Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security loofah #86

Merged
merged 3 commits into from Nov 25, 2019
Merged

Security loofah #86

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
932b50b
loofah security issue
eebbesen Nov 24, 2019
1f539ae
adding chromedriver_version variable
eebbesen Nov 25, 2019
3ea7811
linting
eebbesen Nov 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions .env.template
View file
Open in desktop
@@ -1 +1,2 @@
MM_GOOGLE_API_KEY=MM_GOOGLE_API_KEY
CHROMEDRIVER_VERSION=CHROMEDRIVER_VERSION
1 change: 1 addition & 0 deletions Gemfile
View file
Open in desktop
Expand Up @@ -40,6 +40,7 @@ gem 'font-awesome-rails'
gem 'foundation-rails'
gem 'google-maps'
gem 'jquery-rails'
gem 'loofah', '>= 2.3.1'
gem 'recaptcha'
gem 'sprockets-es6'

Expand Down
7 changes: 4 additions & 3 deletions Gemfile.lock
View file
Open in desktop
Expand Up @@ -78,7 +78,7 @@ GEM
concurrent-ruby (1.1.5)
crack (0.4.3)
safe_yaml (~> 1.0.0)
crass (1.0.4)
crass (1.0.5)
devise (4.7.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
Expand Down Expand Up @@ -124,7 +124,7 @@ GEM
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2)
loofah (2.2.3)
loofah (2.3.1)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
Expand All @@ -143,7 +143,7 @@ GEM
metaclass (~> 0.0.1)
msgpack (1.3.1)
nio4r (2.5.1)
nokogiri (1.10.4)
nokogiri (1.10.5)
mini_portile2 (~> 2.4.0)
orm_adapter (0.5.0)
parallel (1.17.0)
Expand Down Expand Up @@ -287,6 +287,7 @@ DEPENDENCIES
jbuilder (~> 2.5)
jquery-rails
listen (>= 3.0.5, < 3.2)
loofah (>= 2.3.1)
mini_racer
mocha
pg
Expand Down
12 changes: 6 additions & 6 deletions app/controllers/registrations_controller.rb
View file
Open in desktop
Expand Up @@ -8,11 +8,11 @@ class RegistrationsController < Devise::RegistrationsController
private

def check_captcha
unless verify_recaptcha
self.resource = resource_class.new sign_up_params
resource.validate # Look for any other validation errors besides Recaptcha
set_minimum_password_length
respond_with resource
end
return if verify_recaptcha

self.resource = resource_class.new sign_up_params
resource.validate # Look for any other validation errors besides Recaptcha
set_minimum_password_length
respond_with resource
end
end
2 changes: 1 addition & 1 deletion app/services/processor/saint_paul.rb
View file
Open in desktop
Expand Up @@ -15,7 +15,7 @@ def process
get_meeting_rows.each do |m|
md = Processor::SaintPaul.extract_meeting_data(m)
meeting = Processor::SaintPaul.send(:persist_meeting, md)
return unless meeting
next unless meeting

puts "Processing #{meeting.name}: #{meeting.date}"
r = Processor::SaintPaul.get_meeting_detail_rows meeting[:details]
Expand Down
4 changes: 2 additions & 2 deletions test/system/users_test.rb
View file
Open in desktop
Expand Up @@ -53,9 +53,9 @@ class UsersTest < ApplicationSystemTestCase

private

def require_recaptcha(y = true)
def require_recaptcha(req = true)
r = Recaptcha.configuration.skip_verify_env
return r.delete('test') if y
return r.delete('test') if req

r.push('test') unless r.include?('test')
end
Expand Down