more test for account router

core/router/account.coffee

@@ -1,7 +1,7 @@
 {_, async, express} = app.libs
 {requireAuthenticate} = app.middleware
-{Account, SecurityLog, CouponCode} = app.models
-{pluggable, config, utils, logger} = app
+{Account, SecurityLog} = app.models
+{config, utils, logger} = app
 
 module.exports = exports = express.Router()
 
@@ -20,8 +20,9 @@ exports.get '/session_info/', (req, res) ->
 
   if req.account
     _.extend response,
-      id: account.id
-      username: account.username
+      id: req.account.id
+      username: req.account.username
+      preferences: req.account.preferences
 
   res.json response
 
@@ -56,10 +57,10 @@ exports.post '/login', (req, res) ->
       logger.error err if err
 
       res.cookie 'token', token.token,
-        expires: new Date(Date.now() + config.account.cookie_time)
+        expires: new Date Date.now() + config.account.cookie_time
 
       res.cookie 'language', account.preferences.language,
-        expires: new Date(Date.now() + config.account.cookie_time)
+        expires: new Date Date.now() + config.account.cookie_time
 
       res.json
         id: account._id
@@ -90,7 +91,7 @@ exports.post '/update_password', requireAuthenticate, (req, res) ->
       res.json {}
 
 exports.post '/update_email', requireAuthenticate, (req, res) ->
-  unless account.matchPassword req.body.password
+  unless req.account.matchPassword req.body.password
     return res.error 'wrong_password'
 
   unless utils.rx.email.test req.body.email
@@ -110,6 +111,8 @@ exports.post '/update_email', requireAuthenticate, (req, res) ->
       res.json {}
 
 exports.post '/update_preferences', requireAuthenticate, (req, res) ->
+  req.body = _.omit req.body, 'csrf_token'
+
   for k, v of req.body
     if k in ['qq', 'language', 'timezone']
       req.account.preferences[k] = v

core/test/router/account.test.coffee

@@ -93,6 +93,15 @@ describe 'router/account', ->
       res.body.token.should.be.exist
       done err
 
+  it 'GET session_info when logged', (done) ->
+    agent.get '/account/session_info'
+    .expect 200
+    .end (err, res) ->
+      res.body.csrf_token.should.be.exist
+      res.body.username.should.be.equal username
+      res.body.preferences.should.be.a 'object'
+      done err
+
   it 'POST logout', (done) ->
     agent.post '/account/logout'
     .send
@@ -143,8 +152,38 @@ describe 'router/account', ->
     .expect 200
     .end done
 
-  it 'POST update_password'
+  it 'POST update_password', (done) ->
+    new_password = utils.randomString 20
 
-  it 'POST update_email'
+    agent.post '/account/update_password'
+    .send
+      csrf_token: csrf_token
+      original_password: password
+      password: new_password
+    .expect 200
+    .end (err) ->
+      password = new_password
+      done err
 
-  it 'POST update_preferences'
+  it 'POST update_email', (done) ->
+    email = "#{utils.randomString 20}@gmail.com"
+
+    agent.post '/account/update_email'
+    .send
+      csrf_token: csrf_token
+      password: password
+      email: email
+    .expect 200
+    .end done
+
+  it 'POST update_email with invalid password'
+
+  it 'POST update_preferences', (done) ->
+    agent.post '/account/update_preferences'
+    .send
+      csrf_token: csrf_token
+      language: 'en'
+    .expect 200
+    .end done
+
+  it 'POST update_preferences with invalid key'