jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Raise error on unpermitted params.

Browse Source 
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs
This commit is contained in:
r888888888
2018-04-02 10:51:26 -07:00
committed by Albert Yi
parent 01eda51020
commit abce4d2551
362 changed files with 4796 additions and 4799 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
test/unit/user_test.rb
View File

@@ -3,7 +3,7 @@ require 'test_helper'
class UserTest < ActiveSupport::TestCase
context "A user" do
setup do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
CurrentUser.user = @user
CurrentUser.ip_addr = "127.0.0.1"
end
@@ -15,7 +15,7 @@ class UserTest < ActiveSupport::TestCase
context "promoting a user" do
setup do
CurrentUser.user = FactoryGirl.create(:moderator_user)
CurrentUser.user = FactoryBot.create(:moderator_user)
end
should "create a neutral feedback" do
@@ -27,7 +27,7 @@ class UserTest < ActiveSupport::TestCase
end
should "send an automated dmail to the user" do
bot = FactoryGirl.create(:user)
bot = FactoryBot.create(:user)
User.stubs(:system).returns(bot)
assert_difference("Dmail.count", 1) do
@@ -40,7 +40,7 @@ class UserTest < ActiveSupport::TestCase
context "that has been invited by a mod" do
setup do
@mod = FactoryGirl.create(:moderator_user)
@mod = FactoryBot.create(:moderator_user)
end
should "work" do
@@ -60,10 +60,9 @@ class UserTest < ActiveSupport::TestCase
end
should "not validate if the originating ip address is banned" do
FactoryGirl.create(:ip_ban)
user = FactoryGirl.build(:user)
FactoryBot.create(:ip_ban, ip_addr: '127.0.0.1')
user = FactoryBot.build(:user)
user.save
assert(user.errors.any?)
assert_equal("IP address is banned", user.errors.full_messages.join)
end
@@ -74,13 +73,13 @@ class UserTest < ActiveSupport::TestCase
assert_equal(10, @user.upload_limit)
9.times do
FactoryGirl.create(:post, :uploader => @user, :is_pending => true)
FactoryBot.create(:post, :uploader => @user, :is_pending => true)
end
@user = User.find(@user.id)
assert_equal(1, @user.upload_limit)
assert(@user.can_upload?)
FactoryGirl.create(:post, :uploader => @user, :is_pending => true)
FactoryBot.create(:post, :uploader => @user, :is_pending => true)
@user = User.find(@user.id)
assert(!@user.can_upload?)
end
@@ -90,8 +89,8 @@ class UserTest < ActiveSupport::TestCase
Danbooru.config.stubs(:member_comment_limit).returns(10)
assert(@user.can_comment_vote?)
10.times do
comment = FactoryGirl.create(:comment)
FactoryGirl.create(:comment_vote, :comment_id => comment.id, :score => -1)
comment = FactoryBot.create(:comment)
FactoryBot.create(:comment_vote, :comment_id => comment.id, :score => -1)
end
assert(!@user.can_comment_vote?)
@@ -108,14 +107,14 @@ class UserTest < ActiveSupport::TestCase
assert(@user.can_comment?)
assert(!@user.is_comment_limited?)
(Danbooru.config.member_comment_limit).times do
FactoryGirl.create(:comment)
FactoryBot.create(:comment)
end
assert(@user.is_comment_limited?)
end
should "verify" do
assert(@user.is_verified?)
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
@user.generate_email_verification_key
@user.save
assert(!@user.is_verified?)
@@ -132,21 +131,21 @@ class UserTest < ActiveSupport::TestCase
end
should "normalize its level" do
user = FactoryGirl.create(:user, :level => User::Levels::ADMIN)
user = FactoryBot.create(:user, :level => User::Levels::ADMIN)
assert(user.is_moderator?)
assert(user.is_gold?)
user = FactoryGirl.create(:user, :level => User::Levels::MODERATOR)
user = FactoryBot.create(:user, :level => User::Levels::MODERATOR)
assert(!user.is_admin?)
assert(user.is_moderator?)
assert(user.is_gold?)
user = FactoryGirl.create(:user, :level => User::Levels::GOLD)
user = FactoryBot.create(:user, :level => User::Levels::GOLD)
assert(!user.is_admin?)
assert(!user.is_moderator?)
assert(user.is_gold?)
user = FactoryGirl.create(:user)
user = FactoryBot.create(:user)
assert(!user.is_admin?)
assert(!user.is_moderator?)
assert(!user.is_gold?)
@@ -159,36 +158,36 @@ class UserTest < ActiveSupport::TestCase
should "not contain whitespace" do
# U+2007: https://en.wikipedia.org/wiki/Figure_space
user = FactoryGirl.build(:user, :name => "foo\u2007bar")
user = FactoryBot.build(:user, :name => "foo\u2007bar")
user.save
assert_equal(["Name cannot have whitespace or colons"], user.errors.full_messages)
end
should "not contain a colon" do
user = FactoryGirl.build(:user, :name => "a:b")
user = FactoryBot.build(:user, :name => "a:b")
user.save
assert_equal(["Name cannot have whitespace or colons"], user.errors.full_messages)
end
should "not begin with an underscore" do
user = FactoryGirl.build(:user, :name => "_x")
user = FactoryBot.build(:user, :name => "_x")
user.save
assert_equal(["Name cannot begin or end with an underscore"], user.errors.full_messages)
end
should "not end with an underscore" do
user = FactoryGirl.build(:user, :name => "x_")
user = FactoryBot.build(:user, :name => "x_")
user.save
assert_equal(["Name cannot begin or end with an underscore"], user.errors.full_messages)
end
should "be fetched given a user id" do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
assert_equal(@user.name, User.id_to_name(@user.id))
end
should "be updated" do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
@user.update_attribute(:name, "danzig")
assert_equal(@user.name, User.id_to_name(@user.id))
end
@@ -196,7 +195,7 @@ class UserTest < ActiveSupport::TestCase
context "ip address" do
setup do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
end
context "in the json representation" do
@@ -214,7 +213,7 @@ class UserTest < ActiveSupport::TestCase
context "password" do
should "match the cookie hash" do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
@user.password = "zugzug5"
@user.password_confirmation = "zugzug5"
@user.save
@@ -223,7 +222,7 @@ class UserTest < ActiveSupport::TestCase
end
should "match the confirmation" do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
@user.old_password = "password"
@user.password = "zugzug5"
@user.password_confirmation = "zugzug5"
@@ -233,7 +232,7 @@ class UserTest < ActiveSupport::TestCase
end
should "fail if the confirmation does not match" do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
@user.password = "zugzug6"
@user.password_confirmation = "zugzug5"
@user.save
@@ -241,7 +240,7 @@ class UserTest < ActiveSupport::TestCase
end
should "not be too short" do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
@user.password = "x5"
@user.password_confirmation = "x5"
@user.save
@@ -249,38 +248,38 @@ class UserTest < ActiveSupport::TestCase
end
should "should be reset" do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
new_pass = @user.reset_password
assert(User.authenticate(@user.name, new_pass), "Authentication should have succeeded")
end
should "not change the password if the password and old password are blank" do
@user = FactoryGirl.create(:user, :password => "67890")
@user = FactoryBot.create(:user, :password => "67890")
@user.update_attributes(:password => "", :old_password => "")
assert(@user.bcrypt_password == User.sha1("67890"))
end
should "not change the password if the old password is incorrect" do
@user = FactoryGirl.create(:user, :password => "67890")
@user = FactoryBot.create(:user, :password => "67890")
@user.update_attributes(:password => "12345", :old_password => "abcdefg")
assert(@user.bcrypt_password == User.sha1("67890"))
end
should "not change the password if the old password is blank" do
@user = FactoryGirl.create(:user, :password => "67890")
@user = FactoryBot.create(:user, :password => "67890")
@user.update_attributes(:password => "12345", :old_password => "")
assert(@user.bcrypt_password == User.sha1("67890"))
end
should "change the password if the old password is correct" do
@user = FactoryGirl.create(:user, :password => "67890")
@user = FactoryBot.create(:user, :password => "67890")
@user.update_attributes(:password => "12345", :old_password => "67890")
assert(@user.bcrypt_password == User.sha1("12345"))
end
context "in the json representation" do
setup do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
end
should "not appear" do
@@ -290,7 +289,7 @@ class UserTest < ActiveSupport::TestCase
context "in the xml representation" do
setup do
@user = FactoryGirl.create(:user)
@user = FactoryBot.create(:user)
end
should "not appear" do
@@ -301,13 +300,13 @@ class UserTest < ActiveSupport::TestCase
context "that might be a sock puppet" do
setup do
@user = FactoryGirl.create(:user, last_ip_addr: "127.0.0.2")
@user = FactoryBot.create(:user, last_ip_addr: "127.0.0.2")
Danbooru.config.unstub(:enable_sock_puppet_validation?)
end
should "not validate" do
CurrentUser.scoped(nil, "127.0.0.2") do
@user = FactoryGirl.build(:user)
@user = FactoryBot.build(:user)
@user.save
assert_equal(["Last ip addr was used recently for another account and cannot be reused for another day"], @user.errors.full_messages)
end
@@ -316,9 +315,9 @@ class UserTest < ActiveSupport::TestCase
context "when searched by name" do
should "match wildcards" do
user1 = FactoryGirl.create(:user, :name => "foo")
user2 = FactoryGirl.create(:user, :name => "foo*bar")
user3 = FactoryGirl.create(:user, :name => "bar\*baz")
user1 = FactoryBot.create(:user, :name => "foo")
user2 = FactoryBot.create(:user, :name => "foo*bar")
user3 = FactoryBot.create(:user, :name => "bar\*baz")
assert_equal([user2.id, user1.id], User.search(name: "foo*").map(&:id))
assert_equal([user2.id], User.search(name: "foo\*bar").map(&:id))