sdob
commented
9 years ago Oops --- the PR should have gone to the authentication branch.
Closed sdob closed 9 years ago
sdob
commented
9 years ago Oops --- the PR should have gone to the authentication branch.
Non-read-only HTTP methods on the divesite database now require authentication. Caveat: currently you can do anything to anything as long as you're authenticated; there doesn't exist any notion of 'ownership' in the db schema, so I can maliciously clobber other users' data as long as I'm authenticated.
I've added what it pleases me to call unit tests (requiring Mocha) under the 'test/" directory. Your terminology may differ since the tests are actually hitting a database, but feh.