From 6e0a0a83125c2863649449743681214554aa8d4c Mon Sep 17 00:00:00 2001
From: Joseph Mastey <jmmastey@gmail.com>
Date: Wed, 6 Dec 2017 17:14:25 -0600
Subject: [PATCH] feat(cops): clean rubocop run

1. ignoring one file because it's an intentional vuln
2. made a few small semantic changes, but verified that they're equivalent.
---
 .rubocop.yml                                  |  4 ++++
 app/controllers/admin_controller.rb           |  3 +--
 app/controllers/dashboard_controller.rb       | 16 ++++++-------
 app/controllers/password_resets_controller.rb |  2 +-
 app/controllers/schedule_controller.rb        |  2 +-
 app/controllers/sessions_controller.rb        |  5 ++--
 app/controllers/tutorials_controller.rb       |  5 +---
 app/models/message.rb                         |  2 +-
 app/models/user.rb                            |  5 ++--
 ...ard_stats.html.erb => pie_charts.html.erb} |  0
 spec/support/capybara_shared.rb               | 23 +++++++++++++++----
 11 files changed, 40 insertions(+), 27 deletions(-)
 rename app/views/dashboard/{dashboard_stats.html.erb => pie_charts.html.erb} (100%)

diff --git a/.rubocop.yml b/.rubocop.yml
index 6c1c91e..77b4529 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -3,3 +3,7 @@ inherit_gem:
     - config/default.yml
     - config/rails.yml
 
+
+Rails/OutputSafety:
+  Exclude:
+    - 'app/controllers/password_resets_controller.rb'
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index c331ef5..ba5c335 100755
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -2,6 +2,7 @@
 class AdminController < ApplicationController
   before_action :administrative, if: :admin_param, except: [:get_user]
   skip_before_action :has_info
+  layout false, only: [:get_all_users, :get_user]
 
   def dashboard
   end
@@ -22,14 +23,12 @@ class AdminController < ApplicationController
 
   def get_all_users
     @users = User.all
-    render layout: false
   end
 
   def get_user
     @user = User.find_by_id(params[:admin_id].to_s)
     arr = ["true", "false"]
     @admin_select = @user.admin ? arr : arr.reverse
-    render layout: false
   end
 
   def update_user
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index a40cc83..5e5f698 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 class DashboardController < ApplicationController
   skip_before_action :has_info
+  layout false, only: [:change_graph]
 
   def home
     @user = current_user
@@ -13,15 +14,12 @@ class DashboardController < ApplicationController
 
   def change_graph
     self.try(params[:graph])
-  end
 
-  def bar_graph
-    render :bar_graph, layout: false
+    if params[:graph] == "bar_graph"
+      render "dashboard/bar_graph"
+    else
+      @user = current_user
+      render "dashboard/pie_charts"
+    end
   end
-
-  def pie_charts
-     @user = current_user
-     render :dashboard_stats, layout: false
-  end
-
 end
diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb
index 6a43f43..6e9402c 100644
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -19,7 +19,7 @@ class PasswordResetsController < ApplicationController
   def confirm_token
     if !params[:token].nil? && is_valid?(params[:token])
       flash[:success] = "Password reset token confirmed! Please create a new password."
-      render "reset_password"
+      render "password_resets/reset_password"
     else
       flash[:error] = "Invalid password reset token. Please try again."
       redirect_to :login
diff --git a/app/controllers/schedule_controller.rb b/app/controllers/schedule_controller.rb
index 70b8fa3..8c14ac5 100644
--- a/app/controllers/schedule_controller.rb
+++ b/app/controllers/schedule_controller.rb
@@ -33,7 +33,7 @@ class ScheduleController < ApplicationController
        end
     rescue
     end
-     respond_to do |format|
+    respond_to do |format|
        format.json { render json: jfs.to_json }
     end
   end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 8c4da40..30ed486 100755
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -13,7 +13,8 @@ class SessionsController < ApplicationController
     begin
       # Normalize the email address, why not
       user = User.authenticate(params[:email].to_s.downcase, params[:password])
-      rescue Exception => e
+    rescue RuntimeError => e
+      # don't do ANYTHING
     end
 
     if user
@@ -25,7 +26,7 @@ class SessionsController < ApplicationController
       redirect_to path
     else
       flash[:error] = e.message
-      render "new"
+      render "sessions/new"
     end
   end
 
diff --git a/app/controllers/tutorials_controller.rb b/app/controllers/tutorials_controller.rb
index 975cc5d..039200f 100755
--- a/app/controllers/tutorials_controller.rb
+++ b/app/controllers/tutorials_controller.rb
@@ -3,8 +3,5 @@ class TutorialsController < ApplicationController
   skip_before_action :has_info
   skip_before_action :authenticated
 
-  def credentials
-    render layout: false
-  end
-
+  layout false, only: [:credentials]
 end
diff --git a/app/models/message.rb b/app/models/message.rb
index de2b17c..2796a51 100644
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -7,7 +7,7 @@ class Message < ApplicationRecord
     if creator = User.where(user_id: self.creator_id).first
       creator.full_name
     else
-      "<b>Name unavailable</b>".html_safe
+      "Name unavailable"
     end
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 92ad224..3468edd 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -74,8 +74,7 @@ class User < ApplicationRecord
   end
 
   def generate_token(column)
-    begin
-      self[column] = Encryption.encrypt_sensitive_value(self.user_id)
-    end while User.exists?(column => self[column])
+    self[column] = Encryption.encrypt_sensitive_value(self.user_id)
+    generate_token(column) if User.exists?(column => self[column])
   end
 end
diff --git a/app/views/dashboard/dashboard_stats.html.erb b/app/views/dashboard/pie_charts.html.erb
similarity index 100%
rename from app/views/dashboard/dashboard_stats.html.erb
rename to app/views/dashboard/pie_charts.html.erb
diff --git a/spec/support/capybara_shared.rb b/spec/support/capybara_shared.rb
index 7769d50..9a0ebe9 100644
--- a/spec/support/capybara_shared.rb
+++ b/spec/support/capybara_shared.rb
@@ -71,15 +71,30 @@ module Capybara::Poltergeist
 end
 
 class WarningSuppressor
-  class << self
-    def write(message)
-      (message =~ /QFont::setPixelSize: Pixel size <= 0/ || message =~/CoreText performance note:/ || message =~/Method userSpaceScaleFactor in class NSView/) ? 0 : puts(message); 1
+  IGNORE_PATTERNS = [
+    /QFont::setPixelSize: Pixel size <= 0/,
+    /CoreText performance note:/,
+    /WARNING: Method userSpaceScaleFactor/
+  ]
+
+  def write(message)
+    if ignore?(message)
+      0
+    else
+      puts(message)
+      1
     end
   end
+
+  private
+
+  def ignore?(message)
+    IGNORE_PATTERNS.any? {|regexp| message =~ regexp }
+  end
 end
 
 Capybara.register_driver :poltergeist do |app|
-  Capybara::Poltergeist::Driver.new(app, phantomjs_logger: WarningSuppressor, timeout: 60)
+  Capybara::Poltergeist::Driver.new(app, phantomjs_logger: WarningSuppressor.new, timeout: 60)
 end
 
 Capybara.javascript_driver = :poltergeist