Make endpoint and subscription parameters required on web push endpoints

This commit is contained in:
Karina Kwiatek 2023-01-04 12:32:16 +01:00 committed by Andreas Nedbal
parent 9fd3940b7d
commit 3105cb74b4

View file

@ -12,7 +12,7 @@ class Ajax::WebPushController < AjaxController
end end
def check def check
params.permit(:endpoint) params.require(:endpoint)
found = current_user.web_push_subscriptions.where("subscription ->> 'endpoint' = ?", params[:endpoint]).first found = current_user.web_push_subscriptions.where("subscription ->> 'endpoint' = ?", params[:endpoint]).first
@ -29,6 +29,8 @@ class Ajax::WebPushController < AjaxController
end end
def subscribe def subscribe
params.require(:subscription)
WebPushSubscription.create!( WebPushSubscription.create!(
user: current_user, user: current_user,
subscription: params[:subscription] subscription: params[:subscription]
@ -40,7 +42,7 @@ class Ajax::WebPushController < AjaxController
end end
def unsubscribe # rubocop:disable Metrics/AbcSize def unsubscribe # rubocop:disable Metrics/AbcSize
params.permit(:endpoint) params.require(:endpoint)
removed = if params.key?(:endpoint) removed = if params.key?(:endpoint)
current_user.web_push_subscriptions.where("subscription ->> 'endpoint' = ?", params[:endpoint]).destroy_all current_user.web_push_subscriptions.where("subscription ->> 'endpoint' = ?", params[:endpoint]).destroy_all