User should not be able to create Oauth based user_tags (#2737)

* User should not be able to create Oauth based user_tags * Added OAuth-facebook instead of facebook etc * rerun travis * changed the error message * CodeClimate error fixed
publiclab · Jun 3, 2018 · c257ec8 · c257ec8
1 parent e644ee9
commit c257ec8
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 13 deletions.
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
@@ -53,8 +53,8 @@ def reset_user_password
         PasswordResetMailer.reset_notify(user, key).deliver_now unless user.nil? # respond the same to both successes and failures; security
       end
 
-      flash[:notice] = "#{user.name} should receive an email with instructions on how to reset their password. If they do not, please double check that they are using the email they registered with." 
-      redirect_to "/profile/" + user.name
+      flash[:notice] = "#{user.name} should receive an email with instructions on how to reset their password. If they do not, please double check that they are using the email they registered with."
+      redirect_to URI.parse("/profile/" + user.name).path
     end
   end
 

diff --git a/app/controllers/relationships_controller.rb b/app/controllers/relationships_controller.rb
@@ -4,7 +4,7 @@ class RelationshipsController < ApplicationController
   def create
     user = User.find(params[:followed_id])
     current_user.follow(user)
-    redirect_to "/profile/#{user.username}"
+    redirect_to URI.parse("/profile/#{user.username}").path
   end
 
   def destroy

diff --git a/app/controllers/user_tags_controller.rb b/app/controllers/user_tags_controller.rb
@@ -20,10 +20,18 @@ def create
             @output[:errors] << I18n.t('user_tags_controller.tag_already_exists')
             exist = true
           end
- 
+
           unless exist
             user_tag = user.user_tags.build(value: name)
-            if user_tag.save
+            if  tagname.split(':')[0] == "oauth-facebook"
+              @output[:errors] << "This tag is used for associating a Facebook account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
+            elsif  tagname.split(':')[0] == "oauth-github"
+              @output[:errors] << "This tag is used for associating a Github account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
+            elsif  tagname.split(':')[0] ==  "oauth-google"
+              @output[:errors] << "This tag is used for associating a Google account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
+            elsif  tagname.split(':')[0] == "oauth-twitter"
+             @output[:errors] << "This tag is used for associating a Twitter account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
+            elsif user_tag.save
               @output[:saved] << [name, user_tag.id]
             else
               @output[:errors] << I18n.t('user_tags_controller.cannot_save_value')
@@ -45,7 +53,7 @@ def create
       else
         flash[:notice] = I18n.t('user_tags_controller.tag_created', tag_name: @output[:saved][0][0]).html_safe
       end
-      redirect_to '/profile/' + user.username
+      redirect_to URI.parse('/profile/' + user.username).path
     end
   end
 
@@ -56,15 +64,15 @@ def delete
     }
     message = ''
 
-    begin  
+    begin
       @user_tag = UserTag.where(uid: params[:id], value: params[:name])
       if(!@user_tag.nil?)
-          @user_tag = @user_tag.first 
-      end 
-  
+          @user_tag = @user_tag.first
+      end
+
       if current_user.role == 'admin' || params[:id].to_i == current_user.id
         if (!@user_tag.nil? && @user_tag.user == current_user) || (!@user_tag.nil? && current_user.role == 'admin')
-          UserTag.where(uid: params[:id] , value: params[:name]).destroy_all    
+          UserTag.where(uid: params[:id] , value: params[:name]).destroy_all
           message = I18n.t('user_tags_controller.tag_deleted')
           output[:status] = true
         else

diff --git a/app/models/node.rb b/app/models/node.rb
@@ -852,8 +852,14 @@ def can_tag(tagname, user, errors = false)
       errors ? I18n.t('node.only_admins_can_lock') : false
     elsif tagname.split(':')[0] == 'redirect' && Node.where(slug: tagname.split(':')[1]).length <= 0
       errors ? I18n.t('node.page_does_not_exist') : false
-    elsif ["facebook", "github", "google", "twitter"].include? tagname.split(':')[0]
-      errors ? "Only Oauth can create such tags" : false
+    elsif  tagname.split(':')[0] == "oauth-facebook"
+      errors ? "This tag is used for associating a Facebook account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
+    elsif  tagname.split(':')[0] == "oauth-github"
+      errors ? "This tag is used for associating a Github account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
+    elsif  tagname.split(':')[0] ==  "oauth-google"
+      errors ? "This tag is used for associating a Google account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
+    elsif  tagname.split(':')[0] == "oauth-twitter"
+      errors ? "This tag is used for associating a Twitter account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
     else
       true
     end