Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-12-22 16:30:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: pass csrf_token into calls to /register/abort, #11017

Browse Source
This commit is contained in:
Julian Lam
2022-11-09 13:20:28 -05:00
parent 55a197a7d7
commit 2f9d8c350e
3 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
test/user.js
View File

@@ -814,6 +814,7 @@ describe('User', () => {
describe('profile methods', () => {
let uid;
let jar;
let csrf_token;
before(async () => {
const newUid = await User.create({ username: 'updateprofile', email: 'update@me.com', password: '123456' });
@@ -822,7 +823,7 @@ describe('User', () => {
await User.setUserField(uid, 'email', 'update@me.com');
await User.email.confirmByUid(uid);
({ jar } = await helpers.loginUser('updateprofile', '123456'));
({ jar, csrf_token } = await helpers.loginUser('updateprofile', '123456'));
});
it('should return error if not logged in', async () => {
@@ -1287,7 +1288,7 @@ describe('User', () => {
// Accessing this page will mark the user's account as needing an updated email, below code undo's.
await requestAsync({
uri: `${nconf.get('url')}/register/abort`,
uri: `${nconf.get('url')}/register/abort?_csrf=${csrf_token}`,
jar,
method: 'POST',
simple: false,