Merge pull request #58 from Prommah/develop

Improve SteamID validation
This commit is contained in:
simplefl 2015-10-16 09:58:12 +02:00
commit 92a9e0690b
5 changed files with 70 additions and 38 deletions

4
app/controllers/api/v1/users_controller.rb Normal file → Executable file
View file

@ -5,7 +5,9 @@ class Api::V1::UsersController < Api::V1::BaseController
def show
@user = User.find(params[:id])
if @user.steamid.present?
@steam = steam_profile @user
end
render json: {
id: @user.id,
@ -14,7 +16,7 @@ class Api::V1::UsersController < Api::V1::BaseController
time_zone: @user.time_zone,
avatar: @user.profile.avatar.url,
admin: @user.admin?,
steam: {
steam: @user.steamid.nil? ? nil : {
id: @user.steamid,
url: @steam.nil? ? nil : @steam.base_url,
nickname: @steam.nil? ? nil : @steam.nickname

10
app/models/ban.rb Normal file → Executable file
View file

@ -33,13 +33,13 @@ class Ban < ActiveRecord::Base
scope :effective, conditions: "expiry > UTC_TIMESTAMP()"
scope :ineffective, conditions: "expiry < UTC_TIMESTAMP()"
before_validation :check_user
validate :validate_type
validate :validate_ventban
validates_format_of :steamid, with: /\A([0-9]{1,10}:){2}[0-9]{1,10}\Z/, allow_blank: true
validates_format_of :addr, with: /\A([0-9]{1,3}\.){3}[0-9]{1,3}:?[0-9]{0,5}\z/, allow_blank: true
validates_length_of :reason, maximum: 255, allow_nil: true, allow_blank: true
before_validation :check_user
validates :steamid, length: {maximum: 14}, format: /\A0:[01]:[0-9]{1,10}\Z/, allow_blank: true
validates :addr, format: /\A([0-9]{1,3}\.){3}[0-9]{1,3}:?[0-9]{0,5}\z/, allow_blank: true
validates :reason, length: {maximum: 255}, allow_blank: true
belongs_to :user
belongs_to :server

40
app/models/user.rb Normal file → Executable file
View file

@ -100,22 +100,22 @@ class User < ActiveRecord::Base
scope :idle,
:conditions => ["lastvisit < ?", 30.minutes.ago.utc]
validates_uniqueness_of :username, :email, :steamid
validates_length_of :firstname, :in => 1..15, :allow_blank => true
validates_length_of :lastname, :in => 1..25, :allow_blank => true
validates_length_of :username, :in => 2..20
validates_format_of :username, :with => /\A[A-Za-z0-9_\-\+]{2,20}\Z/
validates_presence_of :raw_password, :on => :create
validates_length_of :email, :maximum => 50
validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i
validates_length_of :steamid, :maximum => 30
validates_format_of :steamid, :with => /\A([0-9]{1,10}:){2}[0-9]{1,10}\Z/
validates_length_of :time_zone, :maximum => 100, :allow_blank => true, :allow_nil => true
validates_inclusion_of [:public_email], :in => [true, false], :allow_nil => true
before_validation :update_password
validates :username, uniqueness: true, length: {in: 2..20}, format: /\A[A-Za-z0-9_\-\+]{2,20}\Z/
validates :firstname, length: {in: 1..15}, allow_blank: true
validates :lastname, length: {in: 1..25}, allow_blank: true
validates :raw_password, presence: {on: :create}
validates :email, uniqueness: true, length: {maximum: 50}, format: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i
validates :steamid, uniqueness: {allow_nil: true}, length: {maximum: 14}, presence: {on: :create}
validate :validate_steamid
validates :time_zone, length: {maximum: 100}, allow_blank: true
validates :public_email, inclusion: [true, false], allow_nil: true
validate :validate_team
before_create :init_variables
before_validation :update_password
before_save :correct_steamid_universe
accepts_nested_attributes_for :profile
@ -238,6 +238,20 @@ class User < ActiveRecord::Base
issues.unread_by(self)
end
def validate_steamid
errors.add :steamid unless
steamid.nil? ||
(m = steamid.match(/\A([01]):([01]):(\d{1,10})\Z/)) &&
(id = m[3].to_i) &&
id >= 1 && id <= 2147483647
end
def correct_steamid_universe
if steamid.present?
steamid[0] = "0"
end
end
def validate_team
if team and !active_teams.exists?({:id => team.id})
errors.add :team

8
spec/controllers/api/v1/users_controller_spec.rb Normal file → Executable file
View file

@ -29,16 +29,14 @@ describe Api::V1::UsersController do
expect(json["team"]).to be_nil
end
it "returns data for users with invalid steam ids" do
@user.steamid = "0:0:000"
it "returns nulled steam data for users who had invalid steam ids" do
@user.steamid = nil
@user.save!
get :show, id: @user.id
expect(response).to be_success
expect(json["steam"]["id"]).to_not be_nil
expect(json["steam"]["url"]).to be_nil
expect(json["steam"]["nickname"]).to be_nil
expect(json["steam"]).to be_nil
end
it "returns 404 if user does not exist" do

44
spec/features/users/user_signs_up_spec.rb Normal file → Executable file
View file

@ -1,46 +1,64 @@
require 'spec_helper'
require "spec_helper"
feature 'Visitor signs up', js: :true do
feature "Visitor signs up", js: :true do
let(:user) { attributes_for(:user) }
before do
visit new_user_path
end
scenario 'with valid Username, Email, Password and Steam ID' do
scenario "with valid Username, Email, Password and Steam ID" do
within registration_form do
fill_form(:user, user.slice(*sign_up_attributes))
click_button submit(:user, :create)
end
expect(user_status).to have_content('ACCOUNT')
expect(user_status).to have_content("ACCOUNT")
end
scenario 'with invalid Email' do
scenario "with invalid Email" do
within registration_form do
fill_form(:user, user.slice(*sign_up_attributes).merge({ email: "invalid" }))
fill_form(:user, user.slice(*sign_up_attributes).merge(email: "invalid"))
click_button submit(:user, :create)
end
expect(page).to have_content(error_message('email.invalid'))
expect(page).to have_content(error_message("email.invalid"))
end
scenario 'with blank Password' do
scenario "with blank Password" do
within registration_form do
fill_form(:user, user.slice(*sign_up_attributes).merge({ raw_password: "" }))
fill_form(:user, user.slice(*sign_up_attributes).merge(raw_password: ""))
click_button submit(:user, :create)
end
expect(page).to have_content(error_message('raw_password.blank'))
expect(page).to have_content(error_message("raw_password.blank"))
end
scenario 'with invalid Steam ID' do
scenario "with invalid Steam ID" do
within registration_form do
fill_form(:user, user.slice(*sign_up_attributes).merge({ steamid: "invalid" }))
fill_form(:user, user.slice(*sign_up_attributes).merge(steamid: "invalid"))
click_button submit(:user, :create)
end
expect(page).to have_content(error_message('steamid.invalid'))
expect(page).to have_content(error_message("steamid.invalid"))
end
scenario "with out of range Steam ID" do
within registration_form do
fill_form(:user, user.slice(*sign_up_attributes).merge(steamid: "0:0:2147483648"))
click_button submit(:user, :create)
end
expect(page).to have_content(error_message("steamid.invalid"))
end
scenario "with nil Steam ID" do
within registration_form do
fill_form(:user, user.slice(*sign_up_attributes).merge(steamid: nil))
click_button submit(:user, :create)
end
expect(page).to have_content(error_message("steamid.invalid"))
end
def sign_up_attributes