Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parameter validation for /account/password/confirmReset #515 #516

Merged
merged 24 commits into from
Dec 5, 2023
Merged

Parameter validation for /account/password/confirmReset #515 #516

merged 24 commits into from
Dec 5, 2023

Conversation

beckpaul
Copy link
Collaborator

@beckpaul beckpaul commented Dec 3, 2023
edited
Loading

address #515 via redirect to request password reset and flash a message.

Bit more whitespace removal just while grepping around.

Change to .gitignore - mostly for my sanity as i use asdf to control dev envs.

Might have some overlap with #514

@codecov Codecov
Copy link

codecov bot commented Dec 3, 2023
edited
Loading

Codecov Report

Attention: 153 lines in your changes are missing coverage. Please review.

Comparison is base (bf4f505) 48.24% compared to head (fc0e862) 44.75%.
Report is 1 commits behind head on develop.

Files Patch % Lines
src/backend/services/DataRepository.js 2.94% 33 Missing ⚠️
src/backend/services/ClanManagementService.js 3.84% 25 Missing ⚠️
src/backend/services/ClanManagementRepository.js 8.00% 23 Missing ⚠️
src/backend/routes/views/clans/create.js 14.28% 18 Missing ⚠️
src/backend/routes/views/clans/post/update.js 18.75% 13 Missing ⚠️
src/backend/routes/views/clans/get/manage.js 15.38% 11 Missing ⚠️
src/backend/routes/views/clans/post/destroy.js 18.18% 9 Missing ⚠️
src/backend/services/UserService.js 50.00% 6 Missing ⚠️
...d/routes/views/account/get/confirmPasswordReset.js 68.75% 4 Missing and 1 partial ⚠️
src/backend/services/ApiErrors.js 28.57% 5 Missing ⚠️
... and 2 more
Additional details and impacted files 
@@             Coverage Diff             @@
##           develop     #516      +/-   ##
===========================================
- Coverage    48.24%   44.75%   -3.50%     
===========================================
  Files           58       64       +6     
  Lines         1312     1506     +194     
  Branches       154      183      +29     
===========================================
+ Hits           633      674      +41     
- Misses         649      801     +152     
- Partials        30       31       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

fcaps
fcaps reviewed Dec 3, 2023
View reviewed changes
tests/integration/accountRouter.test.js Outdated
test('redirect to reset request page if missing parameters with flash parameter', async () => {
const response = await testSession.get('/account/password/confirmReset')
expect(response.statusCode).toBe(302)
expect(response.headers.location).toContain('/account/requestPasswordReset?flash=')
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if you follow the request, you could expect for the "invalid request" and get the other code covered.

Copy link
Collaborator Author

@beckpaul beckpaul Dec 4, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does not appear that following the request is configured as a standard option nor done as a current standard.

I would think i could test it using response.res.locals but that's undefined

Reading from the text response you could check for <ul class=\"flash-errors\"> but thats present regardless of the case and is empty.

Potentially readable from session cookies but hit a wall there.

Will revisit this tomorrow.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the website is broken everywhere, created a solution for your problem:
https://github.com/beckpaul/faf-website/pull/1/files

in general: flash messages are broken, they often have not the right structure (someone changed the layout)
tests: i restricted the tests and disallowed non localhost requests, so every request done needs to have a mock if not to localhost

fcaps
fcaps requested changes Dec 3, 2023
View reviewed changes
Copy link
Collaborator

@fcaps fcaps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see the questions above.

@beckpaul beckpaul requested a review from fcaps December 4, 2023 22:23
beckpaul added 22 commits December 4, 2023 20:11
@beckpaul
add redirect if either param is missing - working on flash
0fb0850
@beckpaul
refactor to be more funcitonal - flashes are harder than ancicipated
f639adc
@beckpaul
add .tool-versions to git ignore - this is used by asdf
62dc98a
@beckpaul
less verbose - turnary was being problematic
0bcd4c7
@beckpaul
flashes work with this - however it does not confirm to other standards
0c1f04b
@beckpaul
found an example of this - working flashes following existing code co…
90497eb 
…nventions
@beckpaul
safe flash
ce71bd8
@beckpaul
fix flash persistence
0d33d8b
@beckpaul
linting
f1ef63c
@beckpaul
update unit tests
64fe9fe
@beckpaul
lint again - sorry for wasting minutes my bad
6e186cc
@beckpaul
fix up testing
22cae7d
@beckpaul
refactor to use express-validation
2de4075
@beckpaul
lint
e2adad7
@beckpaul
fix uppercase u
91b1785
@beckpaul
user express validatior in routes for query params
4e5872f
@beckpaul
update tests, add secondary test
4065a4b
@beckpaul
add logging to docker - prints console.log into docker logs since the…
4aba28d 
…y dont seem to be forwarded to the browser
@beckpaul
merge
02ccdee
@beckpaul
merge
27e2ad8
@beckpaul
merge
d60bf70
@beckpaul
use new linting methodology - refactors
4959061
fcaps
fcaps reviewed Dec 5, 2023
View reviewed changes
docker-compose.yml
@@ -12,7 +12,9 @@ services:
context: .
networks:
- faf-stack

logging:
driver: "json-file"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this still needed?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will check and remove in next pr if not.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

already removed it, so you need to add it again... sry :)

@fcaps fcaps merged commit db94e34 into FAForever:develop Dec 5, 2023
3 of 5 checks passed
@Brutus5000 Brutus5000 changed the title Develop 515 Parameter validation for /account/password/confirmReset #515 Dec 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fcaps fcaps fcaps approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@beckpaul @fcaps