From 92fe7a850670d4fe3a36fa5ad1e2cd67f4083d81 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 9 Feb 2017 21:07:18 +0000
Subject: [PATCH] Only create diary entries for POST requests

---
 app/controllers/diary_entry_controller.rb     |  6 +-
 .../diary_entry_controller_test.rb            | 65 +++++++++++--------
 2 files changed, 43 insertions(+), 28 deletions(-)

diff --git a/app/controllers/diary_entry_controller.rb b/app/controllers/diary_entry_controller.rb
index 61d95ba11..6fb255a36 100644
--- a/app/controllers/diary_entry_controller.rb
+++ b/app/controllers/diary_entry_controller.rb
@@ -12,7 +12,7 @@ class DiaryEntryController < ApplicationController
   def new
     @title = t "diary_entry.new.title"
 
-    if params[:diary_entry]
+    if request.post?
       @diary_entry = DiaryEntry.new(entry_params)
       @diary_entry.user = @user
 
@@ -35,7 +35,7 @@ class DiaryEntryController < ApplicationController
     else
       default_lang = @user.preferences.where(:k => "diary.default_language").first
       lang_code = default_lang ? default_lang.v : @user.preferred_language
-      @diary_entry = DiaryEntry.new(:language_code => lang_code)
+      @diary_entry = DiaryEntry.new(entry_params.merge(:language_code => lang_code))
       set_map_location
       render :action => "edit"
     end
@@ -218,6 +218,8 @@ class DiaryEntryController < ApplicationController
   # return permitted diary entry parameters
   def entry_params
     params.require(:diary_entry).permit(:title, :body, :language_code, :latitude, :longitude)
+  rescue ActionController::ParameterMissing
+    ActionController::Parameters.new.permit(:title, :body, :language_code, :latitude, :longitude)
   end
 
   ##
diff --git a/test/controllers/diary_entry_controller_test.rb b/test/controllers/diary_entry_controller_test.rb
index 5e53cb6b0..268834019 100644
--- a/test/controllers/diary_entry_controller_test.rb
+++ b/test/controllers/diary_entry_controller_test.rb
@@ -101,13 +101,15 @@ class DiaryEntryControllerTest < ActionController::TestCase
     )
   end
 
-  def test_new
+  def test_new_no_login
     # Make sure that you are redirected to the login page when you
     # are not logged in
     get :new
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :referer => "/diary/new"
+  end
 
+  def test_new_form
     # Now try again when logged in
     get :new, {}, { :user => users(:normal_user).id }
     assert_response :success
@@ -128,71 +130,82 @@ class DiaryEntryControllerTest < ActionController::TestCase
         assert_select "input", :count => 7
       end
     end
+  end
 
-    new_title = "New Title"
-    new_body = "This is a new body for the diary entry"
-    new_latitude = "1.1"
-    new_longitude = "2.2"
-    new_language_code = "en"
+  def test_new_get_with_params
+    # Now try creating a diary entry using get
+    assert_difference "DiaryEntry.count", 0 do
+      get :new, { :commit => "save",
+                  :diary_entry => { :title => "New Title", :body => "This is a new body for the diary entry", :latitude => "1.1",
+                                    :longitude => "2.2", :language_code => "en" } },
+          { :user => users(:normal_user).id }
+    end
+    assert_response :success
+    assert_template :edit
+  end
 
+  def test_new_no_body
     # Now try creating a invalid diary entry with an empty body
     assert_no_difference "DiaryEntry.count" do
       post :new, { :commit => "save",
-                   :diary_entry => { :title => new_title, :body => "", :latitude => new_latitude,
-                                     :longitude => new_longitude, :language_code => new_language_code } },
+                   :diary_entry => { :title => "New Title", :body => "", :latitude => "1.1",
+                                     :longitude => "2.2", :language_code => "en" } },
            { :user => users(:normal_user).id }
     end
     assert_response :success
     assert_template :edit
 
     assert_nil UserPreference.where(:user_id => users(:normal_user).id, :k => "diary.default_language").first
+  end
 
+  def test_new_post
     # Now try creating a diary entry
     assert_difference "DiaryEntry.count", 1 do
       post :new, { :commit => "save",
-                   :diary_entry => { :title => new_title, :body => new_body, :latitude => new_latitude,
-                                     :longitude => new_longitude, :language_code => new_language_code } },
+                   :diary_entry => { :title => "New Title", :body => "This is a new body for the diary entry", :latitude => "1.1",
+                                     :longitude => "2.2", :language_code => "en" } },
            { :user => users(:normal_user).id }
     end
     assert_response :redirect
     assert_redirected_to :action => :list, :display_name => users(:normal_user).display_name
     entry = DiaryEntry.order(:id).last
     assert_equal users(:normal_user).id, entry.user_id
-    assert_equal new_title, entry.title
-    assert_equal new_body, entry.body
-    assert_equal new_latitude.to_f, entry.latitude
-    assert_equal new_longitude.to_f, entry.longitude
-    assert_equal new_language_code, entry.language_code
+    assert_equal "New Title", entry.title
+    assert_equal "This is a new body for the diary entry", entry.body
+    assert_equal "1.1".to_f, entry.latitude
+    assert_equal "2.2".to_f, entry.longitude
+    assert_equal "en", entry.language_code
 
     # checks if user was subscribed
     assert_equal 1, entry.subscribers.length
 
-    assert_equal new_language_code, UserPreference.where(:user_id => users(:normal_user).id, :k => "diary.default_language").first.v
+    assert_equal "en", UserPreference.where(:user_id => users(:normal_user).id, :k => "diary.default_language").first.v
+  end
 
-    new_language_code = "de"
-    create(:language, :code => new_language_code)
+  def test_new_german
+    create(:language, :code => "de")
 
     # Now try creating a diary entry in a different language
     assert_difference "DiaryEntry.count", 1 do
       post :new, { :commit => "save",
-                   :diary_entry => { :title => new_title, :body => new_body, :latitude => new_latitude,
-                                     :longitude => new_longitude, :language_code => new_language_code } },
+                   :diary_entry => { :title => "New Title", :body => "This is a new body for the diary entry", :latitude => "1.1",
+                                     :longitude => "2.2", :language_code => "de" } },
            { :user => users(:normal_user).id }
     end
     assert_response :redirect
     assert_redirected_to :action => :list, :display_name => users(:normal_user).display_name
     entry = DiaryEntry.order(:id).last
     assert_equal users(:normal_user).id, entry.user_id
-    assert_equal new_title, entry.title
-    assert_equal new_body, entry.body
-    assert_equal new_latitude.to_f, entry.latitude
-    assert_equal new_longitude.to_f, entry.longitude
-    assert_equal new_language_code, entry.language_code
+    assert_equal "New Title", entry.title
+    assert_equal "This is a new body for the diary entry", entry.body
+    assert_equal "1.1".to_f, entry.latitude
+    assert_equal "2.2".to_f, entry.longitude
+    assert_equal "de", entry.language_code
 
     # checks if user was subscribed
     assert_equal 1, entry.subscribers.length
 
-    assert_equal new_language_code, UserPreference.where(:user_id => users(:normal_user).id, :k => "diary.default_language").first.v
+    assert_equal "de", UserPreference.where(:user_id => users(:normal_user).id, :k => "diary.default_language").first.v
   end
 
   def test_new_spammy
-- 
2.43.2