zecfoundation
/
zcash-grant-system
mirror of https://github.com/ZcashFoundation/zcash-grant-system.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #113 from grant-project/remove-profile 

Keep user email addresses private
This commit is contained in:
Daniel Ternyak 2019-01-28 15:47:57 -06:00 committed by GitHub
parent e1d351762a 5b985e7fd7
commit eecb6cdabc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 55 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/grant/comment/models.py
View File

@ -50,7 +50,7 @@ class CommentSchema(ma.Schema):
)
date_created = ma.Method("get_date_created")
author = ma.Nested("UserSchema", exclude=["email_address"])
author = ma.Nested("UserSchema")
replies = ma.Nested("CommentSchema", many=True)
def get_date_created(self, obj):

2
backend/grant/proposal/models.py
View File

@ -479,7 +479,7 @@ class ProposalContributionSchema(ma.Schema):
)
proposal = ma.Nested("ProposalSchema")
user = ma.Nested("UserSchema", exclude=["email_address"])
user = ma.Nested("UserSchema")
date_created = ma.Method("get_date_created")
addresses = ma.Method("get_addresses")

4
backend/grant/proposal/views.py
View File

@ -143,10 +143,6 @@ def get_proposals(stage):
)
dumped_proposals = proposals_schema.dump(proposals)
return dumped_proposals
# except Exception as e:
# print(e)
# print(traceback.format_exc())
# return {"message": "Oops! Something went wrong."}, 500
@blueprint.route("/drafts", methods=["POST"])

26
backend/grant/user/models.py
View File

@ -224,7 +224,7 @@ class User(db.Model, UserMixin):
})
class UserSchema(ma.Schema):
class SelfUserSchema(ma.Schema):
class Meta:
model = User
# Fields to expose
@ -245,6 +245,30 @@ class UserSchema(ma.Schema):
return obj.id
self_user_schema = SelfUserSchema()
self_users_schema = SelfUserSchema(many=True)
class UserSchema(ma.Schema):
class Meta:
model = User
# Fields to expose
fields = (
"title",
"social_medias",
"avatar",
"display_name",
"userid"
)
social_medias = ma.Nested("SocialMediaSchema", many=True)
avatar = ma.Nested("AvatarSchema")
userid = ma.Method("get_userid")
def get_userid(self, obj):
return obj.id
user_schema = UserSchema()
users_schema = UserSchema(many=True)

11
backend/grant/user/views.py
View File

@ -25,8 +25,9 @@ from .models import (
User,
SocialMedia,
Avatar,
users_schema,
self_user_schema,
user_schema,
users_schema,
user_settings_schema,
db
)
@ -58,7 +59,7 @@ def get_users(proposal_id):
@requires_auth
@endpoint.api()
def get_me():
dumped_user = user_schema.dump(g.current_user)
dumped_user = self_user_schema.dump(g.current_user)
return dumped_user
@ -122,7 +123,7 @@ def create_user(
title=title
)
user.login()
result = user_schema.dump(user)
result = self_user_schema.dump(user)
return result, 201
@ -138,7 +139,7 @@ def auth_user(email, password):
if not existing_user.check_password(password):
return {"message": "Invalid password"}, 403
existing_user.login()
return user_schema.dump(existing_user)
return self_user_schema.dump(existing_user)
@blueprint.route("/me/password", methods=["PUT"])
@ -304,7 +305,7 @@ def update_user(user_id, display_name, title, social_medias, avatar):
remove_avatar(old_avatar_url, user.id)
db.session.commit()
result = user_schema.dump(user)
result = self_user_schema.dump(user)
return result

1
backend/requirements/dev.txt
View File

@ -5,7 +5,6 @@
pytest==3.7.1
WebTest==2.0.30
factory-boy==2.11.1
eth-tester[py-evm]==0.1.0b33
# Lint and code style
flake8==3.5.0

14
backend/tests/proposal/test_api.py
View File

@ -108,3 +108,17 @@ class TestProposalAPI(BaseProposalCreatorConfig):
self.proposal.status = PENDING # should be APPROVED
resp = self.app.put("/api/v1/proposals/{}/publish".format(self.proposal.id))
self.assert400(resp)
# /
def test_get_proposals(self):
self.test_publish_proposal_approved()
resp = self.app.get("/api/v1/proposals/")
self.assert200(resp)
def test_get_proposals_does_not_include_team_member_email_addresses(self):
self.test_publish_proposal_approved()
resp = self.app.get("/api/v1/proposals/")
self.assert200(resp)
for each_proposal in resp.json:
for team_member in each_proposal["team"]:
self.assertIsNone(team_member.get('email_address'))

13
backend/tests/user/test_user_api.py
View File

@ -63,7 +63,6 @@ class TestUserAPI(BaseUserConfig):
}),
content_type="application/json"
)
print(user_auth_resp.headers)
self.assertEqual(user_auth_resp.json['emailAddress'], self.user.email_address)
self.assertEqual(user_auth_resp.json['displayName'], self.user.display_name)
@ -76,20 +75,24 @@ class TestUserAPI(BaseUserConfig):
}),
content_type="application/json"
)
print(login_resp.headers)
# should have session cookie now
me_resp = self.app.get(
"/api/v1/users/me"
)
print(me_resp.headers)
self.assert200(me_resp)
def test_me_get_includes_email_address(self):
self.login_default_user()
me_resp = self.app.get(
"/api/v1/users/me"
)
self.assert200(me_resp)
self.assertIsNotNone(me_resp.json['emailAddress'])
def test_user_auth_required_fail(self):
me_resp = self.app.get(
"/api/v1/users/me",
)
print(me_resp.json)
print(me_resp.headers)
self.assert401(me_resp)
def test_user_auth_bad_password(self):

8
frontend/client/components/Profile/ProfileUser.tsx
View File

@ -37,14 +37,6 @@ class ProfileUser extends React.Component<Props> {
<div className="ProfileUser-info">
<div className="ProfileUser-info-name">{user.displayName}</div>
<div className="ProfileUser-info-title">{user.title}</div>
<div>
{user.emailAddress && (
<div className="ProfileUser-info-address">
<span>email address</span>
{user.emailAddress}
</div>
)}
</div>
{socialMedias.length > 0 && (
<div className="ProfileUser-info-social">
{socialMedias.map(sm => (