nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

throw 404s when the person is no found

Browse source
This commit is contained in:
Maxwell Salzberg 2011-08-09 13:02:25 -07:00
parent 69619f9ba2
commit e9d993b8f6
5 changed files with 93 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
app/controllers/people_controller.rb
View file

@ -9,6 +9,10 @@ class PeopleController < ApplicationController
respond_to :json, :only => [:index, :show] respond_to :json, :only => [:index, :show]
respond_to :js, :only => [:tag_index] respond_to :js, :only => [:tag_index]
rescue_from ActiveRecord::RecordNotFound do
render :file => "#{Rails.root}/public/404.html", :layout => false, :status => 404
end
def index def index
@aspect = :search @aspect = :search
params[:q] ||= params[:term] || '' params[:q] ||= params[:term] || ''
@ -61,10 +65,10 @@ class PeopleController < ApplicationController
end end
def show def show
@person = find_person_from_id_or_username @person = Person.find_from_id_or_username(params)
if @person && @person.remote? && !user_signed_in?
render :file => "#{Rails.root}/public/404.html", :layout => false, :status => 404 if remote_profile_with_no_user_session?
return raise ActiveRecord::RecordNotFound
end end
@post_type = :all @post_type = :all
@ -72,7 +76,6 @@ class PeopleController < ApplicationController
@share_with = (params[:share_with] == 'true') @share_with = (params[:share_with] == 'true')
max_time = params[:max_time] ? Time.at(params[:max_time].to_i) : Time.now max_time = params[:max_time] ? Time.at(params[:max_time].to_i) : Time.now
if @person
@profile = @person.profile @profile = @person.profile
unless params[:format] == "json" # hovercard unless params[:format] == "json" # hovercard
@ -115,10 +118,6 @@ class PeopleController < ApplicationController
end end
end end
else
flash[:error] = I18n.t 'people.show.does_not_exist'
redirect_to people_path
end
end end
def retrieve_remote def retrieve_remote
@ -156,13 +155,8 @@ class PeopleController < ApplicationController
Resque.enqueue(Job::SocketWebfinger, current_user.id, account, opts) Resque.enqueue(Job::SocketWebfinger, current_user.id, account, opts)
end end
def find_person_from_id_or_username
if params[:id].present? def remote_profile_with_no_user_session?
Person.where(:id => params[:id]).first @person && @person.remote? && !user_signed_in?
elsif params[:username].present?
User.find_by_username(params[:username]).person
else
nil
end
end end
end end

14
app/models/person.rb
View file

@ -50,6 +50,20 @@ class Person < ActiveRecord::Base
AppConfig[:featured_users].present? ? Person.where(:diaspora_handle => AppConfig[:featured_users]) : [] AppConfig[:featured_users].present? ? Person.where(:diaspora_handle => AppConfig[:featured_users]) : []
end end
def self.find_from_id_or_username(params)
p = if params[:id].present?
Person.where(:id => params[:id]).first
elsif params[:username].present? && u = User.find_by_username(params[:username])
u.person
else
nil
end
raise ActiveRecord::RecordNotFound unless p.present?
p
end
def self.search_query_string(query) def self.search_query_string(query)
query = query.downcase query = query.downcase

9
public/404.html
View file

@ -12,13 +12,18 @@
border-right-color: #999; border-right-color: #999;
border-bottom-color: #999; border-bottom-color: #999;
} }
h1 { font-size: 100%; color: #f00; line-height: 1.5em; } h1 { font-size: 100%; color: #f00; line-height: 1.5em; text-align:center; }
</style> </style>
</head> </head>
<body> <body>
<!-- This file lives in public/404.html --> <!-- This file lives in public/404.html -->
<h1> 404: Not Found </h1>
<a href="javascript:history.go(-1)">
<img src="/images/404.png"/> <img src="/images/404.png"/>
</a>
<h1>
<a href="javascript:history.go(-1)"> Go Back </a>
</h1>
</body> </body>
</html> </html>

8
spec/controllers/people_controller_spec.rb
View file

@ -117,14 +117,14 @@ describe PeopleController do
end end
describe '#show' do describe '#show' do
it "redirects to #index if the id is invalid" do it "404s if the id is invalid" do
get :show, :id => 'delicious' get :show, :id => 'delicious'
response.should redirect_to people_path response.code.should == "404"
end end
it "redirects to #index if no person is found" do it "404s if no person is found" do
get :show, :id => 3920397846 get :show, :id => 3920397846
response.should redirect_to people_path response.code.should == "404"
end end
it 'does not allow xss attacks' do it 'does not allow xss attacks' do

22
spec/models/person_spec.rb
View file

@ -23,6 +23,28 @@ describe Person do
Person.remote =~ [@user.person] Person.remote =~ [@user.person]
end end
end end
describe '.find_person_from_id_or_username' do
it 'searchs for a person if id is passed' do
Person.find_from_id_or_username(:id => @person.id).id.should == @person.id
end
it 'searchs a person from a user if username is passed' do
Person.find_from_id_or_username(:username => @user.username).id.should == @user.person.id
end
it 'throws active record not found exceptions if no person is found via id' do
expect{
Person.find_from_id_or_username(:id => 213123)
}.to raise_error ActiveRecord::RecordNotFound
end
it 'throws active record not found exceptions if no person is found via username' do
expect{
Person.find_from_id_or_username(:username => 'michael_jackson')
}.to raise_error ActiveRecord::RecordNotFound
end
end
end end
describe "delegating" do describe "delegating" do
it "delegates last_name to the profile" do it "delegates last_name to the profile" do