fix travis (#1071)

* fix topic spec

* fix synapse/mapping spec

* brakeman csrf warning suppressed :|

app/services/follow_service.rb

@@ -1,35 +1,35 @@
 # frozen_string_literal: true
 class FollowService
-  
+  class << self 
+    def follow(entity, user, reason)
 
-  def self.follow(entity, user, reason)
+      return unless is_tester(user)
 
-    return unless is_tester(user)
-
-    follow = Follow.where(followed: entity, user: user).first_or_create
-    if FollowReason::REASONS.include?(reason) && !follow.follow_reason.read_attribute(reason)
-      follow.follow_reason.update_attribute(reason, true)
-    end
-  end
-  
-  def self.unfollow(entity, user)
-    Follow.where(followed: entity, user: user).destroy_all
-  end
-  
-  def self.remove_reason(entity, user, reason)
-    return unless FollowReason::REASONS.include?(reason)
-    follow = Follow.where(followed: entity, user: user).first
-    if follow
-      follow.follow_reason.update_attribute(reason, false)
-      if !follow.follow_reason.has_reason
-        follow.destroy
+      follow = Follow.where(followed: entity, user: user).first_or_create
+      if FollowReason::REASONS.include?(reason) && !follow.follow_reason.read_attribute(reason)
+        follow.follow_reason.update_attribute(reason, true)
       end
     end
-  end
-  
-  protected
-  
-  def is_tester(user)
-    %w(connorturland@gmail.com devin@callysto.com chessscholar@gmail.com solaureum@gmail.com ishanshapiro@gmail.com).include?(user.email)
+    
+    def unfollow(entity, user)
+      Follow.where(followed: entity, user: user).destroy_all
+    end
+    
+    def remove_reason(entity, user, reason)
+      return unless FollowReason::REASONS.include?(reason)
+      follow = Follow.where(followed: entity, user: user).first
+      if follow
+        follow.follow_reason.update_attribute(reason, false)
+        if !follow.follow_reason.has_reason
+          follow.destroy
+        end
+      end
+    end
+    
+    protected
+    
+    def is_tester(user)
+      %w(connorturland@gmail.com devin@callysto.com chessscholar@gmail.com solaureum@gmail.com ishanshapiro@gmail.com).include?(user.email)
+    end
   end
 end

config/brakeman.ignore

@@ -1,24 +1,24 @@
 {
   "ignored_warnings": [
     {
-      "warning_type": "Cross Site Scripting",
-      "warning_code": 2,
-      "fingerprint": "88694dca0bcc2226859746f9ed40cc682d6e5eaec1e73f2be557770a854ede0b",
-      "message": "Unescaped model attribute",
-      "file": "app/views/notifications/show.html.erb",
-      "line": 7,
-      "link": "http://brakemanscanner.org/docs/warning_types/cross_site_scripting",
-      "code": "current_user.mailbox.notifications.find_by(:id => params[:id]).body",
-      "render_path": [{"type":"controller","class":"NotificationsController","method":"show","line":24,"file":"app/controllers/notifications_controller.rb"}],
+      "warning_type": "Cross-Site Request Forgery",
+      "warning_code": 7,
+      "fingerprint": "59d73ce0b791aa7ed532510c780235a8b23f7cd1246dbf9da258e36f5d1e2b0a",
+      "message": "'protect_from_forgery' should be called in Api::V2::RestfulController",
+      "file": "app/controllers/api/v2/restful_controller.rb",
+      "line": 4,
+      "link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
+      "code": null,
+      "render_path": null,
       "location": {
-        "type": "template",
-        "template": "notifications/show"
+        "type": "controller",
+        "controller": "Api::V2::RestfulController"
       },
-      "user_input": "current_user.mailbox.notifications",
-      "confidence": "Weak",
-      "note": ""
+      "user_input": null,
+      "confidence": "High",
+      "note": "Cookie-based auth is disabled for the API except for the tokens endpoint. We're hoping this is sufficiently secure, because CSRF-forged links might get clicked on another site, but the generated tokens won't go back to the attacker. Also, an attacker would need a token to delete it, which means they've got access at that point anyways. - Devin, Feb 2017"
     }
   ],
-  "updated": "2016-11-29 13:01:34 -0500",
-  "brakeman_version": "3.4.0"
+  "updated": "2017-02-11 20:00:09 -0800",
+  "brakeman_version": "3.4.1"
 }

db/schema.rb

@@ -84,8 +84,8 @@ ActiveRecord::Schema.define(version: 20170209215911) do
     t.integer  "user_id"
     t.string   "followed_type"
     t.integer  "followed_id"
-    t.datetime "created_at",                   null: false
-    t.datetime "updated_at",                   null: false
+    t.datetime "created_at",    null: false
+    t.datetime "updated_at",    null: false
     t.index ["followed_type", "followed_id"], name: "index_follows_on_followed_type_and_followed_id", using: :btree
     t.index ["user_id"], name: "index_follows_on_user_id", using: :btree
   end

spec/controllers/synapses_controller_spec.rb

@@ -2,11 +2,12 @@
 require 'rails_helper'
 
 RSpec.describe SynapsesController, type: :controller do
-  let(:synapse) { create(:synapse) }
+  let(:user) { create(:user) }
+  let(:synapse) { create(:synapse, user: user, updated_by: user) }
   let(:valid_attributes) { synapse.attributes.except('id') }
   let(:invalid_attributes) { { permission: :invalid_lol } }
   before :each do
-    sign_in create(:user)
+    sign_in(user)
   end
 
   describe 'POST #create' do

spec/controllers/topics_controller_spec.rb

@@ -3,12 +3,11 @@ require 'rails_helper'
 
 RSpec.describe TopicsController, type: :controller do
   let(:user) { create(:user) }
-  let(:topic) { create(:topic, user: user) }
+  let(:topic) { create(:topic, user: user, updated_by: user) }
   let(:valid_attributes) { topic.attributes.except('id') }
   let(:invalid_attributes) { { permission: :invalid_lol } }
   before :each do
-    sign_in :user
-    
+    sign_in(user)
   end
 
   describe 'POST #create' do