From fd7c5451b2458fba85fa021da7094109ef6a42a7 Mon Sep 17 00:00:00 2001
From: Jocelyn Delalande <jocelyn@crapouillou.net>
Date: Fri, 22 Dec 2017 01:07:59 +0100
Subject: [PATCH] Add a test to check password change via API

---
 ihatemoney/tests/tests.py | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py
index f256ee96..6708ca8f 100644
--- a/ihatemoney/tests/tests.py
+++ b/ihatemoney/tests/tests.py
@@ -1100,14 +1100,26 @@ class APITestCase(IhatemoneyTestCase):
             "balance": {},
         }
         decoded_resp = json.loads(resp.data.decode('utf-8'))
-        self.assertTrue(check_password_hash(decoded_resp.pop('password'), 'raclette'))
         self.assertDictEqual(decoded_resp, expected)
 
+        # password change is possible via API
+        resp = self.client.put("/api/projects/raclette", data={
+            "contact_email": "yeah@notmyidea.org",
+            "password": "tartiflette",
+            "name": "The raclette party",
+        }, headers=self.get_auth("raclette"))
+
+        self.assertEqual(200, resp.status_code)
+
+        resp = self.client.get("/api/projects/raclette",
+                               headers=self.get_auth(
+                                   "raclette", "tartiflette"))
+        self.assertEqual(200, resp.status_code)
+
         # delete should work
         resp = self.client.delete("/api/projects/raclette",
-                                  headers=self.get_auth("raclette"))
-
-        self.assertEqual(200, resp.status_code)
+                                  headers=self.get_auth(
+                                      "raclette", "tartiflette"))
 
         # get should return a 401 on an unknown resource
         resp = self.client.get("/api/projects/raclette",