Replace search for elsewhere usernames with find_by_provider_username function

rohitpaulk · rohitpaulk · commit f9ef19db5449 · 2014-12-23T13:47:08.000+05:30
diff --git a/app/controllers/achievements_controller.rb b/app/controllers/achievements_controller.rb
@@ -23,7 +23,7 @@ def award
       render_404
     else
       if @api_access.can_award?(award_params[:badge])
-        user  = User.with_username(award_params[provider], provider)
+        user  = User.find_by_provider_username(award_params[provider], provider)
         badge = badge_class_factory(award_params[:badge].to_s).new(user, Date.strptime(award_params[:date], '%m/%d/%Y'))
         badge.generate_fact!(award_params[:badge], award_params[provider], provider)
         unless user.nil?
diff --git a/app/models/fact.rb b/app/models/fact.rb
@@ -59,7 +59,7 @@ def tagged?(*required_tags)
 
   def user
     service, username = self.owner.split(":")
-    User.with_username(username, service)
+    User.find_by_provider_username(username, service)
   end
 end
 
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -126,23 +126,13 @@ def near
   #TODO Kill
   scope :username_in, ->(usernames) { where(["UPPER(username) in (?)", usernames.collect(&:upcase)]) }
 
-  #TODO Kill
-  def self.with_username(username, provider = :username)
+  def self.find_by_provider_username(username, provider)
     return nil if username.nil?
-    sql_injection_safe_where_clause = case provider.to_s
-                                      when 'username', ''
-                                        'username'
-                                      when 'linkedin'
-                                        'linkedin'
-                                      when 'twitter'
-                                        'twitter'
-                                      when 'github'
-                                        'github'
-                                      else
-                                        #A user could malicously pass in a provider, thats why we do the string matching above
-                                        raise "Unkown provider type specified, unable to find user by username"
-                                      end
-    where(["UPPER(#{sql_injection_safe_where_clause}) = UPPER(?)", username]).first
+    return self.find_by_username(username) if provider == ''
+    unless %w{twitter linkedin github}.include?(provider)
+      raise "Unkown provider type specified, unable to find user by username"
+    end
+    where(["UPPER(#{provider}) = UPPER(?)", username]).first
   end
 
   # Todo State machine
