Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix check for order.guest_token presence #1705

Merged
merged 3 commits into from
Feb 16, 2017
Merged

Fix check for order.guest_token presence #1705

merged 3 commits into from
Feb 16, 2017

Conversation

vfonic
Copy link
Contributor

@vfonic vfonic commented Feb 6, 2017

  • In case the order.guest_token is an empty string, we don't want
    everyone to be able to view or update the order by passing empty
    token= parameter

@vfonic
Fix check for order.guest_token presence
a4d9c22 
* In case the `order.guest_token` is an empty string, we don't want
  everyone to be able to view or update the order by passing empty
  `token=` parameter
@vfonic
Copy link
Contributor Author

vfonic commented Feb 6, 2017

Not sure if .present? should be added or if that should be removed altogether. Also not sure if this particular piece of code requires a test.

@jhawthorn
Copy link
Contributor

@vfonic is there any way (with the standard Solidus code) to end up with the empty string ("") as a guest_token? In my testing there wasn't.

Using #present? here seems fine to me, just to be sure against something going horribly wrong.

Alternatively (or in addition), we could add the following to the Order model

validates :guest_token, presence: { allow_nil: true }

@vfonic
Copy link
Contributor Author

vfonic commented Feb 6, 2017
edited
Loading

As far as I could see, there's no way to end up with empty guest_token (with the standard Solidus code). However, saying that, and thinking about all the possible ways you can change the data in the database, I'd say in some strange edge case, it's possible.

I'll see to make the validation change on Order model.

@vfonic
Copy link
Contributor Author

vfonic commented Feb 7, 2017
edited
Loading

@jhawthorn I'm not sure why would validates :guest_token, presence: true fail (but it does)?

jhawthorn
jhawthorn approved these changes Feb 15, 2017
View reviewed changes
Copy link
Contributor

@jhawthorn jhawthorn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. Thank you

gmacdougall
gmacdougall approved these changes Feb 16, 2017
View reviewed changes
Copy link
Member

@gmacdougall gmacdougall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution!

👍

@jhawthorn jhawthorn merged commit 9bd861f into solidusio:master Feb 16, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gmacdougall gmacdougall gmacdougall approved these changes

@jhawthorn jhawthorn jhawthorn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vfonic @jhawthorn @gmacdougall