diff --git a/app/controllers/achievements_controller.rb b/app/controllers/achievements_controller.rb index d2fd07e3..080c3ac0 100644 --- a/app/controllers/achievements_controller.rb +++ b/app/controllers/achievements_controller.rb @@ -23,7 +23,7 @@ def award render_404 else if @api_access.can_award?(award_params[:badge]) - user = User.with_username(award_params[provider], provider) + user = User.find_by_provider_username(award_params[provider], provider) badge = badge_class_factory(award_params[:badge].to_s).new(user, Date.strptime(award_params[:date], '%m/%d/%Y')) badge.generate_fact!(award_params[:badge], award_params[provider], provider) unless user.nil? diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 81c8a8c0..161fa942 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -144,7 +144,7 @@ def autocomplete def refresh refresh_params = params.permit(:username) - user = User.with_username(refresh_params[:username]) + user = User.find_by_username(refresh_params[:username]) RefreshUserJob.perform_async(user.id, true) flash[:notice] = "Queued #{refresh_params[:username]} for a refresh" redirect_to :back diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 6a0a4c6f..94f14971 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -1,7 +1,7 @@ module ApplicationHelper include TweetButton include SchemaOrgHelper - + def link_twitter_path '/auth/twitter' end @@ -161,7 +161,7 @@ def user_endorsements # https://twitter.com/#!/kennethkalmer/status/86392260555587584 endorsements << [User.find_by_username('kennethkalmer'), "@coderwall really dishes out some neat achievements, hope this helps motivate even more folks to contribute to FOSS"] - # endorsements << [User.with_username('jeffhogan'), 'I really dig @coderwall...I see great potential in utilizing @coderwall for portfolio/linkedin/professional ref. for developers!'] + # endorsements << [User.find_by_username('jeffhogan'), 'I really dig @coderwall...I see great potential in utilizing @coderwall for portfolio/linkedin/professional ref. for developers!'] endorsements end diff --git a/app/jobs/award_user_job.rb b/app/jobs/award_user_job.rb index 79f4ee04..05824875 100644 --- a/app/jobs/award_user_job.rb +++ b/app/jobs/award_user_job.rb @@ -4,7 +4,7 @@ class AwardUserJob sidekiq_options queue: :user def perform(username, badges) - user = User.with_username(username) + user = User.find_by_username(username) if badges.first.is_a?(String) badges.map!(&:constantize) diff --git a/app/jobs/build_activity_stream_job.rb b/app/jobs/build_activity_stream_job.rb index ce8d336d..47815c3e 100644 --- a/app/jobs/build_activity_stream_job.rb +++ b/app/jobs/build_activity_stream_job.rb @@ -4,7 +4,7 @@ class BuildActivityStreamJob sidekiq_options queue: :timeline def perform(username) - user = User.with_username(username) + user = User.find_by_username(username) user.build_repo_followed_activity! end end diff --git a/app/jobs/github_badge_org_job.rb b/app/jobs/github_badge_org_job.rb index 31b247f5..3d47c6e8 100644 --- a/app/jobs/github_badge_org_job.rb +++ b/app/jobs/github_badge_org_job.rb @@ -4,7 +4,7 @@ class GithubBadgeOrgJob sidekiq_options queue: :github def perform(username, action) - user = User.with_username(username) + user = User.find_by_username(username) unless user.nil? or user.github.nil? if action.to_sym == :add GithubBadge.new.add_all(user.badges, user.github) diff --git a/app/jobs/seed_github_protips_job.rb b/app/jobs/seed_github_protips_job.rb index 3b1edf5f..3870111a 100644 --- a/app/jobs/seed_github_protips_job.rb +++ b/app/jobs/seed_github_protips_job.rb @@ -4,7 +4,7 @@ class SeedGithubProtipsJob sidekiq_options queue: :github def perform(username) - user = User.with_username(username) + user = User.find_by_username(username) user.build_github_proptips_fast end end diff --git a/app/mailers/mail_preview.rb b/app/mailers/mail_preview.rb index 207b363d..49adc628 100644 --- a/app/mailers/mail_preview.rb +++ b/app/mailers/mail_preview.rb @@ -4,7 +4,7 @@ class MailPreview < MailView def popular_protips from = 60.days.ago to = 0.days.ago - user = User.with_username(USERNAME) + user = User.find_by_username(USERNAME) REDIS.srem(ProtipMailer::CAMPAIGN_ID, user.id.to_s) protips = ProtipMailer::Queries.popular_protips(from, to) ProtipMailer.popular_protips(user, protips, from, to).deliver diff --git a/app/models/fact.rb b/app/models/fact.rb index 738004d4..64189902 100644 --- a/app/models/fact.rb +++ b/app/models/fact.rb @@ -59,7 +59,7 @@ def tagged?(*required_tags) def user service, username = self.owner.split(":") - User.with_username(username, service) + User.find_by_provider_username(username, service) end end diff --git a/app/models/user.rb b/app/models/user.rb index 84085994..107ad485 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -126,23 +126,13 @@ def near #TODO Kill scope :username_in, ->(usernames) { where(["UPPER(username) in (?)", usernames.collect(&:upcase)]) } - #TODO Kill - def self.with_username(username, provider = :username) + def self.find_by_provider_username(username, provider) return nil if username.nil? - sql_injection_safe_where_clause = case provider.to_s - when 'username', '' - 'username' - when 'linkedin' - 'linkedin' - when 'twitter' - 'twitter' - when 'github' - 'github' - else - #A user could malicously pass in a provider, thats why we do the string matching above - raise "Unkown provider type specified, unable to find user by username" - end - where(["UPPER(#{sql_injection_safe_where_clause}) = UPPER(?)", username]).first + return self.find_by_username(username) if provider == '' + unless %w{twitter linkedin github}.include?(provider) + raise "Unkown provider type specified, unable to find user by username" + end + where(["UPPER(#{provider}) = UPPER(?)", username]).first end # Todo State machine diff --git a/lib/tasks/mailers.rake b/lib/tasks/mailers.rake index 9d5cd109..534e8d0e 100644 --- a/lib/tasks/mailers.rake +++ b/lib/tasks/mailers.rake @@ -2,7 +2,7 @@ namespace :mailers do task popular_protips: :environment do from = 60.days.ago to = 0.days.ago - user = User.with_username('mcansky') + user = User.find_by_username('mcansky') protips = ProtipMailer::Queries.popular_protips(from, to) ProtipMailer.popular_protips(user, protips, from, to).deliver end diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index bf72962c..b660ec68 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -80,14 +80,14 @@ session[:referred_by] = 'asdfasdf' session['oauth.data'] = github_response post :create, user: { location: 'SF', username: 'testingReferredBy' } - user = User.with_username('testingReferredBy') + user = User.find_by_username('testingReferredBy') expect(user.referred_by).to eq('asdfasdf') end it 'should not add referred by if not present' do session['oauth.data'] = github_response post :create, user: { location: 'SF', username: 'testingReferredBy' } - user = User.with_username('testingReferredBy') + user = User.find_by_username('testingReferredBy') expect(user.referred_by).to be_nil end end @@ -96,7 +96,7 @@ session[:utm_campaign] = 'asdfasdf' session['oauth.data'] = github_response post :create, user: { location: 'SF', username: 'testingUTM_campaign' } - user = User.with_username('testingUTM_campaign') + user = User.find_by_username('testingUTM_campaign') expect(user.utm_campaign).to eq('asdfasdf') end