mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2024-11-23 15:48:11 -05:00
Anonymous users are now silently renamed upon signup in case of conflict
This commit is contained in:
Ruben Vereecken
parent
6e593b2ec0
commit
94210fc461
3 changed files with 68 additions and 27 deletions
|
|
@ -30,6 +30,9 @@ UserSchema.methods.isAdmin = ->
|
||||||
p = @get('permissions')
|
p = @get('permissions')
|
||||||
return p and 'admin' in p
|
return p and 'admin' in p
|
||||||
|
|
||||||
|
UserSchema.methods.isAnonymous = ->
|
||||||
|
@get 'anonymous'
|
||||||
|
|
||||||
UserSchema.methods.trackActivity = (activityName, increment) ->
|
UserSchema.methods.trackActivity = (activityName, increment) ->
|
||||||
now = new Date()
|
now = new Date()
|
||||||
increment ?= parseInt increment or 1
|
increment ?= parseInt increment or 1
|
||||||
|
|
@ -109,6 +112,30 @@ UserSchema.statics.updateMailChimp = (doc, callback) ->
|
||||||
|
|
||||||
mc?.lists.subscribe params, onSuccess, onFailure
|
mc?.lists.subscribe params, onSuccess, onFailure
|
||||||
|
|
||||||
|
UserSchema.statics.unconflictName = unconflictName = (name, done) ->
|
||||||
|
User.findOne {slug: _.str.slugify(name)}, (err, otherUser) ->
|
||||||
|
return done err if err?
|
||||||
|
return done null, name unless otherUser
|
||||||
|
suffix = _.random(0, 9) + ''
|
||||||
|
unconflictName name + suffix, done
|
||||||
|
|
||||||
|
UserSchema.methods.register = (done) ->
|
||||||
|
@set('anonymous', false)
|
||||||
|
@set('permissions', ['admin']) if not isProduction
|
||||||
|
if (name = @get 'name')? and name isnt ''
|
||||||
|
unconflictName name, (err, uniqueName) =>
|
||||||
|
return done err if err
|
||||||
|
@set 'name', uniqueName
|
||||||
|
done()
|
||||||
|
else done()
|
||||||
|
data =
|
||||||
|
email_id: sendwithus.templates.welcome_email
|
||||||
|
recipient:
|
||||||
|
address: @get 'email'
|
||||||
|
sendwithus.api.send data, (err, result) ->
|
||||||
|
log.error "sendwithus post-save error: #{err}, result: #{result}" if err
|
||||||
|
|
||||||
|
|
||||||
UserSchema.pre('save', (next) ->
|
UserSchema.pre('save', (next) ->
|
||||||
@set('emailLower', @get('email')?.toLowerCase())
|
@set('emailLower', @get('email')?.toLowerCase())
|
||||||
@set('nameLower', @get('name')?.toLowerCase())
|
@set('nameLower', @get('name')?.toLowerCase())
|
||||||
|
|
@ -116,15 +143,9 @@ UserSchema.pre('save', (next) ->
|
||||||
if @get('password')
|
if @get('password')
|
||||||
@set('passwordHash', User.hashPassword(pwd))
|
@set('passwordHash', User.hashPassword(pwd))
|
||||||
@set('password', undefined)
|
@set('password', undefined)
|
||||||
if @get('email') and @get('anonymous')
|
if @get('email') and @get('anonymous') # a user registers
|
||||||
@set('anonymous', false)
|
@register next
|
||||||
@set('permissions', ['admin']) if not isProduction
|
else
|
||||||
data =
|
|
||||||
email_id: sendwithus.templates.welcome_email
|
|
||||||
recipient:
|
|
||||||
address: @get 'email'
|
|
||||||
sendwithus.api.send data, (err, result) ->
|
|
||||||
log.error "sendwithus post-save error: #{err}, result: #{result}" if err
|
|
||||||
next()
|
next()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -104,7 +104,8 @@ UserHandler = class UserHandler extends Handler
|
||||||
return callback(null, req, user) unless req.body.name
|
return callback(null, req, user) unless req.body.name
|
||||||
nameLower = req.body.name?.toLowerCase()
|
nameLower = req.body.name?.toLowerCase()
|
||||||
return callback(null, req, user) unless nameLower
|
return callback(null, req, user) unless nameLower
|
||||||
return callback(null, req, user) if nameLower is user.get('nameLower') and not user.get('anonymous')
|
return callback(null, req, user) if user.get 'anonymous' # anonymous users can have any name
|
||||||
|
return callback(null, req, user) if nameLower is user.get('nameLower')
|
||||||
User.findOne({nameLower: nameLower, anonymous: false}).exec (err, otherUser) ->
|
User.findOne({nameLower: nameLower, anonymous: false}).exec (err, otherUser) ->
|
||||||
log.error "Database error setting user name: #{err}" if err
|
log.error "Database error setting user name: #{err}" if err
|
||||||
return callback(res: 'Database error.', code: 500) if err
|
return callback(res: 'Database error.', code: 500) if err
|
||||||
|
|
|
||||||
|
|
@ -110,24 +110,13 @@ describe 'POST /db/user', ->
|
||||||
it 'should allow multiple anonymous users with same name', (done) ->
|
it 'should allow multiple anonymous users with same name', (done) ->
|
||||||
createAnonNameUser('Jim', done)
|
createAnonNameUser('Jim', done)
|
||||||
|
|
||||||
it 'should not allow setting existing user name to anonymous user', (done) ->
|
it 'should allow setting existing user name to anonymous user', (done) ->
|
||||||
|
|
||||||
createAnonUser = ->
|
|
||||||
request.post getURL('/auth/logout'), ->
|
|
||||||
request.get getURL('/auth/whoami'), ->
|
|
||||||
req = request.post(getURL('/db/user'), (err, response) ->
|
|
||||||
expect(response.statusCode).toBe(409)
|
|
||||||
done()
|
|
||||||
)
|
|
||||||
form = req.form()
|
|
||||||
form.append('name', 'Jim')
|
|
||||||
|
|
||||||
req = request.post(getURL('/db/user'), (err, response, body) ->
|
req = request.post(getURL('/db/user'), (err, response, body) ->
|
||||||
expect(response.statusCode).toBe(200)
|
expect(response.statusCode).toBe(200)
|
||||||
request.get getURL('/auth/whoami'), (request, response, body) ->
|
request.get getURL('/auth/whoami'), (request, response, body) ->
|
||||||
res = JSON.parse(response.body)
|
res = JSON.parse(response.body)
|
||||||
expect(res.anonymous).toBeFalsy()
|
expect(res.anonymous).toBeFalsy()
|
||||||
createAnonUser()
|
createAnonNameUser 'Jim', done
|
||||||
)
|
)
|
||||||
form = req.form()
|
form = req.form()
|
||||||
form.append('email', 'new@user.com')
|
form.append('email', 'new@user.com')
|
||||||
|
|
@ -212,6 +201,39 @@ ghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghl
|
||||||
form.append('email', 'New@email.com')
|
form.append('email', 'New@email.com')
|
||||||
form.append('name', 'Wilhelm')
|
form.append('name', 'Wilhelm')
|
||||||
|
|
||||||
|
it 'should not allow two users with the same name slug', (done) ->
|
||||||
|
loginSam (sam) ->
|
||||||
|
samsName = sam.get 'name'
|
||||||
|
sam.set 'name', 'admin'
|
||||||
|
request.put {uri:getURL(urlUser + '/' + sam.id), json: sam.toObject()}, (err, response) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
expect(response.statusCode).toBe 409
|
||||||
|
|
||||||
|
sam.set 'name', samsName
|
||||||
|
done()
|
||||||
|
|
||||||
|
it 'should silently rename an anonymous user if their name conflicts upon signup', (done) ->
|
||||||
|
request.post getURL('/auth/logout'), ->
|
||||||
|
request.get getURL('/auth/whoami'), ->
|
||||||
|
req = request.post getURL('/db/user'), (err, response) ->
|
||||||
|
expect(response.statusCode).toBe(200)
|
||||||
|
request.get getURL('/auth/whoami'), (err, response) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
guy = JSON.parse(response.body)
|
||||||
|
expect(guy.anonymous).toBeTruthy()
|
||||||
|
expect(guy.name).toEqual 'admin'
|
||||||
|
|
||||||
|
guy.email = 'blub@blub' # Email means registration
|
||||||
|
req = request.post {url: getURL('/db/user'), json: guy}, (err, response) ->
|
||||||
|
expect(err).toBeNull()
|
||||||
|
finalGuy = response.body
|
||||||
|
expect(finalGuy.anonymous).toBeFalsy()
|
||||||
|
expect(finalGuy.name).not.toEqual guy.name
|
||||||
|
expect(finalGuy.name.length).toBe guy.name.length + 1
|
||||||
|
done()
|
||||||
|
form = req.form()
|
||||||
|
form.append('name', 'admin')
|
||||||
|
|
||||||
describe 'GET /db/user', ->
|
describe 'GET /db/user', ->
|
||||||
|
|
||||||
it 'logs in as admin', (done) ->
|
it 'logs in as admin', (done) ->
|
||||||
|
|
@ -293,6 +315,3 @@ describe 'GET /db/user', ->
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue