added controller endpoint for updating user personal info

2024-11-21 20:47:08 -05:00 · 2014-06-10 22:26:43 +01:00 · 2014-06-10 22:26:43 +01:00 · 3aff131428
commit 3aff131428
parent 560288348a
4 changed files with 66 additions and 2 deletions
--- a/services/web/app/coffee/Features/Editor/EditorController.coffee
+++ b/services/web/app/coffee/Features/Editor/EditorController.coffee
@ -256,7 +256,6 @@ module.exports = EditorController =
 	renameProject: (project_id, newName, callback)->
 		newName = sanitize.escape(newName)
 		ProjectDetailsHandler.renameProject project_id, newName, =>
-			newName = sanitize.escape(newName)
 			EditorRealTimeController.emitToRoom project_id, 'projectNameUpdated', newName
 			callback?()

--- a/services/web/app/coffee/Features/User/UserInfoController.coffee
+++ b/services/web/app/coffee/Features/User/UserInfoController.coffee
@ -1,6 +1,8 @@
 UserGetter = require "./UserGetter"
 logger = require("logger-sharelatex")
 UserDeleter = require("./UserDeleter")
+UserUpdater = require("./UserUpdater")
+sanitize = require('sanitizer')

 module.exports = UserController =
 	getLoggedInUsersPersonalInfo: (req, res, next = (error) ->) ->
@ -19,6 +21,18 @@ module.exports = UserController =
 			UserController.sendFormattedPersonalInfo(user, res, next)
 			req.session.destroy()

+	updatePersonalInfo: (req, res, next = (error)->) ->
+		{first_name, last_name, role, university} = req.body
+		update = 
+			first_name:sanitize.escape(first_name)
+			last_name:sanitize.escape(last_name)
+			role:sanitize.escape(role)
+			university:sanitize.escape(university)
+		UserUpdater.updatePersonalInfo update, (err)->
+			if err?
+				res.send 500
+			else
+				res.send 204

 	sendFormattedPersonalInfo: (user, res, next = (error) ->) ->
 		UserController._formatPersonalInfo user, (error, info) ->
--- a/services/web/app/coffee/router.coffee
+++ b/services/web/app/coffee/router.coffee
@ -90,8 +90,9 @@ module.exports = class Router

 		app.get  '/user/auth_token', AuthenticationController.requireLogin(), AuthenticationController.getAuthToken
 		app.get  '/user/personal_info', AuthenticationController.requireLogin(allow_auth_token: true), UserInfoController.getLoggedInUsersPersonalInfo
+		app.post  '/user/personal_info', AuthenticationController.requireLogin(), UserInfoController.getPersonalInfo
 		app.get  '/user/:user_id/personal_info', httpAuth, UserInfoController.getPersonalInfo
-		
+
 		app.get  '/project', AuthenticationController.requireLogin(), ProjectController.projectListPage
 		app.get  '/project/archived', AuthenticationController.requireLogin(), ProjectController.archivedProjects
 		app.post '/project/new', AuthenticationController.requireLogin(), ProjectController.newProject
--- a/services/web/test/UnitTests/coffee/User/UserInfoControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/User/UserInfoControllerTests.coffee
@ -1,5 +1,6 @@
 sinon = require('sinon')
 chai = require('chai')
+assert = require("chai").assert
 should = chai.should()
 expect = chai.expect
 modulePath = "../../../../app/js/Features/User/UserInfoController.js"
@ -13,9 +14,15 @@ describe "UserInfoController", ->
 	beforeEach ->
 		@UserDeleter = 
 			deleteUser: sinon.stub().callsArgWith(1)
+		@UserUpdater = 
+			updatePersonalInfo: sinon.stub()
+		@sanitizer = escape:(v)->v
+		sinon.spy @sanitizer, "escape"
 		@UserInfoController = SandboxedModule.require modulePath, requires:
 			"./UserGetter": @UserGetter = {}
+			"./UserUpdater": @UserUpdater
 			"./UserDeleter": @UserDeleter
+			"sanitizer":@sanitizer

 		@req = new MockRequest()
 		@res = new MockResponse()
@ -107,4 +114,47 @@ describe "UserInfoController", ->
 					signUpDate: @user.signUpDate
 				}

+	describe "setPersonalInfo", ->
+
+		beforeEach ->
+			@req = {}
+			@req.body = 
+				first_name: "bob"
+				last_name: "smith"
+				role:"student"
+				university: "Sheffield"
+				notWanted: "something"
+
+		it "should send the data from the body to the user updater", (done)->
+
+			@UserUpdater.updatePersonalInfo.callsArgWith(1, null)
+			@res.send = (statusCode)=>
+				statusCode.should.equal 204
+				args = @UserUpdater.updatePersonalInfo.args[0][0]
+				args.first_name.should.equal @req.body.first_name
+				args.last_name.should.equal @req.body.last_name
+				args.role.should.equal @req.body.role
+				args.university.should.equal @req.body.university
+				assert.equal args.notWanted, undefined
+				done()
+
+			@UserInfoController.updatePersonalInfo @req, @res
+
+		it "should sanitize the data", (done)->
+			@UserUpdater.updatePersonalInfo.callsArgWith(1, null)
+			@res.send = (statusCode)=>
+				@sanitizer.escape.calledWith(@req.body.first_name).should.equal true
+				@sanitizer.escape.calledWith(@req.body.last_name).should.equal true
+				@sanitizer.escape.calledWith(@req.body.role).should.equal true
+				@sanitizer.escape.calledWith(@req.body.university).should.equal true
+				done()
+			@UserInfoController.updatePersonalInfo @req, @res
+
+		it "should send an error if the UpserUpdater returns on", (done)->
+			@UserUpdater.updatePersonalInfo.callsArgWith(1, "error")
+			@res.send = (statusCode)->
+				statusCode.should.equal 500
+				done()
+			@UserInfoController.updatePersonalInfo @req, @res
+