Merge pull request #292 from AyuntamientoMadrid/mask_user_data

Mask user data
2015-08-30 15:22:25 +02:00
parent 99790e5fe8 76daee1fb0
commit 3217d262b4
12 changed files with 79 additions and 32 deletions
--- a/app/controllers/verification/email_controller.rb
+++ b/app/controllers/verification/email_controller.rb
@@ -1,6 +1,6 @@
 class Verification::EmailController < ApplicationController
  before_action :authenticate_user!
-  before_action :set_verified_user
+  before_action :set_verified_user, only: :create
  skip_authorization_check

  def show
@@ -26,6 +26,10 @@ class Verification::EmailController < ApplicationController
  private

    def set_verified_user
-      @verified_user = VerifiedUser.by_user(current_user).by_email(params[:recipient]).first
+      @verified_user = VerifiedUser.by_user(current_user).where(id: verified_user_params[:id]).first
+    end
+
+    def verified_user_params
+      params.require(:verified_user).permit(:id)
    end
 end
--- a/app/controllers/verification/sms_controller.rb
+++ b/app/controllers/verification/sms_controller.rb
@@ -2,6 +2,7 @@ class Verification::SmsController < ApplicationController
  before_action :authenticate_user!
  before_action :verify_resident!
  before_action :verify_attemps_left!, only: [:new, :create]
+  before_action :set_phone, only: :create

  skip_authorization_check

@@ -10,7 +11,7 @@ class Verification::SmsController < ApplicationController
  end

  def create
-    @sms = Verification::Sms.new(sms_params.merge(user: current_user))
+    @sms = Verification::Sms.new(phone: @phone, user: current_user)
    if @sms.save
      redirect_to edit_sms_path, notice: t('verification.sms.create.flash.success')
    else
@@ -44,6 +45,19 @@ class Verification::SmsController < ApplicationController
      params.require(:sms).permit(:phone, :confirmation_code)
    end

+    def set_phone
+      if verified_user
+        @phone = @verified_user.phone
+      else
+        @phone = sms_params[:phone]
+      end
+    end
+
+    def verified_user
+      return false unless params[:verified_user]
+      @verified_user = VerifiedUser.by_user(current_user).where(id: params[:verified_user][:id]).first
+    end
+
    def redirect_to_next_path
      current_user.reload
      if current_user.level_three_verified?