From 76e7391a38d3c17a4854a6b733c3d1d973f3395b Mon Sep 17 00:00:00 2001
From: eisbilir <emre.isbilir@gmail.com>
Date: Fri, 22 Sep 2023 23:14:00 +0300
Subject: [PATCH] fix: sanitized data

---
 src/services/ChallengeService.js | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/services/ChallengeService.js b/src/services/ChallengeService.js
index de63f24e..15813516 100644
--- a/src/services/ChallengeService.js
+++ b/src/services/ChallengeService.js
@@ -1165,9 +1165,11 @@ createChallenge.schema = {
       tags: Joi.array().items(Joi.string()), // tag names
       projectId: Joi.number().integer().positive(),
       legacyId: Joi.number().integer().positive(),
-      constraints: Joi.object().keys({
-        allowedRegistrants: Joi.array().items(Joi.string()).optional()
-      }).optional(),
+      constraints: Joi.object()
+        .keys({
+          allowedRegistrants: Joi.array().items(Joi.string()).optional(),
+        })
+        .optional(),
       startDate: Joi.date().iso(),
       status: Joi.string().valid([
         constants.challengeStatuses.Active,
@@ -1994,9 +1996,11 @@ updateChallenge.schema = {
       tags: Joi.array().items(Joi.string().required()).min(1), // tag names
       projectId: Joi.number().integer().positive(),
       legacyId: Joi.number().integer().positive(),
-      constraints: Joi.object().keys({
-        allowedRegistrants: Joi.array().items(Joi.string()).optional()
-      }).optional(),
+      constraints: Joi.object()
+        .keys({
+          allowedRegistrants: Joi.array().items(Joi.string()).optional(),
+        })
+        .optional(),
       status: Joi.string().valid(_.values(constants.challengeStatuses)),
       attachments: Joi.array().items(
         Joi.object().keys({
@@ -2084,6 +2088,7 @@ function sanitizeChallenge(challenge) {
     "task",
     "groups",
     "cancelReason",
+    "constraints",
   ]);
   if (!_.isUndefined(sanitized.name)) {
     sanitized.name = xss(sanitized.name);