fix travis (#1071)
* fix topic spec * fix synapse/mapping spec * brakeman csrf warning suppressed :|
This commit is contained in:
parent
53d4beddec
commit
95901e17e8
5 changed files with 50 additions and 50 deletions
|
@ -1,8 +1,7 @@
|
|||
# frozen_string_literal: true
|
||||
class FollowService
|
||||
|
||||
|
||||
def self.follow(entity, user, reason)
|
||||
class << self
|
||||
def follow(entity, user, reason)
|
||||
|
||||
return unless is_tester(user)
|
||||
|
||||
|
@ -12,11 +11,11 @@ class FollowService
|
|||
end
|
||||
end
|
||||
|
||||
def self.unfollow(entity, user)
|
||||
def unfollow(entity, user)
|
||||
Follow.where(followed: entity, user: user).destroy_all
|
||||
end
|
||||
|
||||
def self.remove_reason(entity, user, reason)
|
||||
def remove_reason(entity, user, reason)
|
||||
return unless FollowReason::REASONS.include?(reason)
|
||||
follow = Follow.where(followed: entity, user: user).first
|
||||
if follow
|
||||
|
@ -33,3 +32,4 @@ class FollowService
|
|||
%w(connorturland@gmail.com devin@callysto.com chessscholar@gmail.com solaureum@gmail.com ishanshapiro@gmail.com).include?(user.email)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,24 +1,24 @@
|
|||
{
|
||||
"ignored_warnings": [
|
||||
{
|
||||
"warning_type": "Cross Site Scripting",
|
||||
"warning_code": 2,
|
||||
"fingerprint": "88694dca0bcc2226859746f9ed40cc682d6e5eaec1e73f2be557770a854ede0b",
|
||||
"message": "Unescaped model attribute",
|
||||
"file": "app/views/notifications/show.html.erb",
|
||||
"line": 7,
|
||||
"link": "http://brakemanscanner.org/docs/warning_types/cross_site_scripting",
|
||||
"code": "current_user.mailbox.notifications.find_by(:id => params[:id]).body",
|
||||
"render_path": [{"type":"controller","class":"NotificationsController","method":"show","line":24,"file":"app/controllers/notifications_controller.rb"}],
|
||||
"warning_type": "Cross-Site Request Forgery",
|
||||
"warning_code": 7,
|
||||
"fingerprint": "59d73ce0b791aa7ed532510c780235a8b23f7cd1246dbf9da258e36f5d1e2b0a",
|
||||
"message": "'protect_from_forgery' should be called in Api::V2::RestfulController",
|
||||
"file": "app/controllers/api/v2/restful_controller.rb",
|
||||
"line": 4,
|
||||
"link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
|
||||
"code": null,
|
||||
"render_path": null,
|
||||
"location": {
|
||||
"type": "template",
|
||||
"template": "notifications/show"
|
||||
"type": "controller",
|
||||
"controller": "Api::V2::RestfulController"
|
||||
},
|
||||
"user_input": "current_user.mailbox.notifications",
|
||||
"confidence": "Weak",
|
||||
"note": ""
|
||||
"user_input": null,
|
||||
"confidence": "High",
|
||||
"note": "Cookie-based auth is disabled for the API except for the tokens endpoint. We're hoping this is sufficiently secure, because CSRF-forged links might get clicked on another site, but the generated tokens won't go back to the attacker. Also, an attacker would need a token to delete it, which means they've got access at that point anyways. - Devin, Feb 2017"
|
||||
}
|
||||
],
|
||||
"updated": "2016-11-29 13:01:34 -0500",
|
||||
"brakeman_version": "3.4.0"
|
||||
"updated": "2017-02-11 20:00:09 -0800",
|
||||
"brakeman_version": "3.4.1"
|
||||
}
|
||||
|
|
|
@ -2,11 +2,12 @@
|
|||
require 'rails_helper'
|
||||
|
||||
RSpec.describe SynapsesController, type: :controller do
|
||||
let(:synapse) { create(:synapse) }
|
||||
let(:user) { create(:user) }
|
||||
let(:synapse) { create(:synapse, user: user, updated_by: user) }
|
||||
let(:valid_attributes) { synapse.attributes.except('id') }
|
||||
let(:invalid_attributes) { { permission: :invalid_lol } }
|
||||
before :each do
|
||||
sign_in create(:user)
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
describe 'POST #create' do
|
||||
|
|
|
@ -3,12 +3,11 @@ require 'rails_helper'
|
|||
|
||||
RSpec.describe TopicsController, type: :controller do
|
||||
let(:user) { create(:user) }
|
||||
let(:topic) { create(:topic, user: user) }
|
||||
let(:topic) { create(:topic, user: user, updated_by: user) }
|
||||
let(:valid_attributes) { topic.attributes.except('id') }
|
||||
let(:invalid_attributes) { { permission: :invalid_lol } }
|
||||
before :each do
|
||||
sign_in :user
|
||||
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
describe 'POST #create' do
|
||||
|
|
Loading…
Reference in a new issue