {

 			// Accessing this page will mark the user's account as needing an updated email, below code undo's.
 			await requestAsync({
-				uri: `${nconf.get('url')}/register/abort`,
+				uri: `${nconf.get('url')}/register/abort?_csrf=${csrf_token}`,
 				jar,
 				method: 'POST',
 				simple: false,