From 4bd0cbe777b0d8ed0db26ab984dc98ea3c1c1d6e Mon Sep 17 00:00:00 2001 From: rgarcia Date: Sun, 30 Aug 2015 15:14:23 +0200 Subject: [PATCH 1/3] adds mask to verified emails and phones --- app/helpers/verification_helper.rb | 15 +++++++++++++++ .../verification/verified_user/show.html.erb | 4 ++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/app/helpers/verification_helper.rb b/app/helpers/verification_helper.rb index a7615801e..7d300c5c9 100644 --- a/app/helpers/verification_helper.rb +++ b/app/helpers/verification_helper.rb @@ -6,4 +6,19 @@ module VerificationHelper [t('verification.residence.new.document_type.residence_card'), 3]] end + def mask_phone(number) + match = number.match /\d{3}$/ + "******#{match}" + end + + def mask_email(string) + match = string.match /^(\w{1,3})(.*)@(.*)/ + + data_to_display = match[1] + data_to_mask = match[2] + email_provider = match[3] + + data_to_display + "*"*data_to_mask.size + "@" + email_provider + end + end \ No newline at end of file diff --git a/app/views/verification/verified_user/show.html.erb b/app/views/verification/verified_user/show.html.erb index 53f871c76..0646d69ac 100644 --- a/app/views/verification/verified_user/show.html.erb +++ b/app/views/verification/verified_user/show.html.erb @@ -10,7 +10,7 @@ <% if verified_user.email.present? %>
  • - <%= verified_user.email %> + <%= mask_email(verified_user.email) %> <%= render '/verification/email/form', verified_user: verified_user %> @@ -29,7 +29,7 @@ <% if verified_user.phone.present? %>
  • - <%= verified_user.phone %> + <%= mask_phone(verified_user.phone) %> <%= render '/verification/sms/form', sms: Verification::Sms.new(phone: verified_user.phone) %> From 932612a207291e0a7ef5452bc6c8c7655903d887 Mon Sep 17 00:00:00 2001 From: rgarcia Date: Sun, 30 Aug 2015 15:15:13 +0200 Subject: [PATCH 2/3] adds specs for masked emails and phones --- spec/features/verification/email_spec.rb | 2 +- .../verification/verified_user_spec.rb | 12 +++++----- spec/helpers/verification_helper_spec.rb | 24 +++++++++++++++++++ 3 files changed, 31 insertions(+), 7 deletions(-) create mode 100644 spec/helpers/verification_helper_spec.rb diff --git a/spec/features/verification/email_spec.rb b/spec/features/verification/email_spec.rb index c886e4ff6..336f4946a 100644 --- a/spec/features/verification/email_spec.rb +++ b/spec/features/verification/email_spec.rb @@ -18,7 +18,7 @@ feature 'Verify email' do visit verified_user_path within("#verified_user_#{verified_user.id}_email") do - expect(page).to have_content 'rock@example.com' + expect(page).to have_content 'roc*@example.com' click_button "Send" end diff --git a/spec/features/verification/verified_user_spec.rb b/spec/features/verification/verified_user_spec.rb index ce28ce80f..e68bb3ee1 100644 --- a/spec/features/verification/verified_user_spec.rb +++ b/spec/features/verification/verified_user_spec.rb @@ -26,8 +26,8 @@ feature 'Verified users' do login_as(user) visit verified_user_path - expect(page).to have_content 'rock@example.com' - expect(page).to have_content 'roll@example.com' + expect(page).to have_content 'roc*@example.com' + expect(page).to have_content 'rol*@example.com' end scenario "Verified phones" do @@ -44,18 +44,18 @@ feature 'Verified users' do create(:verified_user, document_number: '12345678Z', document_type: '2', - email: '622222222') + phone: '622222222') create(:verified_user, document_number: '99999999R', document_type: '2', - email: '633333333') + phone: '633333333') login_as(user) visit verified_user_path - expect(page).to have_content '611111111' - expect(page).to have_content '622222222' + expect(page).to have_content '******111' + expect(page).to have_content '******222' end scenario "Select a verified email" do diff --git a/spec/helpers/verification_helper_spec.rb b/spec/helpers/verification_helper_spec.rb new file mode 100644 index 000000000..1673264f7 --- /dev/null +++ b/spec/helpers/verification_helper_spec.rb @@ -0,0 +1,24 @@ +require 'rails_helper' + +describe VerificationHelper do + + describe "#mask_phone" do + it "should mask a phone" do + expect(mask_phone "612345678").to eq("******678") + end + end + + describe "#mask_email" do + it "should mask a long email address" do + expect(mask_email "isabel@example.com").to eq("isa***@example.com") + expect(mask_email "antonio.perez@example.com").to eq("ant**********@example.com") + end + + it "should mask a short email address" do + expect(mask_email "an@example.com").to eq("an@example.com") + expect(mask_email "ana@example.com").to eq("ana@example.com") + expect(mask_email "aina@example.com").to eq("ain*@example.com") + end + end + +end \ No newline at end of file From 76daee1fb04d86fb2b570fdbdf73289347dd979b Mon Sep 17 00:00:00 2001 From: rgarcia Date: Sun, 30 Aug 2015 15:16:33 +0200 Subject: [PATCH 3/3] removes unmasked emails and phones in forms --- app/controllers/verification/email_controller.rb | 8 ++++++-- app/controllers/verification/sms_controller.rb | 16 +++++++++++++++- app/views/verification/email/_form.html.erb | 4 ---- app/views/verification/sms/_form.html.erb | 5 ----- .../verification/verified_user/_form.html.erb | 4 ++++ .../verification/verified_user/show.html.erb | 4 ++-- config/locales/verification.en.yml | 7 ++----- config/locales/verification.es.yml | 6 ++---- 8 files changed, 31 insertions(+), 23 deletions(-) delete mode 100644 app/views/verification/email/_form.html.erb delete mode 100644 app/views/verification/sms/_form.html.erb create mode 100644 app/views/verification/verified_user/_form.html.erb diff --git a/app/controllers/verification/email_controller.rb b/app/controllers/verification/email_controller.rb index 2fe232576..1c07b1457 100644 --- a/app/controllers/verification/email_controller.rb +++ b/app/controllers/verification/email_controller.rb @@ -1,6 +1,6 @@ class Verification::EmailController < ApplicationController before_action :authenticate_user! - before_action :set_verified_user + before_action :set_verified_user, only: :create skip_authorization_check def show @@ -26,6 +26,10 @@ class Verification::EmailController < ApplicationController private def set_verified_user - @verified_user = VerifiedUser.by_user(current_user).by_email(params[:recipient]).first + @verified_user = VerifiedUser.by_user(current_user).where(id: verified_user_params[:id]).first + end + + def verified_user_params + params.require(:verified_user).permit(:id) end end \ No newline at end of file diff --git a/app/controllers/verification/sms_controller.rb b/app/controllers/verification/sms_controller.rb index 9e18453ad..8b4d24b9f 100644 --- a/app/controllers/verification/sms_controller.rb +++ b/app/controllers/verification/sms_controller.rb @@ -2,6 +2,7 @@ class Verification::SmsController < ApplicationController before_action :authenticate_user! before_action :verify_resident! before_action :verify_attemps_left!, only: [:new, :create] + before_action :set_phone, only: :create skip_authorization_check @@ -10,7 +11,7 @@ class Verification::SmsController < ApplicationController end def create - @sms = Verification::Sms.new(sms_params.merge(user: current_user)) + @sms = Verification::Sms.new(phone: @phone, user: current_user) if @sms.save redirect_to edit_sms_path, notice: t('verification.sms.create.flash.success') else @@ -44,6 +45,19 @@ class Verification::SmsController < ApplicationController params.require(:sms).permit(:phone, :confirmation_code) end + def set_phone + if verified_user + @phone = @verified_user.phone + else + @phone = sms_params[:phone] + end + end + + def verified_user + return false unless params[:verified_user] + @verified_user = VerifiedUser.by_user(current_user).where(id: params[:verified_user][:id]).first + end + def redirect_to_next_path current_user.reload if current_user.level_three_verified? diff --git a/app/views/verification/email/_form.html.erb b/app/views/verification/email/_form.html.erb deleted file mode 100644 index 7314e568c..000000000 --- a/app/views/verification/email/_form.html.erb +++ /dev/null @@ -1,4 +0,0 @@ -<%= form_for Verification::Email.new(verified_user), as: "email", url: email_path, method: :post do |f| %> - <%= hidden_field_tag :recipient, verified_user.email %> - <%= f.submit t('verification.email.form.submit_button') %> -<% end %> \ No newline at end of file diff --git a/app/views/verification/sms/_form.html.erb b/app/views/verification/sms/_form.html.erb deleted file mode 100644 index 9aaaa1495..000000000 --- a/app/views/verification/sms/_form.html.erb +++ /dev/null @@ -1,5 +0,0 @@ -<%= form_for sms, as: "sms", url: sms_path do |f| %> - <%= render 'shared/errors', resource: sms %> - <%= f.hidden_field :phone %> - <%= f.submit t('verification.sms.form.submit_button') %> -<% end %> \ No newline at end of file diff --git a/app/views/verification/verified_user/_form.html.erb b/app/views/verification/verified_user/_form.html.erb new file mode 100644 index 000000000..286bb38ba --- /dev/null +++ b/app/views/verification/verified_user/_form.html.erb @@ -0,0 +1,4 @@ +<%= form_for verified_user, url: url, method: :post do |f| %> + <%= f.hidden_field :id %> + <%= f.submit t('verification.verified_user.form.submit_button') %> +<% end %> \ No newline at end of file diff --git a/app/views/verification/verified_user/show.html.erb b/app/views/verification/verified_user/show.html.erb index 0646d69ac..a5a3915f3 100644 --- a/app/views/verification/verified_user/show.html.erb +++ b/app/views/verification/verified_user/show.html.erb @@ -13,7 +13,7 @@ <%= mask_email(verified_user.email) %> - <%= render '/verification/email/form', verified_user: verified_user %> + <%= render 'form', url: email_path, verified_user: verified_user %>



    • @@ -32,7 +32,7 @@ <%= mask_phone(verified_user.phone) %> - <%= render '/verification/sms/form', sms: Verification::Sms.new(phone: verified_user.phone) %> + <%= render 'form', url: sms_path, verified_user: verified_user %>


    diff --git a/config/locales/verification.en.yml b/config/locales/verification.en.yml index f9b2db4fb..677a663db 100644 --- a/config/locales/verification.en.yml +++ b/config/locales/verification.en.yml @@ -34,8 +34,6 @@ en: success: 'Correct code. You are now a verified user' level_two: success: 'Correct code' - form: - submit_button: Send alert: verify_attemps_left: 'You have reached the maximum number of sms verification tries' email: @@ -49,8 +47,6 @@ en: success: "We have send you a confirmation email to your email account: %{email}" alert: failure: "There was a problem sending you an email to your account" - form: - submit_button: Send letter: new: title: Final Verification @@ -69,4 +65,5 @@ en: email_title: Emails phone_title: Phones use_another_phone: Use another phone - + form: + submit_button: Send \ No newline at end of file diff --git a/config/locales/verification.es.yml b/config/locales/verification.es.yml index b9cda6aed..e2dd66d15 100644 --- a/config/locales/verification.es.yml +++ b/config/locales/verification.es.yml @@ -34,8 +34,6 @@ es: success: 'Código correcto. Ya eres un usuario verificado' level_two: success: 'Código incorrecto' - form: - submit_button: Enviar alert: verify_attemps_left: 'Has llegado al máximo número de intentos de verificar tu teléfono.' email: @@ -49,8 +47,6 @@ es: success: "Te hemos enviado un email de confirmación a tu cuenta: %{email}" alert: failure: "Hubo un problema enviándote un email a tu cuenta" - form: - submit_button: Enviar letter: new: title: Final Verification @@ -69,3 +65,5 @@ es: email_title: Emails phone_title: Teléfonos use_another_phone: Utilizar otro teléfono + form: + submit_button: Enviar \ No newline at end of file