From 07d07c7b5fd598c539d546c469bdce2b0bd957bb Mon Sep 17 00:00:00 2001
From: Guo Xiang Tan <tgx_world@hotmail.com>
Date: Mon, 20 Aug 2018 11:21:54 +0800
Subject: [PATCH] FIX: Make Discobot certificate route require login.

---
 plugins/discourse-narrative-bot/plugin.rb     |  9 +++-
 .../integration/discobot_certificate_spec.rb  | 37 --------------
 .../requests/discobot_certificate_spec.rb     | 48 +++++++++++++++++++
 .../discobot_welcome_post_spec.rb             |  0
 4 files changed, 55 insertions(+), 39 deletions(-)
 delete mode 100644 plugins/discourse-narrative-bot/spec/integration/discobot_certificate_spec.rb
 create mode 100644 plugins/discourse-narrative-bot/spec/requests/discobot_certificate_spec.rb
 rename plugins/discourse-narrative-bot/spec/{integration => requests}/discobot_welcome_post_spec.rb (100%)

diff --git a/plugins/discourse-narrative-bot/plugin.rb b/plugins/discourse-narrative-bot/plugin.rb
index aaecead511c..c321a28f2cf 100644
--- a/plugins/discourse-narrative-bot/plugin.rb
+++ b/plugins/discourse-narrative-bot/plugin.rb
@@ -75,14 +75,19 @@ after_initialize do
     class CertificatesController < ::ApplicationController
       layout :false
       skip_before_action :check_xhr
+      requires_login
 
       def generate
-        raise Discourse::InvalidParameters.new('user_id must be present') unless params[:user_id]&.present?
+        unless params[:user_id]&.present?
+          raise Discourse::InvalidParameters.new('user_id must be present')
+        end
 
         user = User.find_by(id: params[:user_id])
         raise Discourse::NotFound if user.blank?
 
-        raise Discourse::InvalidParameters.new('date must be present') unless params[:date]&.present?
+        unless params[:date]&.present?
+          raise Discourse::InvalidParameters.new('date must be present')
+        end
 
         generator = CertificateGenerator.new(user, params[:date])
 
diff --git a/plugins/discourse-narrative-bot/spec/integration/discobot_certificate_spec.rb b/plugins/discourse-narrative-bot/spec/integration/discobot_certificate_spec.rb
deleted file mode 100644
index c635a357cac..00000000000
--- a/plugins/discourse-narrative-bot/spec/integration/discobot_certificate_spec.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-require 'rails_helper'
-
-describe "Discobot Certificate" do
-  let(:user) { Fabricate(:user, name: 'Jeff Atwood') }
-
-  describe 'when viewing the certificate' do
-    it 'should return the right text' do
-      params = {
-        date: Time.zone.now.strftime("%b %d %Y"),
-        user_id: user.id
-      }
-
-      stub_request(:get, /letter_avatar_proxy/).to_return(status: 200)
-
-      stub_request(:get, "http://test.localhost//images/d-logo-sketch-small.png")
-        .to_return(status: 200)
-
-      get '/discobot/certificate.svg', params: params
-
-      expect(response.status).to eq(200)
-    end
-
-    describe 'when params are missing' do
-      it "should raise the right errors" do
-        params = {
-          date: Time.zone.now.strftime("%b %d %Y"),
-          user_id: user.id
-        }
-
-        params.each do |key, _|
-          get '/discobot/certificate.svg', params: params.except(key)
-          expect(response.status).to eq(400)
-        end
-      end
-    end
-  end
-end
diff --git a/plugins/discourse-narrative-bot/spec/requests/discobot_certificate_spec.rb b/plugins/discourse-narrative-bot/spec/requests/discobot_certificate_spec.rb
new file mode 100644
index 00000000000..119b2b8a8d2
--- /dev/null
+++ b/plugins/discourse-narrative-bot/spec/requests/discobot_certificate_spec.rb
@@ -0,0 +1,48 @@
+require 'rails_helper'
+
+describe "Discobot Certificate" do
+  let(:user) { Fabricate(:user, name: 'Jeff Atwood') }
+
+  let(:params) {
+    {
+      date: Time.zone.now.strftime("%b %d %Y"),
+      user_id: user.id
+    }
+  }
+
+  describe 'when viewing the certificate' do
+    describe 'when no logged in' do
+      it 'should return the right response' do
+        get '/discobot/certificate.svg', params: params
+
+        expect(response.status).to eq(404)
+      end
+    end
+
+    describe 'when logged in' do
+      before do
+        sign_in(user)
+      end
+
+      it 'should return the right text' do
+        stub_request(:get, /letter_avatar_proxy/).to_return(status: 200)
+
+        stub_request(:get, "http://test.localhost//images/d-logo-sketch-small.png")
+          .to_return(status: 200)
+
+        get '/discobot/certificate.svg', params: params
+
+        expect(response.status).to eq(200)
+      end
+
+      describe 'when params are missing' do
+        it "should raise the right errors" do
+          params.each do |key, _|
+            get '/discobot/certificate.svg', params: params.except(key)
+            expect(response.status).to eq(400)
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/plugins/discourse-narrative-bot/spec/integration/discobot_welcome_post_spec.rb b/plugins/discourse-narrative-bot/spec/requests/discobot_welcome_post_spec.rb
similarity index 100%
rename from plugins/discourse-narrative-bot/spec/integration/discobot_welcome_post_spec.rb
rename to plugins/discourse-narrative-bot/spec/requests/discobot_welcome_post_spec.rb