From f743f4edf5f051c2ff48b42842d595c6488c831d Mon Sep 17 00:00:00 2001
From: Bouncey <staylor1012@gmail.com>
Date: Sun, 24 Feb 2019 10:12:51 +0000
Subject: [PATCH] fix: Convert ints to strings for validation

---
 api-server/server/boot/challenge.js            |  2 +-
 api-server/server/boot_tests/challenge.test.js | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/api-server/server/boot/challenge.js b/api-server/server/boot/challenge.js
index 4ef3a5db1f..52d395d150 100644
--- a/api-server/server/boot/challenge.js
+++ b/api-server/server/boot/challenge.js
@@ -199,7 +199,7 @@ export function isValidChallengeCompletion(req, res, next) {
     log('isObjectId', id, ObjectID.isValid(id));
     return res.sendStatus(403);
   }
-  if ('challengeType' in req.body && !isNumeric(challengeType)) {
+  if ('challengeType' in req.body && !isNumeric(String(challengeType))) {
     log('challengeType', challengeType, isNumeric(challengeType));
     return res.sendStatus(403);
   }
diff --git a/api-server/server/boot_tests/challenge.test.js b/api-server/server/boot_tests/challenge.test.js
index ca98f9017f..255a18fef3 100644
--- a/api-server/server/boot_tests/challenge.test.js
+++ b/api-server/server/boot_tests/challenge.test.js
@@ -310,6 +310,21 @@ describe('boot/challenge', () => {
 
       expect(next.called).toBe(true);
     });
+
+    it('can handle an "int" challengeType', () => {
+      const req = mockReq({
+        body: {
+          id: validObjectId,
+          challengeType: 1
+        }
+      });
+      const res = mockRes();
+      const next = sinon.spy();
+
+      isValidChallengeCompletion(req, res, next);
+
+      expect(next.called).toBe(true);
+    });
   });
 
   xdescribe('modernChallengeCompleted');