Only allow users matching the team invite to accept, if the invite was specified for a user (rather than an email)

2014-09-12 14:29:01 -04:00 · 2014-09-12 14:29:01 -04:00 · 10faa7de84
commit 10faa7de84
parent c5ca46a14b
7 changed files with 24 additions and 21 deletions
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@ -3518,25 +3518,25 @@ class TestTeamMemberInvite(ApiTestCase):
    self._run_test('PUT', 401, None, None)

  def test_put_freshuser(self):
-    self._run_test('PUT', 404, 'freshuser', None)
+    self._run_test('PUT', 400, 'freshuser', None)

  def test_put_reader(self):
-    self._run_test('PUT', 404, 'reader', None)
+    self._run_test('PUT', 400, 'reader', None)

  def test_put_devtable(self):
-    self._run_test('PUT', 404, 'devtable', None)
+    self._run_test('PUT', 400, 'devtable', None)

  def test_delete_anonymous(self):
    self._run_test('DELETE', 401, None, None)

  def test_delete_freshuser(self):
-    self._run_test('DELETE', 404, 'freshuser', None)
+    self._run_test('DELETE', 400, 'freshuser', None)

  def test_delete_reader(self):
-    self._run_test('DELETE', 404, 'reader', None)
+    self._run_test('DELETE', 400, 'reader', None)

  def test_delete_devtable(self):
-    self._run_test('DELETE', 404, 'devtable', None)
+    self._run_test('DELETE', 400, 'devtable', None)


 class TestSuperUserList(ApiTestCase):
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -891,7 +891,7 @@ class TestAcceptTeamMemberInvite(ApiTestCase):
    # Verify the accept now fails.
    self.putResponse(TeamMemberInvite,
                     params=dict(code=invites[0].invite_token),
-                     expected_code=404)
+                     expected_code=400)



@ -914,7 +914,7 @@ class TestDeclineTeamMemberInvite(ApiTestCase):

    self.deleteResponse(TeamMemberInvite,
                        params=dict(code=invites[0].invite_token),
-                        expected_code=404)
+                        expected_code=400)


  def test_decline(self):
@ -942,7 +942,7 @@ class TestDeclineTeamMemberInvite(ApiTestCase):
    # Make sure the invite was deleted.
    self.deleteResponse(TeamMemberInvite,
                        params=dict(code=invites[0].invite_token),
-                        expected_code=404)
+                        expected_code=400)


 class TestDeleteOrganizationTeamMember(ApiTestCase):