From 95901e17e8c7a7146fd1fc840c7f40345c4e67f4 Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Sun, 12 Feb 2017 09:53:04 -0800 Subject: [PATCH] fix travis (#1071) * fix topic spec * fix synapse/mapping spec * brakeman csrf warning suppressed :| --- app/services/follow_service.rb | 54 ++++++++++---------- config/brakeman.ignore | 32 ++++++------ db/schema.rb | 4 +- spec/controllers/synapses_controller_spec.rb | 5 +- spec/controllers/topics_controller_spec.rb | 5 +- 5 files changed, 50 insertions(+), 50 deletions(-) diff --git a/app/services/follow_service.rb b/app/services/follow_service.rb index 22a1786d..9c0693de 100644 --- a/app/services/follow_service.rb +++ b/app/services/follow_service.rb @@ -1,35 +1,35 @@ # frozen_string_literal: true class FollowService - + class << self + def follow(entity, user, reason) - def self.follow(entity, user, reason) + return unless is_tester(user) - return unless is_tester(user) - - follow = Follow.where(followed: entity, user: user).first_or_create - if FollowReason::REASONS.include?(reason) && !follow.follow_reason.read_attribute(reason) - follow.follow_reason.update_attribute(reason, true) - end - end - - def self.unfollow(entity, user) - Follow.where(followed: entity, user: user).destroy_all - end - - def self.remove_reason(entity, user, reason) - return unless FollowReason::REASONS.include?(reason) - follow = Follow.where(followed: entity, user: user).first - if follow - follow.follow_reason.update_attribute(reason, false) - if !follow.follow_reason.has_reason - follow.destroy + follow = Follow.where(followed: entity, user: user).first_or_create + if FollowReason::REASONS.include?(reason) && !follow.follow_reason.read_attribute(reason) + follow.follow_reason.update_attribute(reason, true) end end - end - - protected - - def is_tester(user) - %w(connorturland@gmail.com devin@callysto.com chessscholar@gmail.com solaureum@gmail.com ishanshapiro@gmail.com).include?(user.email) + + def unfollow(entity, user) + Follow.where(followed: entity, user: user).destroy_all + end + + def remove_reason(entity, user, reason) + return unless FollowReason::REASONS.include?(reason) + follow = Follow.where(followed: entity, user: user).first + if follow + follow.follow_reason.update_attribute(reason, false) + if !follow.follow_reason.has_reason + follow.destroy + end + end + end + + protected + + def is_tester(user) + %w(connorturland@gmail.com devin@callysto.com chessscholar@gmail.com solaureum@gmail.com ishanshapiro@gmail.com).include?(user.email) + end end end diff --git a/config/brakeman.ignore b/config/brakeman.ignore index 9e29ff0d..c2491dcd 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -1,24 +1,24 @@ { "ignored_warnings": [ { - "warning_type": "Cross Site Scripting", - "warning_code": 2, - "fingerprint": "88694dca0bcc2226859746f9ed40cc682d6e5eaec1e73f2be557770a854ede0b", - "message": "Unescaped model attribute", - "file": "app/views/notifications/show.html.erb", - "line": 7, - "link": "http://brakemanscanner.org/docs/warning_types/cross_site_scripting", - "code": "current_user.mailbox.notifications.find_by(:id => params[:id]).body", - "render_path": [{"type":"controller","class":"NotificationsController","method":"show","line":24,"file":"app/controllers/notifications_controller.rb"}], + "warning_type": "Cross-Site Request Forgery", + "warning_code": 7, + "fingerprint": "59d73ce0b791aa7ed532510c780235a8b23f7cd1246dbf9da258e36f5d1e2b0a", + "message": "'protect_from_forgery' should be called in Api::V2::RestfulController", + "file": "app/controllers/api/v2/restful_controller.rb", + "line": 4, + "link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/", + "code": null, + "render_path": null, "location": { - "type": "template", - "template": "notifications/show" + "type": "controller", + "controller": "Api::V2::RestfulController" }, - "user_input": "current_user.mailbox.notifications", - "confidence": "Weak", - "note": "" + "user_input": null, + "confidence": "High", + "note": "Cookie-based auth is disabled for the API except for the tokens endpoint. We're hoping this is sufficiently secure, because CSRF-forged links might get clicked on another site, but the generated tokens won't go back to the attacker. Also, an attacker would need a token to delete it, which means they've got access at that point anyways. - Devin, Feb 2017" } ], - "updated": "2016-11-29 13:01:34 -0500", - "brakeman_version": "3.4.0" + "updated": "2017-02-11 20:00:09 -0800", + "brakeman_version": "3.4.1" } diff --git a/db/schema.rb b/db/schema.rb index 66bbf9cd..21a2447b 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -84,8 +84,8 @@ ActiveRecord::Schema.define(version: 20170209215911) do t.integer "user_id" t.string "followed_type" t.integer "followed_id" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.index ["followed_type", "followed_id"], name: "index_follows_on_followed_type_and_followed_id", using: :btree t.index ["user_id"], name: "index_follows_on_user_id", using: :btree end diff --git a/spec/controllers/synapses_controller_spec.rb b/spec/controllers/synapses_controller_spec.rb index 7abeb2ee..21151ffc 100644 --- a/spec/controllers/synapses_controller_spec.rb +++ b/spec/controllers/synapses_controller_spec.rb @@ -2,11 +2,12 @@ require 'rails_helper' RSpec.describe SynapsesController, type: :controller do - let(:synapse) { create(:synapse) } + let(:user) { create(:user) } + let(:synapse) { create(:synapse, user: user, updated_by: user) } let(:valid_attributes) { synapse.attributes.except('id') } let(:invalid_attributes) { { permission: :invalid_lol } } before :each do - sign_in create(:user) + sign_in(user) end describe 'POST #create' do diff --git a/spec/controllers/topics_controller_spec.rb b/spec/controllers/topics_controller_spec.rb index 96689403..16526835 100644 --- a/spec/controllers/topics_controller_spec.rb +++ b/spec/controllers/topics_controller_spec.rb @@ -3,12 +3,11 @@ require 'rails_helper' RSpec.describe TopicsController, type: :controller do let(:user) { create(:user) } - let(:topic) { create(:topic, user: user) } + let(:topic) { create(:topic, user: user, updated_by: user) } let(:valid_attributes) { topic.attributes.except('id') } let(:invalid_attributes) { { permission: :invalid_lol } } before :each do - sign_in :user - + sign_in(user) end describe 'POST #create' do