From 8aacb37e2c52d2c122d3abcb24f333abbecfb332 Mon Sep 17 00:00:00 2001 From: Tyler Renelle Date: Wed, 25 Dec 2013 10:36:18 -0700 Subject: [PATCH] API: safe-guarding against POSTing to create 3rd-party tasks with no {type} value --- src/controllers/user.js | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/src/controllers/user.js b/src/controllers/user.js index bb519cb5e0..87ab618ff2 100644 --- a/src/controllers/user.js +++ b/src/controllers/user.js @@ -66,20 +66,16 @@ api.score = function(req, res, next) { } } else { // If it doesn't exist, this is likely a 3rd party up/down - create a new one, then score it + // Defaults. Other defaults are handled in user.ops.addTask() task = { id: id, - value: 0, - type: req.body.type || 'habit', - text: req.body.title || id, - notes: "This task was created by a third-party service. Feel free to edit, it won't harm the connection to that service. Additionally, multiple services may piggy-back off this task." + type: req.body && req.body.type, + text: req.body && req.body.text, + notes: (req.body.notes && req.body.notes) || "This task was created by a third-party service. Feel free to edit, it won't harm the connection to that service. Additionally, multiple services may piggy-back off this task." }; - if (task.type === 'habit') { - task.up = task.down = true; - } - if (task.type === 'daily' || task.type === 'todo') { - task.completed = direction === 'up'; - } task = user.ops.addTask({body:task}); + if (task.type === 'daily' || task.type === 'todo') + task.completed = direction === 'up'; } var delta = user.ops.score({params:{id:task.id, direction:direction}});