make sure you can't edit password

2026-02-02 08:25:15 -05:00 · 2017-11-10 15:24:37 +00:00
parent 6332058781
commit 834eecd0f1
1 changed files with 10 additions and 0 deletions
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -564,3 +564,13 @@ def test_cannot_update_user_with_mobile_number_as_empty_string(admin_request, sa
        _expected_status=400
    )
    assert resp['message']['mobile_number'] == ['Invalid phone number: Not enough digits']
+
+
+def test_cannot_update_user_password_using_attributes_method(admin_request, sample_user):
+    resp = admin_request.post(
+        'user.update_user_attribute',
+        user_id=sample_user.id,
+        _data={'password': 'foo'},
+        _expected_status=400
+    )
+    assert resp['message']['_schema'] == ['Unknown field name password']