Skip to content

Commit

Permalink
Bug squash (#677)
Browse files Browse the repository at this point in the history 
* Fix #623
* resolve #622
* resolve #620
* test fixing
  • Loading branch information
@dqwiki
dqwiki authored May 22, 2023
1 parent 3e5e82f commit 5441b6c
Show file tree
Hide file tree
Showing 6 changed files with 65 additions and 74 deletions.
23 changes: 21 additions & 2 deletions app/Http/Controllers/Appeal/PublicAppealController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,19 @@

class PublicAppealController extends Controller
{
public static function checkValidUser($username, $wiki) {

$api = MediaWikiRepository::getApiForTarget($wiki);
$services = $api->getAddWikiServices();

$user = $services->newUserGetter()->getFromUsername($username);
if($user->getId() > 0) {
return True;
} else {
return False;
}
}

public function store(Request $request)
{
$ua = $request->userAgent();
Expand All @@ -38,6 +51,9 @@ public function store(Request $request)
'hiddenip' => 'nullable|ip'
]);

// back compat, at least for now
$data['wiki'] = Wiki::where('id', $data['wiki_id'])->firstOrFail()->database_name;

//If blocktype == 0 and appealfor not IP/range
if ($data['blocktype']==0 && !(IPUtils::isIp($data['appealfor']) || IPUtils::isIpRange($data['appealfor']))) {
return Redirect::back()->withErrors(['msg'=>'That is not a valid IP address, please try again.'])->withInput();
Expand All @@ -47,6 +63,10 @@ public function store(Request $request)
return Redirect::back()->withErrors(['msg'=>'You need to enter a username, not an IP address, please try again.'])->withInput();
}

if (($data['blocktype']==2 || $data['blocktype']==1) && !self::checkValidUser($data['appealfor'],$data['wiki'])) {
return Redirect::back()->withErrors(['msg'=>'You need to enter a valid username, please try again.'])->withInput();
}

if ($data['blocktype']==2 && (!isset($data['hiddenip'])||$data['hiddenip']===NULL)) {
return Redirect::back()->withErrors(['msg'=>'No underlying IP address provided, please try again.'])->withInput();

Expand All @@ -60,8 +80,7 @@ public function store(Request $request)



// back compat, at least for now
$data['wiki'] = Wiki::where('id', $data['wiki_id'])->firstOrFail()->database_name;


$key = hash('sha512', $ip . $ua . $lang . (microtime() . rand()));
$data['appealsecretkey'] = $key;
Expand Down
87 changes: 32 additions & 55 deletions app/Http/Controllers/AppealController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,8 +227,14 @@ public function comment(Request $request, Appeal $appeal)
return redirect()->route('appeal.view', $appeal);
}

public function respond(Request $request, Appeal $appeal, Template $template)
public function respond(Request $request, Appeal $appeal, Template $template=NULL)
{
if(!$template) {
$respondText = $request->input('custom');
}
else {
$respondText = $template->template;
}
$this->authorize('update', $appeal);
$user = $request->user();

Expand Down Expand Up @@ -263,89 +269,60 @@ public function respond(Request $request, Appeal $appeal, Template $template)
'model_id' => $appeal->id,
'model_type' => Appeal::class,
'action' => 'responded',
'reason' => $template->template,
'reason' => $respondText,
'ip' => $ip,
'ua' => $ua . " " . $lang,
'protected' => LogEntry::LOG_PROTECTION_NONE,
]);

if ($appeal->user_verified==1) {
if ($appeal->user_verified==1 && !in_array($appeal->status, Appeal::APPEAL_CLOSED)) {
$title = 'UTRS appeal response';
$baseURL = route('home');
$message = <<<EOF
Hello,
Your appeal, #$appeal->id, has be reviewed and the following message was left for you:
$template->template
$respondText
Please reply by going to the following link and entering your appealkey: $baseURL
In case you forgot your appealkey, it is: $appeal->appealsecretkey
Thanks,
the UTRS team
$user->username
EOF;
$result = MediaWikiRepository::getApiForTarget($appeal->wiki)->getMediaWikiExtras()->sendEmail($appeal->getWikiEmailUsername(), $title, $message);
}

return redirect()->route('appeal.view', $appeal);
}

public function respondCustomSubmit(Request $request, Appeal $appeal)
{
$this->authorize('update', $appeal);
$user = $request->user();

abort_unless($appeal->handlingadmin === $user->id, 403, 'You are not the handling administrator.');

$status = $request->validate([
'status' => ['nullable', new PermittedStatusChange($appeal)],
])['status'];

$ua = $request->userAgent();
$ip = $request->ip();
$lang = $request->header('Accept-Language');

if ($status && $status !== $appeal->status) {
$appeal->update([
'status' => $status,
]);

LogEntry::create([
'user_id' => $user->id,
'model_id' => $appeal->id,
'model_type' => Appeal::class,
'action' => 'set status as ' . $status,
'ip' => $ip,
'ua' => $ua . ' ' . $lang,
'protected' => LogEntry::LOG_PROTECTION_NONE,
]);
}

LogEntry::create([
'user_id' => $user->id,
'model_id' => $appeal->id,
'model_type' => Appeal::class,
'action' => 'responded',
'reason' => $request->input('custom'),
'ip' => $ip,
'ua' => $ua . " " . $lang,
'protected' => LogEntry::LOG_PROTECTION_NONE,
]);

if ($appeal->user_verified==1) {
elseif ($appeal->user_verified==1) {
$title = 'UTRS appeal response';
$baseURL = route('home');
switch (variable) {
case Appeal::STATUS_ACCEPT:
$textStatus = "has been accepted";
break;
case Appeal::STATUS_DECLINE:
$textStatus = "has been declined";
break;
case Appeal::STATUS_EXPIRE:
$textStatus = "has expired";
break;
default:
$textStatus = "has been reviewed";
break;
}

$message = <<<EOF
Hello,
Your appeal, #$appeal->id, has be reviewed and the following message was left for you:
Your appeal, #$appeal->id, $textStatus and the following message was left for you:
$request->input('custom')
$respondText
Please reply by going to the following link and entering your appealkey: $baseURL
Your appeal is now closed. You will need to take time to consider the reply from the administrator. Should you wish to file a new appeal, you will need to wait a few days to do so, to ensure that you have thought about the administrator's reply.
You can still view it by going to the following link and entering your appealkey: $baseURL
In case you forgot your appealkey, it is: $appeal->appealsecretkey
Thanks,
the UTRS team
$user->username
EOF;
$result = MediaWikiRepository::getApiForTarget($appeal->wiki)->getMediaWikiExtras()->sendEmail($appeal->getWikiEmailUsername(), $title, $message);
}
Expand Down
11 changes: 0 additions & 11 deletions app/Jobs/Scheduled/PostGlobalIPBEReqJob.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,18 +83,7 @@ public function createContents(Collection $appeals)
continue;
}

$currentAppeal->handlingAdmin = 3823;
$currentAppeal->save();
LogEntry::create([
'user_id' => 3823,
'model_id' => $appeal->id,
'model_type' => Appeal::class,
'reason' => NULL,
'action' => "reserve",
'ip' => "127.0.0.1",
'ua' => "DB/Laravel/SRGP Script",
'protected' => LogEntry::LOG_PROTECTION_NONE,
]);
LogEntry::create([
'user_id' => 3823,
'model_id' => $appeal->id,
Expand Down
6 changes: 6 additions & 0 deletions app/Models/Appeal.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ class Appeal extends Model
self::STATUS_EXPIRE => self::STATUS_EXPIRE,
];

const APPEAL_CLOSED = [
self::STATUS_ACCEPT => self::STATUS_ACCEPT,
self::STATUS_DECLINE => self::STATUS_DECLINE,
self::STATUS_EXPIRE => self::STATUS_EXPIRE,
];

const REGULAR_NO_VIEW_STATUS = [
self::STATUS_INVALID,
self::STATUS_NOTFOUND,
Expand Down
2 changes: 1 addition & 1 deletion routes/web.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@
Route::post('/appeal/template/{appeal}/{template}', 'AppealController@respond')->name('appeal.template.submit');

Route::get('/appeal/custom/{appeal}', 'AppealController@respondCustom')->name('appeal.customresponse');
Route::post('/appeal/custom/{appeal}', 'AppealController@respondCustomSubmit')->name('appeal.customresponse.submit');
Route::post('/appeal/custom/{appeal}', 'AppealController@respond')->name('appeal.customresponse.submit');

Route::get('/publicappeal', 'Appeal\PublicAppealController@redirectLegacy');

Expand Down
10 changes: 5 additions & 5 deletions tests/Feature/Appeal/AppealCreateBanTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public function test_can_create_appeal_when_not_banned()
$response = $this->post('/public/appeal/store', [
'test_do_not_actually_save_anything' => true,
'appealtext' => 'Example appeal test',
'appealfor' => 'Not banned user',
'appealfor' => 'DeltaQuad',
'wiki_id' => $wikiId,
'blocktype' => 1,
]);
Expand All @@ -40,15 +40,15 @@ public function test_cant_create_appeal_when_account_is_banned()

Ban::factory()->create([
'is_active' => true,
'target' => 'Banned user 1',
'target' => 'DeltaQuad',
'reason' => 'Lorem ipsum text',
'wiki_id' => $wikiId,
]);

$response = $this->post('/public/appeal/store', [
'test_do_not_actually_save_anything' => true,
'appealtext' => 'Example appeal test',
'appealfor' => 'Banned user 1',
'appealfor' => 'DeltaQuad',
'wiki_id' => $wikiId,
'blocktype' => 1,
]);
Expand Down Expand Up @@ -80,7 +80,7 @@ public function test_cant_create_appeal_when_current_ip_is_banned()
$response = $this->post('/public/appeal/store', [
'test_do_not_actually_save_anything' => true,
'appealtext' => 'Example appeal test',
'appealfor' => 'Not banned user',
'appealfor' => 'DeltaQuad',
'wiki_id' => $wikiId,
'blocktype' => 1,
]);
Expand Down Expand Up @@ -112,7 +112,7 @@ public function test_cant_create_appeal_when_current_ip_range_is_banned()
$response = $this->post('/public/appeal/store', [
'test_do_not_actually_save_anything' => true,
'appealtext' => 'Example appeal test',
'appealfor' => 'Not banned user',
'appealfor' => 'DeltaQuad',
'wiki_id' => $wikiId,
'blocktype' => 1,
]);
Expand Down

0 comments on commit 5441b6c

Please sign in to comment.