Challenge Overview
INTRODUCTION
This is the next in a series of challenges to build a website used to display mortgage interest rates for customers in a very simple way. We've completed the design and prototyping stages and are moving on to development of supporting web services.
REQUIREMENTS
For this challenge you'll be performing fixes to the web services completed in a previous challenge. Required items are outlined below.
-- In GET /rates, if 'stateOrZip' is not passed a 500 error will be thrown with message: "Cannot read property 'match' of undefined"
-- When uploading an image, retain the file extension - it is currently being removed
-- In GET /users (search), passing a 'phone' parameter throws a 500 error with message: "Unknown column 'profile.phone' in 'on clause'"
-- Name and phone should be required in POST /users/:id/contact. An email can be sent without providing those values and the email body will be 'Dear undefined, one user contact to you. phone: undefined, email: customer1@example.com, question: This is my question.'
-- Secure GET /users to ensure only admins can access the list of all users
-- /users/:id should remain publicly available
-- Calling /uploadAvatar without a file throws a 500 error, return a 400 instead
-- When logging in with invalid credentials return a 401 instead of 409
-- Facebook authorization is not functional. After logging in the following is returned on redirect:
{"message":[{"message":"\"entity\" must be an object","path":"entity","type":"object.base","context":{"key":"entity"}}]}
Existing project source is located in the challenge forums.
-- Updated source code
This is the next in a series of challenges to build a website used to display mortgage interest rates for customers in a very simple way. We've completed the design and prototyping stages and are moving on to development of supporting web services.
REQUIREMENTS
For this challenge you'll be performing fixes to the web services completed in a previous challenge. Required items are outlined below.
-- In GET /rates, if 'stateOrZip' is not passed a 500 error will be thrown with message: "Cannot read property 'match' of undefined"
-- When uploading an image, retain the file extension - it is currently being removed
-- In GET /users (search), passing a 'phone' parameter throws a 500 error with message: "Unknown column 'profile.phone' in 'on clause'"
-- Name and phone should be required in POST /users/:id/contact. An email can be sent without providing those values and the email body will be 'Dear undefined, one user contact to you. phone: undefined, email: customer1@example.com, question: This is my question.'
-- Secure GET /users to ensure only admins can access the list of all users
-- /users/:id should remain publicly available
-- Calling /uploadAvatar without a file throws a 500 error, return a 400 instead
-- When logging in with invalid credentials return a 401 instead of 409
-- Facebook authorization is not functional. After logging in the following is returned on redirect:
{"message":[{"message":"\"entity\" must be an object","path":"entity","type":"object.base","context":{"key":"entity"}}]}
Existing project source is located in the challenge forums.
Final Submission Guidelines
-- Updates to Postman collection/README as necessary-- Updated source code