Skip to content

Commit b335ed9

Browse files
prakashchoudhary07prakashchoudhary07
authored
hot-fix(progress-api): temporarily disable POST route due to security issue (#2516)
* fix(progress-api): temporarily disable POST route due to security issue * test(progress-api): skip tests for Progress Updates API due to ongoing issues
1 parent f2d3bc7 commit b335ed9

File tree

3 files changed

+9
-4
lines changed

3 files changed

+9
-4
lines changed

routes/progresses.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,10 @@ import {
1212
getProgressRangeData,
1313
getProgressBydDateController,
1414
} from "../controllers/progresses";
15+
import { disableRoute } from "../middlewares/shortCircuit";
1516
const router = express.Router();
16-
router.post("/", authenticate, validateCreateProgressRecords, createProgress);
17+
// DISABLE ROUTE FOR NOW as there is a security issue to be resolved
18+
router.post("/", authenticate, disableRoute, validateCreateProgressRecords, createProgress);
1719
router.get("/", validateGetProgressRecordsQuery, getProgress);
1820
router.get("/:type/:typeId/date/:date", validateGetDayProgressParams, getProgressBydDateController);
1921
router.get("/range", validateGetRangeProgressRecordsParams, getProgressRangeData);

test/integration/progressesTasks.test.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,8 @@ describe("Test Progress Updates API for Tasks", function () {
2525
await cleanDb();
2626
});
2727

28-
describe("Verify POST Request Functionality", function () {
28+
// eslint-disable-next-line mocha/no-skipped-tests
29+
describe.skip("Verify POST Request Functionality", function () {
2930
let clock;
3031
let userId;
3132
let userToken;

test/integration/progressesUsers.test.js

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,14 @@ const { INTERNAL_SERVER_ERROR_MESSAGE } = require("../../constants/progresses");
1818
const cookieName = config.get("userToken.cookieName");
1919
const { expect } = chai;
2020

21-
describe("Test Progress Updates API for Users", function () {
21+
// eslint-disable-next-line mocha/no-skipped-tests
22+
describe.skip("Test Progress Updates API for Users", function () {
2223
afterEach(async function () {
2324
await cleanDb();
2425
});
2526

26-
describe("Verify the POST progress records", function () {
27+
// eslint-disable-next-line mocha/no-skipped-tests
28+
describe.skip("Verify the POST progress records", function () {
2729
let clock;
2830
let userId;
2931
let userToken;

0 commit comments

Comments
 (0)