Merge branch '28058-hide-emails-in-atom-feeds' into 'security'

Only show public emails in atom feeds See merge request !2066

Merge branch '28058-hide-emails-in-atom-feeds' into 'security'
7d127840 · Rémy Coutable · DJ Mountney · f5c282bc · 7d127840 · 7d127840
Commit 7d127840 authored Feb 16, 2017 by Rémy Coutable Committed by DJ Mountney Mar 17, 2017
7 changed files
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -48,11 +48,13 @@ module Issuable
    delegate :name,
             :email,
+             :public_email,
             to: :author,
             prefix: true
    delegate :name,
             :email,
+             :public_email,
             to: :assignee,
             allow_nil: true,
             prefix: true

--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -16,7 +16,7 @@ class Event < ActiveRecord::Base
  RESET_PROJECT_ACTIVITY_INTERVAL = 1.hour
-  delegate :name, :email, to: :author, prefix: true, allow_nil: true
+  delegate :name, :email, :public_email, to: :author, prefix: true, allow_nil: true
  delegate :title, to: :issue, prefix: true, allow_nil: true
  delegate :title, to: :merge_request, prefix: true, allow_nil: true
  delegate :title, to: :note, prefix: true, allow_nil: true

--- a/app/views/events/_event.atom.builder
+++ b/app/views/events/_event.atom.builder
@@ -9,7 +9,7 @@ xml.entry do
  xml.author do
    xml.name event.author_name
-    xml.email event.author_email
+    xml.email event.author_public_email
  end
  xml.summary(type: "xhtml") do |summary|

--- a/app/views/issues/_issue.atom.builder
+++ b/app/views/issues/_issue.atom.builder
@@ -7,7 +7,7 @@ xml.entry do
  xml.author do
    xml.name issue.author_name
-    xml.email issue.author_email
+    xml.email issue.author_public_email
  end
  xml.summary issue.title
@@ -26,7 +26,7 @@ xml.entry do
  if issue.assignee
    xml.assignee do
      xml.name issue.assignee.name
-      xml.email issue.assignee.email
+      xml.email issue.assignee_public_email
    end
  end
 end
--- a/changelogs/unreleased/28058-hide-emails-in-atom-feeds.yml
+++ b/changelogs/unreleased/28058-hide-emails-in-atom-feeds.yml
+---
+title: Only show public emails in atom feeds
+merge_request:
+author:
--- a/spec/features/atom/dashboard_issues_spec.rb
+++ b/spec/features/atom/dashboard_issues_spec.rb
@@ -2,7 +2,8 @@ require 'spec_helper'
 describe "Dashboard Issues Feed", feature: true  do
  describe "GET /issues" do
-    let!(:user)     { create(:user) }
+    let!(:user)     { create(:user, email: 'private1@example.com', public_email: 'public1@example.com') }
+    let!(:assignee) { create(:user, email: 'private2@example.com', public_email: 'public2@example.com') }
    let!(:project1) { create(:project) }
    let!(:project2) { create(:project) }
@@ -31,7 +32,7 @@ describe "Dashboard Issues Feed", feature: true  do
      end
      context "issue with basic fields" do
-        let!(:issue2) { create(:issue, author: user, assignee: user, project: project2, description: 'test desc') }
+        let!(:issue2) { create(:issue, author: user, assignee: assignee, project: project2, description: 'test desc') }
        it "renders issue fields" do
          visit issues_dashboard_path(:atom, private_token: user.private_token)
@@ -39,8 +40,8 @@ describe "Dashboard Issues Feed", feature: true  do
          entry = find(:xpath, "//feed/entry[contains(summary/text(),'#{issue2.title}')]")
          expect(entry).to be_present
-          expect(entry).to have_selector('author email', text: issue2.author_email)
+          expect(entry).to have_selector('author email', text: issue2.author_public_email)
-          expect(entry).to have_selector('assignee email', text: issue2.author_email)
+          expect(entry).to have_selector('assignee email', text: issue2.assignee_public_email)
          expect(entry).not_to have_selector('labels')
          expect(entry).not_to have_selector('milestone')
          expect(entry).to have_selector('description', text: issue2.description)
@@ -50,7 +51,7 @@ describe "Dashboard Issues Feed", feature: true  do
      context "issue with label and milestone" do
        let!(:milestone1) { create(:milestone, project: project1, title: 'v1') }
        let!(:label1)     { create(:label, project: project1, title: 'label1') }
-        let!(:issue1)     { create(:issue, author: user, assignee: user, project: project1, milestone: milestone1) }
+        let!(:issue1)     { create(:issue, author: user, assignee: assignee, project: project1, milestone: milestone1) }
        before do
          issue1.labels << label1
@@ -62,8 +63,8 @@ describe "Dashboard Issues Feed", feature: true  do
          entry = find(:xpath, "//feed/entry[contains(summary/text(),'#{issue1.title}')]")
          expect(entry).to be_present
-          expect(entry).to have_selector('author email', text: issue1.author_email)
+          expect(entry).to have_selector('author email', text: issue1.author_public_email)
-          expect(entry).to have_selector('assignee email', text: issue1.author_email)
+          expect(entry).to have_selector('assignee email', text: issue1.assignee_public_email)
          expect(entry).to have_selector('labels label', text: label1.title)
          expect(entry).to have_selector('milestone', text: milestone1.title)
          expect(entry).not_to have_selector('description')

--- a/spec/features/atom/issues_spec.rb
+++ b/spec/features/atom/issues_spec.rb
@@ -2,10 +2,11 @@ require 'spec_helper'
 describe 'Issues Feed', feature: true  do
  describe 'GET /issues' do
-    let!(:user)     { create(:user) }
+    let!(:user)     { create(:user, email: 'private1@example.com', public_email: 'public1@example.com') }
+    let!(:assignee) { create(:user, email: 'private2@example.com', public_email: 'public2@example.com') }
    let!(:group)    { create(:group) }
    let!(:project)  { create(:project) }
-    let!(:issue)    { create(:issue, author: user, project: project) }
+    let!(:issue)    { create(:issue, author: user, assignee: assignee, project: project) }
    before do
      project.team << [user, :developer]
@@ -20,7 +21,8 @@ describe 'Issues Feed', feature: true  do
        expect(response_headers['Content-Type']).
          to have_content('application/atom+xml')
        expect(body).to have_selector('title', text: "#{project.name} issues")
-        expect(body).to have_selector('author email', text: issue.author_email)
+        expect(body).to have_selector('author email', text: issue.author_public_email)
+        expect(body).to have_selector('assignee email', text: issue.author_public_email)
        expect(body).to have_selector('entry summary', text: issue.title)
      end
    end
@@ -33,7 +35,8 @@ describe 'Issues Feed', feature: true  do
        expect(response_headers['Content-Type']).
          to have_content('application/atom+xml')
        expect(body).to have_selector('title', text: "#{project.name} issues")
-        expect(body).to have_selector('author email', text: issue.author_email)
+        expect(body).to have_selector('author email', text: issue.author_public_email)
+        expect(body).to have_selector('assignee email', text: issue.author_public_email)
        expect(body).to have_selector('entry summary', text: issue.title)
      end
    end