From 159388b0604df07e1a21aecfe87ae3c9ef998aec Mon Sep 17 00:00:00 2001 From: Chris Blanchard Date: Sat, 15 Aug 2015 11:48:55 +0100 Subject: [PATCH 1/3] Revert session cookie changes in production --- config/environments/production.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index efb76b4..c646579 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -63,5 +63,5 @@ Ensl::Application.configure do config.active_support.deprecation = :notify # Custom Session Store config to allow gathers.staging.ensl.org - config.session_store :cookie_store, key: '_ENSL_session_key', expire_after: 30.days.to_i, domain: "gathers.ensl.org" + # config.session_store :cookie_store, key: '_ENSL_session_key', expire_after: 30.days.to_i, domain: "gathers.ensl.org" end \ No newline at end of file From 4b038406f6487598c06fb6fa26c350e7274368d5 Mon Sep 17 00:00:00 2001 From: Chris Blanchard Date: Sat, 15 Aug 2015 13:25:44 +0100 Subject: [PATCH 2/3] Add missing groups --- spec/factories/group.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/spec/factories/group.rb b/spec/factories/group.rb index 0a101b3..bf72ae2 100644 --- a/spec/factories/group.rb +++ b/spec/factories/group.rb @@ -9,4 +9,14 @@ FactoryGirl.define do name "Admins" id Group::ADMINS end + + trait :champions do + name "Champions" + id Group::CHAMPIONS + end + + trait :donors do + name "Donors" + id Group::DONORS + end end From a6c7e5e592c70bd2d60f471a1ed285b429231c88 Mon Sep 17 00:00:00 2001 From: Chris Blanchard Date: Sat, 15 Aug 2015 13:30:39 +0100 Subject: [PATCH 3/3] Remove IP address data from users plugin --- app/controllers/plugin_controller.rb | 103 +++++++++--------- .../plugin/plugin_controller_spec.rb | 29 +++++ 2 files changed, 80 insertions(+), 52 deletions(-) create mode 100644 spec/controllers/plugin/plugin_controller_spec.rb diff --git a/app/controllers/plugin_controller.rb b/app/controllers/plugin_controller.rb index 76a2885..8603141 100644 --- a/app/controllers/plugin_controller.rb +++ b/app/controllers/plugin_controller.rb @@ -1,58 +1,57 @@ class PluginController < ApplicationController - def user - buffer = [] - out = [] + def user + buffer = [] + out = [] + if ban = Ban.first(:conditions => ["expiry > UTC_TIMESTAMP() AND steamid = ? AND ban_type = ?", params[:id], Ban::TYPE_SERVER]) + out << "#USER#" + out << "BANNED" + out << ban.expiry.utc.to_i + out << ban.reason + out << "\r\r\r\r\r\r\r" + elsif user = User.first(:conditions => {:steamid => params[:id]}) + teamer = (user.team ? user.teamers.active.of_team(user.team).first : nil) + icon = 0 + rank = "User" + if Group.find(Group::DONORS).users.exists?(user) + rank = "Donor" + icon = icon | 1 + end + if Group.find(Group::CHAMPIONS).users.exists?(user) + icon = icon | 2 + end + if user.ref? + rank = "Referee" + icon = icon | 4 + end + if user.admin? + rank = "Admin" + icon = icon | 8 + end - if ban = Ban.first(:conditions => ["expiry > UTC_TIMESTAMP() AND steamid = ? AND ban_type = ?", params[:id], Ban::TYPE_SERVER]) - out << "#USER#" - out << "BANNED" - out << ban.expiry.utc.to_i - out << ban.reason - out << "\r\r\r\r\r\r\r" - elsif user = User.first(:conditions => {:steamid => params[:id]}) - teamer = (user.team ? user.teamers.active.of_team(user.team).first : nil) - icon = 0 - rank = "User" - if Group.find(Group::DONORS).users.exists?(user) - rank = "Donor" - icon = icon | 1 - end - if Group.find(Group::CHAMPIONS).users.exists?(user) - icon = icon | 2 - end - if user.ref? - rank = "Referee" - icon = icon | 4 - end - if user.admin? - rank = "Admin" - icon = icon | 8 - end + buffer << user.steamid + buffer << user.username + buffer << '0.0.0.0' + buffer << (user.team ? Verification.uncrap(user.team.to_s) : "No Team") + buffer << user.id + buffer << user.team_id + buffer << rank + buffer << (teamer ? teamer.ranks[teamer.rank] : "") + buffer << icon + buffer << params[:ch] ? params[:ch] : "" + buffer << (user.can_play? ? "1" : "0") - buffer << user.steamid - buffer << user.username - buffer << user.lastip - buffer << (user.team ? Verification.uncrap(user.team.to_s) : "No Team") - buffer << user.id - buffer << user.team_id - buffer << rank - buffer << (teamer ? teamer.ranks[teamer.rank] : "") - buffer << icon - buffer << params[:ch] ? params[:ch] : "" - buffer << (user.can_play? ? "1" : "0") + out << "#USER#" + out << Verification.verify(buffer.join) + out << buffer.join("\r") + else + out << "#FAIL#" + end - out << "#USER#" - out << Verification.verify(buffer.join) - out << buffer.join("\r") - else - out << "#FAIL#" - end + render_out out + end - render_out out - end - - def render_out out - @text = out.join("\r") - render :layout => false - end + def render_out out + @text = out.join("\r") + render :layout => false + end end \ No newline at end of file diff --git a/spec/controllers/plugin/plugin_controller_spec.rb b/spec/controllers/plugin/plugin_controller_spec.rb new file mode 100644 index 0000000..e9585af --- /dev/null +++ b/spec/controllers/plugin/plugin_controller_spec.rb @@ -0,0 +1,29 @@ +require 'spec_helper' + +describe PluginController do + render_views + + describe '#user' do + before do + create :group, :donors + create :group, :champions + end + + let!(:user) { create :user_with_team } + + it 'returns user data' do + get :user, id: user.steamid + expect(response).to be_success + expect(response.body).to include(user.username) + end + + it 'definitely does not return IP address' do + last_ip = '127.0.0.1' + user.lastip = last_ip + user.save! + get :user, id: user.steamid + expect(response).to be_success + expect(response).to_not include(last_ip) + end + end +end \ No newline at end of file