From 3aff1314282b0add6fc4341eb847679d88450780 Mon Sep 17 00:00:00 2001 From: Henry Oswald Date: Tue, 10 Jun 2014 22:26:43 +0100 Subject: [PATCH] added controller endpoint for updating user personal info --- .../Features/Editor/EditorController.coffee | 1 - .../Features/User/UserInfoController.coffee | 14 ++++++ services/web/app/coffee/router.coffee | 3 +- .../User/UserInfoControllerTests.coffee | 50 +++++++++++++++++++ 4 files changed, 66 insertions(+), 2 deletions(-) diff --git a/services/web/app/coffee/Features/Editor/EditorController.coffee b/services/web/app/coffee/Features/Editor/EditorController.coffee index 99e28fd152..19e9d98da5 100644 --- a/services/web/app/coffee/Features/Editor/EditorController.coffee +++ b/services/web/app/coffee/Features/Editor/EditorController.coffee @@ -256,7 +256,6 @@ module.exports = EditorController = renameProject: (project_id, newName, callback)-> newName = sanitize.escape(newName) ProjectDetailsHandler.renameProject project_id, newName, => - newName = sanitize.escape(newName) EditorRealTimeController.emitToRoom project_id, 'projectNameUpdated', newName callback?() diff --git a/services/web/app/coffee/Features/User/UserInfoController.coffee b/services/web/app/coffee/Features/User/UserInfoController.coffee index d29e096cf8..f78456b1b1 100644 --- a/services/web/app/coffee/Features/User/UserInfoController.coffee +++ b/services/web/app/coffee/Features/User/UserInfoController.coffee @@ -1,6 +1,8 @@ UserGetter = require "./UserGetter" logger = require("logger-sharelatex") UserDeleter = require("./UserDeleter") +UserUpdater = require("./UserUpdater") +sanitize = require('sanitizer') module.exports = UserController = getLoggedInUsersPersonalInfo: (req, res, next = (error) ->) -> @@ -19,6 +21,18 @@ module.exports = UserController = UserController.sendFormattedPersonalInfo(user, res, next) req.session.destroy() + updatePersonalInfo: (req, res, next = (error)->) -> + {first_name, last_name, role, university} = req.body + update = + first_name:sanitize.escape(first_name) + last_name:sanitize.escape(last_name) + role:sanitize.escape(role) + university:sanitize.escape(university) + UserUpdater.updatePersonalInfo update, (err)-> + if err? + res.send 500 + else + res.send 204 sendFormattedPersonalInfo: (user, res, next = (error) ->) -> UserController._formatPersonalInfo user, (error, info) -> diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee index d19f38eb33..45cf7a170b 100644 --- a/services/web/app/coffee/router.coffee +++ b/services/web/app/coffee/router.coffee @@ -90,8 +90,9 @@ module.exports = class Router app.get '/user/auth_token', AuthenticationController.requireLogin(), AuthenticationController.getAuthToken app.get '/user/personal_info', AuthenticationController.requireLogin(allow_auth_token: true), UserInfoController.getLoggedInUsersPersonalInfo + app.post '/user/personal_info', AuthenticationController.requireLogin(), UserInfoController.getPersonalInfo app.get '/user/:user_id/personal_info', httpAuth, UserInfoController.getPersonalInfo - + app.get '/project', AuthenticationController.requireLogin(), ProjectController.projectListPage app.get '/project/archived', AuthenticationController.requireLogin(), ProjectController.archivedProjects app.post '/project/new', AuthenticationController.requireLogin(), ProjectController.newProject diff --git a/services/web/test/UnitTests/coffee/User/UserInfoControllerTests.coffee b/services/web/test/UnitTests/coffee/User/UserInfoControllerTests.coffee index cb80df9b1e..07c38abf28 100644 --- a/services/web/test/UnitTests/coffee/User/UserInfoControllerTests.coffee +++ b/services/web/test/UnitTests/coffee/User/UserInfoControllerTests.coffee @@ -1,5 +1,6 @@ sinon = require('sinon') chai = require('chai') +assert = require("chai").assert should = chai.should() expect = chai.expect modulePath = "../../../../app/js/Features/User/UserInfoController.js" @@ -13,9 +14,15 @@ describe "UserInfoController", -> beforeEach -> @UserDeleter = deleteUser: sinon.stub().callsArgWith(1) + @UserUpdater = + updatePersonalInfo: sinon.stub() + @sanitizer = escape:(v)->v + sinon.spy @sanitizer, "escape" @UserInfoController = SandboxedModule.require modulePath, requires: "./UserGetter": @UserGetter = {} + "./UserUpdater": @UserUpdater "./UserDeleter": @UserDeleter + "sanitizer":@sanitizer @req = new MockRequest() @res = new MockResponse() @@ -107,4 +114,47 @@ describe "UserInfoController", -> signUpDate: @user.signUpDate } + describe "setPersonalInfo", -> + + beforeEach -> + @req = {} + @req.body = + first_name: "bob" + last_name: "smith" + role:"student" + university: "Sheffield" + notWanted: "something" + + it "should send the data from the body to the user updater", (done)-> + + @UserUpdater.updatePersonalInfo.callsArgWith(1, null) + @res.send = (statusCode)=> + statusCode.should.equal 204 + args = @UserUpdater.updatePersonalInfo.args[0][0] + args.first_name.should.equal @req.body.first_name + args.last_name.should.equal @req.body.last_name + args.role.should.equal @req.body.role + args.university.should.equal @req.body.university + assert.equal args.notWanted, undefined + done() + + @UserInfoController.updatePersonalInfo @req, @res + + it "should sanitize the data", (done)-> + @UserUpdater.updatePersonalInfo.callsArgWith(1, null) + @res.send = (statusCode)=> + @sanitizer.escape.calledWith(@req.body.first_name).should.equal true + @sanitizer.escape.calledWith(@req.body.last_name).should.equal true + @sanitizer.escape.calledWith(@req.body.role).should.equal true + @sanitizer.escape.calledWith(@req.body.university).should.equal true + done() + @UserInfoController.updatePersonalInfo @req, @res + + it "should send an error if the UpserUpdater returns on", (done)-> + @UserUpdater.updatePersonalInfo.callsArgWith(1, "error") + @res.send = (statusCode)-> + statusCode.should.equal 500 + done() + @UserInfoController.updatePersonalInfo @req, @res +