amoose / coaster-app Goto Github PK

The last step for maintaining consistency is to enable rubocop to run in Travis CI and return error exit status when there are violations.

Needs a complete revamp!

Security issue from Hakiri: Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application

Geolocations persist after Stations/Users are destroyed, which is a huge problem since we're gathering stations near the user by the station's geolocation.

I've been getting this error in the chrome console: 'Cannot read property "lat" of null'

Apparently some User geolocations aren't getting geocoded:

#<Geolocation:0x007fbfecc91e78
 id: 12,
 latitude: nil,
 longitude: nil,
 address: "98.176.195.218",
 geocodeable_id: 4,
 geocodeable_type: "User",
 created_at: Fri, 08 Jul 2016 18:43:48 PDT -07:00,
 updated_at: Fri, 08 Jul 2016 18:43:48 PDT -07:00,
 accuracy: 9,
 gmaps: nil>

def departing(date=Date.today)
    self.trains.each do |train|
      [] << train if train.departs?(date)
    end
 end

Even if train.departs?(date) returns false, the train is added to the array!

Our application needs to be migrated to the latest Heroku stack for compatibility with our CI/CD pipeline.

• https://devcenter.heroku.com/articles/cedar-14-migration

Debugger seems to recognize a Station's trains but no list is displayed.

After a quick pry session I found that the @trains array isn't getting loaded with anything.

secret_token.rb has been pushed to git many times.

We need to update the token and add this file to .gitignore

https://s3.amazonaws.com/archive.travis-ci.org/jobs/137864487/log.txt?deansi=true

Failures:

  1) UsersController POST create with permitted params creates a user
     �[31mFailure/Error: �[0m�[32mif�[0m @current_user �[32mand�[0m @current_user.ip_address != request.remote_ip �[32mand�[0m @current_user.geolocation.updated_at < �[1;34m1�[0m.hour.ago�[0m
     �[31m�[0m
     �[31mNoMethodError:�[0m
     �[31m  undefined method `<' for nil:NilClass�[0m
     �[36m# ./app/helpers/sessions_helper.rb:9:in `current_user='�[0m
     �[36m# ./app/helpers/sessions_helper.rb:4:in `sign_in'�[0m
     �[36m# ./app/controllers/users_controller.rb:22:in `create'�[0m
     �[36m# ./spec/controllers/users_controller_spec.rb:34:in `block (5 levels) in <top (required)>'�[0m
     �[36m# ./spec/controllers/users_controller_spec.rb:33:in `block (4 levels) in <top (required)>'�[0m

Finished in 52.3 seconds (files took 2.09 seconds to load)
�[31m29 examples, 1 failure�[0m

Failed examples:

�[31mrspec ./spec/controllers/users_controller_spec.rb:32�[0m �[36m# UsersController POST create with permitted params creates a user�[0m

Coverage report generated for RSpec to /home/travis/build/amoose/coaster-app/coverage. 241 / 373 LOC (64.61%) covered.
/home/travis/.rvm/rubies/ruby-2.3.1/bin/ruby -I/home/travis/build/amoose/coaster-app/vendor/bundle/ruby/2.3.0/gems/rspec-core-3.4.4/lib:/home/travis/build/amoose/coaster-app/vendor/bundle/ruby/2.3.0/gems/rspec-support-3.4.1/lib /home/travis/build/amoose/coaster-app/vendor/bundle/ruby/2.3.0/gems/rspec-core-3.4.4/exe/rspec --pattern spec/\*\*\{,/\*/\*\*\}/\*_spec.rb failed

travis_time:end:02cd8604:start=1466011796807600553,finish=1466011853345264833,duration=56537664280
�[0K
�[31;1mThe command "bundle exec rake" exited with 1

We need specs to ensure that all is well with our app. Rspec to the rescue!

http://sangster.github.io/gtfs_engine/

Started GET "/users/8/update_geolocation?latitude=32.7565455&longitude=-117.11758259999999" for ::1 at 2016-06-21 21:28:11 -0700

ActionController::RoutingError (No route matches [GET] "/users/8/update_geolocation")

There isn't much documentation for gmaps4rails v1, and it seems that the Gmaps API has changed since 2011 😆 , so an upgrade appears to be in order!

Security issue from Hakiri: Session secret should not be included in version control in config/initializers/secret_token.rb

Update the application setup using bin/setup and update instructions in README

Geocoder isn't able to detect our location in development.

missing partial 'sign_in'

Once upon a time, I found a programatic method for importing train data.. implement it! ✨

Show nearest station schedule at first visit
Either prompt or add a nice UI element for enabling geolocating in the browser
Depending on the accuracy, show the nearest station or stations

We also need to ensure that the user is signed in and that the user can only update their own geolocation.

Security issue from Hakiri: In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to

Security issue from Hakiri: protect_from_forgery should be configured with 'with: :exception' in app/controllers/application_controller.rb

Tests are barking:
"NoMethodError: undefined method `attr_accessible' for #Class:0x007fd2c0065938"