Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User should not be able to create Oauth based user_tags #2737

Merged
merged 5 commits into from
Jun 3, 2018
Merged

User should not be able to create Oauth based user_tags #2737

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
94c3230
User should not be able to create Oauth based user_tags
SidharthBansal May 20, 2018
ac1f4ae
Added OAuth-facebook instead of facebook etc
SidharthBansal May 25, 2018
845a226
rerun travis
SidharthBansal May 27, 2018
18f133e
changed the error message
SidharthBansal May 27, 2018
d96d8cd
CodeClimate error fixed
SidharthBansal Jun 3, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions app/controllers/admin_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,8 @@ def reset_user_password
PasswordResetMailer.reset_notify(user, key).deliver_now unless user.nil? # respond the same to both successes and failures; security
end

flash[:notice] = "#{user.name} should receive an email with instructions on how to reset their password. If they do not, please double check that they are using the email they registered with."
redirect_to "/profile/" + user.name
flash[:notice] = "#{user.name} should receive an email with instructions on how to reset their password. If they do not, please double check that they are using the email they registered with."
redirect_to URI.parse("/profile/" + user.name).path
end
end

Expand Down
2 changes: 1 addition & 1 deletion app/controllers/relationships_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ class RelationshipsController < ApplicationController
def create
user = User.find(params[:followed_id])
current_user.follow(user)
redirect_to "/profile/#{user.username}"
redirect_to URI.parse("/profile/#{user.username}").path
end

def destroy
Expand Down
24 changes: 16 additions & 8 deletions app/controllers/user_tags_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,18 @@ def create
@output[:errors] << I18n.t('user_tags_controller.tag_already_exists')
exist = true
end

unless exist
user_tag = user.user_tags.build(value: name)
if user_tag.save
if tagname.split(':')[0] == "oauth-facebook"
@output[:errors] << "This tag is used for associating a Facebook account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
elsif tagname.split(':')[0] == "oauth-github"
@output[:errors] << "This tag is used for associating a Github account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
elsif tagname.split(':')[0] == "oauth-google"
@output[:errors] << "This tag is used for associating a Google account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
elsif tagname.split(':')[0] == "oauth-twitter"
@output[:errors] << "This tag is used for associating a Twitter account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
elsif user_tag.save
@output[:saved] << [name, user_tag.id]
else
@output[:errors] << I18n.t('user_tags_controller.cannot_save_value')
Expand All @@ -45,7 +53,7 @@ def create
else
flash[:notice] = I18n.t('user_tags_controller.tag_created', tag_name: @output[:saved][0][0]).html_safe
end
redirect_to '/profile/' + user.username
redirect_to URI.parse('/profile/' + user.username).path
end
end

Expand All @@ -56,15 +64,15 @@ def delete
}
message = ''

begin
begin
@user_tag = UserTag.where(uid: params[:id], value: params[:name])
if(!@user_tag.nil?)
@user_tag = @user_tag.first
end
@user_tag = @user_tag.first
end

if current_user.role == 'admin' || params[:id].to_i == current_user.id
if (!@user_tag.nil? && @user_tag.user == current_user) || (!@user_tag.nil? && current_user.role == 'admin')
UserTag.where(uid: params[:id] , value: params[:name]).destroy_all
UserTag.where(uid: params[:id] , value: params[:name]).destroy_all
message = I18n.t('user_tags_controller.tag_deleted')
output[:status] = true
else
Expand Down
10 changes: 8 additions & 2 deletions app/models/node.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -852,8 +852,14 @@ def can_tag(tagname, user, errors = false)
errors ? I18n.t('node.only_admins_can_lock') : false
elsif tagname.split(':')[0] == 'redirect' && Node.where(slug: tagname.split(':')[1]).length <= 0
errors ? I18n.t('node.page_does_not_exist') : false
elsif ["facebook", "github", "google", "twitter"].include? tagname.split(':')[0]
errors ? "Only Oauth can create such tags" : false
elsif tagname.split(':')[0] == "oauth-facebook"
errors ? "This tag is used for associating a Facebook account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
elsif tagname.split(':')[0] == "oauth-github"
errors ? "This tag is used for associating a Github account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
elsif tagname.split(':')[0] == "oauth-google"
errors ? "This tag is used for associating a Google account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
elsif tagname.split(':')[0] == "oauth-twitter"
errors ? "This tag is used for associating a Twitter account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
else
true
end
Expand Down