publiclab/plots2

app/controllers/users_controller.rb

Summary

Maintainability

F

5 days

Test Coverage

Possible unprotected redirect
Open

      redirect_to @user.path

Found in app/controllers/users_controller.rb by brakeman

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Unvalidated redirects and forwards are #10 on the OWASP Top Ten.

Redirects which rely on user-supplied values can be used to "spoof" websites or hide malicious links in otherwise harmless-looking URLs. They can also allow access to restricted areas of a site if the destination is not validated.

Brakeman will raise warnings whenever redirect_to appears to be used with a user-supplied value that may allow them to change the :host option.

For example,

redirect_to params.merge(:action => :home)

will create a warning like

Possible unprotected redirect near line 46: redirect_to(params)

This is because params could contain :host => 'evilsite.com' which would redirect away from your site and to a malicious site.

If the first argument to redirect_to is a hash, then adding :only_path => true will limit the redirect to the current host. Another option is to specify the host explicitly.

redirect_to params.merge(:only_path => true)

redirect_to params.merge(:host => 'myhost.com')

If the first argument is a string, then it is possible to parse the string and extract the path:

redirect_to URI.parse(some_url).path

If the URL does not contain a protocol (e.g., http://), then you will probably get unexpected results, as redirect_to will prepend the current host name and a protocol.

File `users_controller.rb` has 440 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class UsersController < ApplicationController
  before_action :require_no_user, only: [:new]
  before_action :require_user, only: %i(edit update save_settings settings)
   before_action :set_user, only: %i(info followed following followers)

Found in app/controllers/users_controller.rb - About 6 hrs to fix

Create a ticket
Create a ticket

Method `subscribe_multiple_tag` has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def subscribe_multiple_tag(tag_list)
    if !tag_list || tag_list == ''
      flash[:notice] = "Please enter tags for subscription in the url."
    else
      if tag_list.is_a? String

Found in app/controllers/users_controller.rb - About 3 hrs to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `reset` has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

  def reset
    if params[:key] && !params[:key].nil?
      @user = User.find_by(reset_key: params[:key])
      if @user
        if params[:user] && params[:user][:password]

Found in app/controllers/users_controller.rb - About 3 hrs to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `create` has a Cognitive Complexity of 25 (exceeds 5 allowed). Consider refactoring.
Open

  def create
    @user = User.new(user_params)
    @user.status = 1
    using_recaptcha = !params[:spamaway] && Rails.env == "production"
    recaptcha = verify_recaptcha(model: @user) if using_recaptcha

Found in app/controllers/users_controller.rb - About 3 hrs to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `profile` has a Cognitive Complexity of 24 (exceeds 5 allowed). Consider refactoring.
Open

  def profile
    if current_user && params[:id].nil?
      redirect_to "/profile/#{current_user.username}"
    elsif !current_user && params[:id].nil?
      redirect_to "/"

Found in app/controllers/users_controller.rb - About 3 hrs to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Class `UsersController` has 27 methods (exceeds 20 allowed). Consider refactoring.
Open

class UsersController < ApplicationController
  before_action :require_no_user, only: [:new]
  before_action :require_user, only: %i(edit update save_settings settings)
   before_action :set_user, only: %i(info followed following followers)

Found in app/controllers/users_controller.rb - About 3 hrs to fix

Create a ticket
Create a ticket

Method `profile` has 44 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def profile
    if current_user && params[:id].nil?
      redirect_to "/profile/#{current_user.username}"
    elsif !current_user && params[:id].nil?
      redirect_to "/"

Found in app/controllers/users_controller.rb - About 1 hr to fix

Create a ticket
Create a ticket

Method `list` has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.
Open

  def list
    sort_param = params[:sort]
    @tagname_param = params[:tagname]

    order_string = if params[:id]

Found in app/controllers/users_controller.rb - About 1 hr to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `list` has 41 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def list
    sort_param = params[:sort]
    @tagname_param = params[:tagname]

    order_string = if params[:id]

Found in app/controllers/users_controller.rb - About 1 hr to fix

Create a ticket
Create a ticket

Method `save_settings` has 40 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def save_settings
    user_settings = [
      'notify-comment-direct:false',
      'notify-likes-direct:false',
      'notify-comment-indirect:false',

Found in app/controllers/users_controller.rb - About 1 hr to fix

Create a ticket
Create a ticket

Method `update` has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring.
Open

  def update
    @password_verification = user_verification_params
    @user = current_user
    @user = User.find_by(username: params[:id]) if params[:id] && logged_in_as(['admin'])
    if @user.valid_password?(user_verification_params["current_password"]) || user_verification_params["ui_update"].nil? || (user_verification_params["current_password"].blank? && user_verification_params["password"].blank? && user_verification_params["password_confirmation"].blank?)

Found in app/controllers/users_controller.rb - About 1 hr to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `create` has 38 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def create
    @user = User.new(user_params)
    @user.status = 1
    using_recaptcha = !params[:spamaway] && Rails.env == "production"
    recaptcha = verify_recaptcha(model: @user) if using_recaptcha

Found in app/controllers/users_controller.rb - About 1 hr to fix

Create a ticket
Create a ticket

Method `subscribe_multiple_tag` has 38 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def subscribe_multiple_tag(tag_list)
    if !tag_list || tag_list == ''
      flash[:notice] = "Please enter tags for subscription in the url."
    else
      if tag_list.is_a? String

Found in app/controllers/users_controller.rb - About 1 hr to fix

Create a ticket
Create a ticket

Method `reset` has 35 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def reset
    if params[:key] && !params[:key].nil?
      @user = User.find_by(reset_key: params[:key])
      if @user
        if params[:user] && params[:user][:password]

Found in app/controllers/users_controller.rb - About 1 hr to fix

Create a ticket
Create a ticket

Method `save_settings` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def save_settings
    user_settings = [
      'notify-comment-direct:false',
      'notify-likes-direct:false',
      'notify-comment-indirect:false',

Found in app/controllers/users_controller.rb - About 1 hr to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `photo` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def photo
    @user = User.find_by(id: params[:uid])
    if current_user.uid == @user.uid || current_user.admin?
      @user.photo = params[:photo]
      if @user.save!

Found in app/controllers/users_controller.rb - About 1 hr to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Avoid deeply nested control flow statements.
Open

            if @user.changed? && @user.save
              flash[:notice] = I18n.t('users_controller.password_change_success')
              @user.password_checker = 0
              @user.save
              redirect_to "/dashboard"

Found in app/controllers/users_controller.rb - About 45 mins to fix

Create a ticket
Create a ticket

Method `delete_photo` has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def delete_photo
    @user = User.find_by(id: params[:id])
    if current_user.uid == @user.uid || current_user.admin?
      @user.photo = nil
      if @user.save!

Found in app/controllers/users_controller.rb - About 25 mins to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `edit` has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def edit
    @action = "update" # sets the form url
    @user = if params[:id] # admin only
              User.find_by(username: params[:id])
            else

Found in app/controllers/users_controller.rb - About 25 mins to fix

Read up
Read up
Create a ticket
Create a ticket

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def subscribe_multiple_tag(tag_list)
    if !tag_list || tag_list == ''
      flash[:notice] = "Please enter tags for subscription in the url."
    else
      if tag_list.is_a? String

Found in app/controllers/users_controller.rb and 1 other location - About 3 hrs to fix

Read up
Read up
Create a ticket
Create a ticket

app/controllers/user_sessions_controller.rb on lines 236..279

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 124.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Don't Repeat Yourself on the C2 Wiki
Duplicated Code on SourceMaking
Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76

Inconsistent indentation detected.
Open

   before_action :set_user, only: %i(info followed following followers)

Found in app/controllers/users_controller.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

This cops checks for inconsistent indentation.

Example:

class A
  def test
    puts 'hello'
     puts 'world'
  end
end

Use safe navigation (`&.`) instead of checking if an object exists before calling the method.
Open

        if params[:return_to] && params[:return_to].split('/')[0..3] == ["", "subscribe", "multiple", "tag"]

Found in app/controllers/users_controller.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

This cop transforms usages of a method call safeguarded by a non nil check for the variable whose method is being called to safe navigation (&.).

Configuration option: ConvertCodeThatCanStartToReturnNil The default for this is false. When configured to true, this will check for code in the format !foo.nil? && foo.bar. As it is written, the return of this code is limited to false and whatever the return of the method is. If this is converted to safe navigation, foo&.bar can start returning nil as well as what the method returns.

Example:

# bad
foo.bar if foo
foo.bar(param1, param2) if foo
foo.bar { |e| e.something } if foo
foo.bar(param) { |e| e.something } if foo

foo.bar if !foo.nil?
foo.bar unless !foo
foo.bar unless foo.nil?

foo && foo.bar
foo && foo.bar(param1, param2)
foo && foo.bar { |e| e.something }
foo && foo.bar(param) { |e| e.something }

# good
foo&.bar
foo&.bar(param1, param2)
foo&.bar { |e| e.something }
foo&.bar(param) { |e| e.something }

foo.nil? || foo.bar
!foo || foo.bar

# Methods that `nil` will `respond_to?` should not be converted to
# use safe navigation
foo.to_i if foo

Use `%w` or `%W` for an array of words.
Open

    if logged_in_as(['admin', 'moderator'])

Found in app/controllers/users_controller.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

This cop can check for array literals made up of word-like strings, that are not using the %w() syntax.

Alternatively, it can check for uses of the %w() syntax, in projects which do not want to include that syntax.

Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of 3 will not enforce a style on an array of 2 or fewer elements.

Example: EnforcedStyle: percent (default)

# good
%w[foo bar baz]

# bad
['foo', 'bar', 'baz']

Example: EnforcedStyle: brackets

# good
['foo', 'bar', 'baz']

# bad
%w[foo bar baz]

Use `||` instead of `or`.
Open

        @content_approved = !(Node.where(status: 1, uid: @profile_user.id).empty?) or !(Comment.where(status: 1, uid: @profile_user.id).empty?)

Found in app/controllers/users_controller.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

This cop checks for uses of and and or, and suggests using && and || instead. It can be configured to check only in conditions, or in all contexts.

Example: EnforcedStyle: always (default)

# bad
foo.save and return

# bad
if foo and bar
end

# good
foo.save && return

# good
if foo && bar
end

Example: EnforcedStyle: conditionals

# bad
if foo and bar
end

# good
foo.save && return

# good
foo.save and return

# good
if foo && bar
end

`rescue` at 457, 12 is not aligned with `end` at 461, 10.
Open

            rescue ActiveRecord::RecordInvalid

Found in app/controllers/users_controller.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

This cop checks whether the rescue and ensure keywords are aligned properly.

Example:

# bad
begin
  something
  rescue
  puts 'error'
end

# good
begin
  something
rescue
  puts 'error'
end

Use 2 (not 0) spaces for indentation.
Open

            flash[:error] = tag.errors.full_messages

Found in app/controllers/users_controller.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

This cops checks for indentation that doesn't use the specified number of spaces.

See also the IndentationConsistency cop which is the companion to this one.

Example:

# bad
class A
 def test
  puts 'hello'
 end
end

# good
class A
  def test
    puts 'hello'
  end
end

Example: IgnoredPatterns: ['^\s*module']

# bad
module A
class B
  def test
  puts 'hello'
  end
end
end

# good
module A
class B
  def test
    puts 'hello'
  end
end
end

Don't use parentheses around a method call.
Open

        @content_approved = !(Node.where(status: 1, uid: @profile_user.id).empty?) or !(Comment.where(status: 1, uid: @profile_user.id).empty?)

Found in app/controllers/users_controller.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

This cop checks for redundant parentheses.

Example:

# bad
(x) if ((y.z).nil?)

# good
x if y.z.nil?

Don't use parentheses around a method call.
Open

        @content_approved = !(Node.where(status: 1, uid: @profile_user.id).empty?) or !(Comment.where(status: 1, uid: @profile_user.id).empty?)

Found in app/controllers/users_controller.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

This cop checks for redundant parentheses.

Example:

# bad
(x) if ((y.z).nil?)

# good
x if y.z.nil?

Use `%w` or `%W` for an array of words.
Open

    if logged_in_as(['admin', 'moderator'])

Found in app/controllers/users_controller.rb by rubocop

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

This cop can check for array literals made up of word-like strings, that are not using the %w() syntax.

Alternatively, it can check for uses of the %w() syntax, in projects which do not want to include that syntax.

Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of 3 will not enforce a style on an array of 2 or fewer elements.

Example: EnforcedStyle: percent (default)

# good
%w[foo bar baz]

# bad
['foo', 'bar', 'baz']

Example: EnforcedStyle: brackets

# good
['foo', 'bar', 'baz']

# bad
%w[foo bar baz]

There are no issues that match your filters.