Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create an option to only allow users to edit their profile within first 24 hours. #35

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create an option to only allow users to edit their profile within first 24 hours. #35

wants to merge 1 commit into from

Conversation

petecheslock
Copy link
Contributor

@petecheslock petecheslock commented Dec 22, 2023
edited
Loading

This pull request introduces a change to the correct_user method in the UsersController to limit the time frame in which a user can edit their profile to the first 24 hours after account creation.

Changes include:

Added a condition in correct_user method to check if the current time is more than 24 hours from the time of account creation.
If the condition is met, a flash message is displayed informing the user that they can only edit their profile within 24 hours of account creation, and they are redirected to the root URL.
This change is intended to enhance account security by reducing the window in which a user's profile can be edited. It will be particularly effective in limiting the potential damage if a user's account is compromised.

Please review and provide any feedback.

@github-actions GitHub Actions
Copy link

AppMap runtime code review

Summary Status
Failed tests ⚠️ 2 failed
New AppMaps 0️⃣ No new AppMaps

⚠️ Note Because 2 tests failed, AppMap is showing an abbreviated analysis to help you get them working. Once all tests are passing, all report sections will be available.

⚠️ Failed tests

test/controllers/users_controller_test.rb:34

test/controllers/users_controller_test.rb:34 failed with error:

Expected response to be a <3XX: redirect>, but was a <200: OK>

The error occurred at test/controllers/users_controller_test.rb:38:

   29:                                               email: @user.email } }
   30:     assert_not flash.empty?
   31:     assert_redirected_to login_url
   32:   end
   33: 
   34:   test "should redirect edit when logged in as wrong user" do
   35:     log_in_as(@other_user)
   36:     get edit_user_path(@user)
   37:     assert flash.empty?
>  38:     assert_redirected_to root_url
   39:   end
   40: 
   41:   test "should redirect update when logged in as wrong user" do
   42:     log_in_as(@other_user)
   43:     patch user_path(@user), params: { user: { name: @user.name,
   44:                                               email: @user.email } }
   45:     assert flash.empty?
   46:     assert_redirected_to root_url
   47:   end
   48:
Related code changes
--- app/controllers/users_controller.rb
+++ app/controllers/users_controller.rb
@@ -74,7 +74,9 @@ class UsersController < ApplicationController
     # Confirms the correct user.
     def correct_user
       @user = User.find(params[:id])
-      redirect_to(root_url, status: :see_other) unless current_user?(@user)
+      if Time.now - @user.created_at > 24.hours
+        flash[:danger] = "You can only edit your profile within 24 hours of account creation."
+      end
     end
 
     # Confirms an admin user.

View AppMap of this test »
View sequence diagram diff of this test »

test/controllers/users_controller_test.rb:41

test/controllers/users_controller_test.rb:41 failed with error:

Expected false to be truthy.

The error occurred at test/controllers/users_controller_test.rb:45:

   36:     get edit_user_path(@user)
   37:     assert flash.empty?
   38:     assert_redirected_to root_url
   39:   end
   40: 
   41:   test "should redirect update when logged in as wrong user" do
   42:     log_in_as(@other_user)
   43:     patch user_path(@user), params: { user: { name: @user.name,
   44:                                               email: @user.email } }
>  45:     assert flash.empty?
   46:     assert_redirected_to root_url
   47:   end
   48: 
   49:   test "should redirect destroy when not logged in" do
   50:     assert_no_difference 'User.count' do
   51:       delete user_path(@user)
   52:     end
   53:     assert_redirected_to login_url
   54:   end
   55:
Related code changes
--- app/controllers/users_controller.rb
+++ app/controllers/users_controller.rb
@@ -74,7 +74,9 @@ class UsersController < ApplicationController
     # Confirms the correct user.
     def correct_user
       @user = User.find(params[:id])
-      redirect_to(root_url, status: :see_other) unless current_user?(@user)
+      if Time.now - @user.created_at > 24.hours
+        flash[:danger] = "You can only edit your profile within 24 hours of account creation."
+      end
     end
 
     # Confirms an admin user.

View AppMap of this test »
View sequence diagram diff of this test »

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@petecheslock