Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Revert "Join section vulnerability"" #30458

Merged
merged 4 commits into from Aug 29, 2019
Merged

Revert "Revert "Join section vulnerability"" #30458

merged 4 commits into from Aug 29, 2019

Conversation

maddiedierker
Copy link
Contributor

@maddiedierker maddiedierker commented Aug 27, 2019
edited

Reverts #30446, which reverted #30397 because it was raising this Honeybadger error for signed out users.

Solution

View filtered commits with new changes.

After #30397, when a signed out user visited /join/:section_code, they received a 500 error. Now the flow is fixed and works as follows:

  1. Signed out user visits /join/:section_code
  2. User is prompted to create an account or sign in to an existing account
  3. If they create an account, they are automatically created as a student user and added to the section. If they sign in to an existing account, they are redirected back to /join/:section_code to finish the process of joining the section.

Note: This flow only applies to users in email section types because all other section types (word, picture, OAuth) disallow users adding themselves to a section.

Video of the above flow for signed out users:
out

@codecov-io
Copy link

codecov-io commented Aug 27, 2019
edited

Codecov Report

Merging #30458 into staging will increase coverage by 3.55%.
The diff coverage is 100%.

Impacted file tree graph

@@             Coverage Diff             @@
##           staging   #30458      +/-   ##
===========================================
+ Coverage    73.21%   76.77%   +3.55%     
===========================================
  Files         2054      679    -1375     
  Lines       112851    27777   -85074     
  Branches      3484        0    -3484     
===========================================
- Hits         82629    21326   -61303     
+ Misses       26967     6451   -20516     
+ Partials      3255        0    -3255
Flag Coverage Δ
#integration ?
#storybook ?
#unit ?
Impacted Files Coverage Δ
dashboard/app/controllers/followers_controller.rb 96.96% <100%> (-0.09%) ⬇️
apps/src/applab/AppLabView.jsx
.../src/lib/ui/accounts/ChangeUserTypeModal.story.jsx
apps/src/applab/GoogleChart.js
...s/src/lib/ui/accounts/manageLinkedAccountsRedux.js
apps/src/lib/ui/accounts/DeleteAccountHelpers.jsx
...c/applab/designElements/ColorPickerPropertyRow.jsx
...mplates/teacherDashboard/SelectSectionDropdown.jsx
...ps/src/templates/instructions/InputOutputTable.jsx
apps/src/templates/teacherDashboard/statsRedux.js
... and 1366 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fe7abb2...2e67267. Read the comment docs.

davidsbailey
davidsbailey approved these changes Aug 28, 2019
View reviewed changes
Copy link
Member

@davidsbailey davidsbailey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice tests, and thank you for the link to the filtered commits! shift clicking commits in github is like
blinds

@maddiedierker maddiedierker merged commit 3beb9ee into staging Aug 29, 2019
@maddiedierker maddiedierker deleted the revert-30446-revert-30397-join-section-vulnerability branch August 29, 2019 21:55
@maddiedierker maddiedierker mentioned this pull request Sep 3, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidsbailey davidsbailey davidsbailey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@maddiedierker @codecov-io @davidsbailey