From b60daa88d90d696e6cee2b1b9492c8ebaa097137 Mon Sep 17 00:00:00 2001
From: Thomas Kranitsas <thomas.kranitsas@topcoder.com>
Date: Sat, 25 Mar 2023 11:30:20 +0200
Subject: [PATCH 1/2] validation updates

---
 src/common/challenge-helper.js   | 5 +++++
 src/services/ChallengeService.js | 7 +++++++
 2 files changed, 12 insertions(+)

diff --git a/src/common/challenge-helper.js b/src/common/challenge-helper.js
index 3b1e87de..b472f06a 100644
--- a/src/common/challenge-helper.js
+++ b/src/common/challenge-helper.js
@@ -117,6 +117,11 @@ class ChallengeHelper {
       await ensureAcessibilityToModifiedGroups(currentUser, data, challenge);
     }
 
+    // Ensure descriptionFormat is either 'markdown' or 'html'
+    if (data.descriptionFormat && !_.includes(["markdown", "html"], data.descriptionFormat)) {
+      throw new errors.BadRequestError("The property 'descriptionFormat' must be either 'markdown' or 'html'");
+    }
+
     // Ensure unchangeable fields are not changed
     if (
       _.get(challenge, "legacy.track") &&
diff --git a/src/services/ChallengeService.js b/src/services/ChallengeService.js
index c581dcce..d161fdc7 100644
--- a/src/services/ChallengeService.js
+++ b/src/services/ChallengeService.js
@@ -1515,6 +1515,13 @@ async function updateChallenge(currentUser, challengeId, data) {
     _.set(data, "billing.markup", markup || 0);
   }
 
+  // Make sure the user cannot change the direct project ID
+  if (data.legacy && data.legacy.directProjectId) {
+    const { directProjectId } = await projectHelper.getProject(projectId, currentUser);
+
+    _.set(challenge, "legacy.directProjectId", directProjectId);
+  }
+
   /* BEGIN self-service stuffs */
 
   // TODO: At some point in the future this should be moved to a Self-Service Challenge Helper

From 28d164684d82fb8dfb5a94951f4a8d1c8caca3a9 Mon Sep 17 00:00:00 2001
From: Thomas Kranitsas <thomas.kranitsas@topcoder.com>
Date: Sat, 25 Mar 2023 11:37:06 +0200
Subject: [PATCH 2/2] unset legacy.directProjectId as we do not allowe this to
 change

---
 src/services/ChallengeService.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/services/ChallengeService.js b/src/services/ChallengeService.js
index d161fdc7..6d0f4bbb 100644
--- a/src/services/ChallengeService.js
+++ b/src/services/ChallengeService.js
@@ -1517,9 +1517,7 @@ async function updateChallenge(currentUser, challengeId, data) {
 
   // Make sure the user cannot change the direct project ID
   if (data.legacy && data.legacy.directProjectId) {
-    const { directProjectId } = await projectHelper.getProject(projectId, currentUser);
-
-    _.set(challenge, "legacy.directProjectId", directProjectId);
+    _.unset(data, "legacy.directProjectId", directProjectId);
   }
 
   /* BEGIN self-service stuffs */