To be reviewed later...

http://api.rubyonrails.org/classes/ActiveRecord/Callbacks.html

Planned work for Rails:

• Revise Seeds to match tags ID.
• Setup Final Production and Test seeding bed.

Things to do for v0.9:

• Implement Search Page
• Refactor Loading Page.
• Finish 404 Page
• Refactor User.index
• Set Header to 30px fixed.
• Lock frontend dependencies.
• Upgrade Ember Cli to 2.6.1
• Bundler upgrade
• Implement #28
• Finish up #17
• Finish up #30
• Post Fact Link and Faction links needs to be evaluated to lower Case on backend
• Post. Title Maximun amount of chars (100) on Backend
• User.full_name, personal message and other attributes backend length reinforcement.
• Like above, but for tags.
• Like above, but the comment system
• Solve Ember.js Tooltip issue
• Finish up all DELETE and SOFT DELETE on all resources.
• Finish up #11
• Finish up #16
• Admin Moderation Page.
• Reload text from store() when user cancels the edit for any given resource
• Add cancel button to resources being edited
• Server Side authenticity_token validation for user.edit
• Server Side validation for tags being edit for Admins (send token on update request.)
• Implement different user name colors depending on reputation.
• Change 422 responses to 403 for convention purposes.
• Tooltip information.
• Revert to hover for onClick tooltips.
• Post title on index needs right padding
• Footer Copyright info needs hide overflow to prefent footer size increase.
• Footer. Fix possible link overflow issue when there is not enough space. Increase CP (above) prority for the most amount of space possible?
• Categories, Fact Types and Genres filtering to top 10 not working 100% of the time...
• Post.create Missing tags overflowing into each other when there is not enough space.
• Post. Title Maximun amount of chars (100) on create
• Post. Title Maximun amount of chars (100) on edit
• Post Fact Link and Faction links needs to be evaluated to lower Case on create
• Post Fact Link and Faction links needs to be evaluated to lower Case on edit
• Make Sidebars visibility toggling system more straight forward instead of <| or |>
• Comment system not displaying post date (when the authorized user is not an owner.)
• Fakktion logo not resizing automatically.

New User System

Super User

Attained at 500 Reputation. 2x the voting score

• is_super_user implementation on backend and frontend.
• SuperUser Check implementation

Admin User

Attained at 1500 Reputation. 3x the voting score, and can edit tags.

• Admin Check implementation

Legendary User

Attained at 3000 Reputation. 4x the voting score, can edit tags, and delete resources with no dependencies.

• is_legend implementation on backend and frontend.
• Legend Check implementation

Things to cover:

• Difference between Genres, Topics and Fact Types and what is expected of each one of them.
• How to use Topic search
• How to use Genres/ Fact Types and Categories Search.
• Edge browser zoom issue.
• All Header Help information is complete
• All Footer Help information is complete
• All Post Help information is complete
• All commenting Help information is complete
• All Tags Help information is complete
• More instructions when creating posts, so that users know the flow.

Keep tabs on rails-api/active_model_serializers#933

And see if it merges with https://guides.emberjs.com/v2.3.0/models/creating-updating-and-deleting-records/#toc_handling-validation-errors

High Priority

• Broken Devise + Ember-simple-auth #27
• Admin can edit tags.

Normal Priority

• Decide on #21, and any further necessary changes to SCSS. Definitely not Bootstrap due to how terrible previous upgrade attempt was...
• Finish up all resources CREATE AND PUT...
• User.create gender to lowercase
• User/create Display Name validation needs to account for a few characters inputted
• User/create Email Regex needs to kick in after 8 characters instead of the current amount
• User/create Password "Too Short" needs to display "8 characters minimum" instead
• User/Create DOB boxes set limit on amount of characters per box for TAB function.
• User/Create DOB display message for dates older than 1900
• Fully cleanup User/create upon Server 200 (and then redirect the user to Login)
• Posts/create change "None" to select a X on the (right/left).
• Posts/Create change Text Dive to a richer text. Implement markup while going at it? Implementing a custom helper instead...
• Post/index revise fixed space for text and allow it to be dynamic with min-height instead.
• Posts/edit | Symbolic link to the above problem
• Index | Change X to "No X Tag selected" in order to reduce guessing about what the upper central panel does.
• Index Topics "Not Found. Check Manage Topics" needs to be more visible... Perhaps setting the bg color to light red to the text itself to red or dark yellow?
• Index | Add stronger division between Topic and Upper central panel tags,
• Create a Help page #25
• Fix Inner comments 404 issues.
• Comment System. Drop "Cannot by empty" string.
• Maintain at least 10 character needs to remove cursor pointer.
• Comment System Edit is being allowed to anyone... Restrict to owner only.
• Remove Inner comments String from each inner comment rendered.
• "Add Comment" text before render comments.create
• Post/index Title, tex, and each text under Post information need to remove cursor pointer due to possible issues with thinking that it is actually a link, when it is simply a text.
• Post/index Created By User is missing the actual link to the user profile.
• Post/Index links target to _blank
• Post/index adjusted paddings
• improved helpers to handle undefined Handlebars calls.
• Post/index implemented a better width control solution
• All buttons refactored and specific tag buttons created.
• Application and Index controller refactored to handle tag model.
• Application and Topics.index integration for smooth topic search.
• Refactored how posts were being shown on the index page. Added icons instead of displaying text for #views and #comments
• Fixed Shared Panel overflow height
• Created helper for # of comments and views of a post.
• Application Loading Page
• About and Support page merge
• Frontend limit on tag sizes.
• Backend limit on tag size.
• Empty tag forms on CREATE with response of 200.
• Navigation of creating resources refactored to be at most 5 navigations away from any other CREATE
• Frontend XSS Mitigation for Resources with Text
• Backend XSS Protection (Like a Boss!)
• Refactored Application Sidebars and central panel to act like toggable modules based on user input. Flex FTW!
• Partials are now under their own folders.
• Posts/create now properly warns about missing tags
• Posts/create Preview mode for Text.
• Flex refactored on current tags selected and HTML.
• More Post date filters so that there is a balance on the # of tags on each side of the screen.
• Refactored Category tag to cover wider topics and Genre tag to be more specific.
• A few resources did not contain css matches or had deprecated ones.
• Tags + Tag page normalization for easier learning curve.
• Blocked non admin users from acessing tag edit routes.

• Add an issue counter in Red abode each create/update button? Or something of the sorts alongside a red banner on the top of the application in order to guarantee that the user can realize that an input if not in accordance with the expectations.
• Tag Eligibility system.

Devise Recoverable will not be implemented since Fakktion will not use email capabilities. Therefore, a different implementation will be used.
#3 Words Password Recovery system.

Original idea:

Flow:

Creating Users

1. User.create on Frontend
2. User types 3 words between 4 and 6 chars long
3. XHR Request is sent
4. User.create on Backend
5. Words are hashed, and hints (first letter of each word) is stored separately
6. XHR Response is sent with User Model.

Updating Users

1. User.edit on Frontend
2. User can see the 3 words hints, but the 3 words will never be sent back.
3. XHR Request is sent
4. User.edit on Backend
5. Further elimination of params to remove any attempt in updating the hints or words.
6. XHR Response is sent with User Model.

Forgot Password

1. forgotPassword on Frontend
2. User types email.
3. If an email is located, show the hints for the 3 password recovery system and unlock the ability to type those 3 words.
4. XHR Request is sent through forgotPassword Model (email, resetedPassword (nil) and the 3 words)
5. forgotPassword on Backend to check those 4 values. If they match, Follow step 4a, if not, 4b.

4a. Replace Database password for this user with random 8 integers one
4a1. XHR 200 Response is sent with (email, resetPassword and the 3 words as nil.)
4a2. Alert User of new Password, and to immediately change it when logging in.

4b. XHR 403 Response
4b1. Alert User that one or more of the inputs are wrong.

• Develop outer comment (simply as comment)
• Develop inner comment (named as inner_comment)

Drop Usage of the current alert(), and instead make use of banners with warning and/or tooltips over the button where the request was made from with the exact error from server.

Notifications for unread resources

(New stands for things posted since user last-sign in date):

New inner comments of a comment.
New comments of a post

Beta Ready Checklist

• Create User
• Edit User
• Create Topic
• Edit Topic
• Create Fact Type
• Edit Fact Type
• Create Category
• Edit Category
• Create Post
• Edit Post
• Create Comment
• Edit Comment
• Create Inner Comment
• Edit Inner Comment

Other Items left to do.

• Finish up #25
• Redesign Sidebars
• Alert messages checklist
• Change seeds.rb to the new aggreement
• Refactor Post.index to the new agreement
• Reduce posting limit of all resources to 1 character.
• Finish #10
• Upgrade to v0.10 AMS Releases
• Finish Ubuntu Server 16 Deployment guide
• Finish Ubuntu Server 16 Maintenance guide
• Refactor Topic search (Deprecated on this commit)

Security issue from Hakiri: protect_from_forgery should be configured with 'with: :exception' in app/controllers/application_controller.rb

Fakktion frontend will now be locked with Ember CLI 2.6.0 dependencies. and Node.js will be locked at v5.10.1

Upgrade Attempt to v2.7.0-beta.2

Ember-data, Qunit and Ember-cli-blanket were not up to speed and caused deprecations warning upon initial startup (Output below.) However, Fakktion was still working even with a few Render Model param deprecation warnings.

DEPRECATION: Overriding init without calling this._super is deprecated. Please call `this._super.init && this._super.init.apply(this, arguments);` Ember CLI QUnit
    at Function.Addon.lookup (/home/deovandski/Fakktion/frontend/node_modules/ember-cli/lib/models/addon.js:896:27)
DEPRECATION: Overriding init without calling this._super is deprecated. Please call `this._super.init && this._super.init.apply(this, arguments);` Ember CLI Blanket
    at Function.Addon.lookup (/home/deovandski/Fakktion/frontend/node_modules/ember-cli/lib/models/addon.js:896:27)
DEPRECATION: Overriding init without calling this._super is deprecated. Please call `this._super.init && this._super.init.apply(this, arguments);` ember-data
    at Function.Addon.lookup (/home/deovandski/Fakktion/frontend/node_modules/ember-cli/lib/models/addon.js:896:27)
DEPRECATION: Overriding init without calling this._super is deprecated. Please call `this._super.init && this._super.init.apply(this, arguments);` ember-cli-dependency-checker
    at Function.Addon.lookup (/home/deovandski/Fakktion/frontend/node_modules/ember-cli/lib/models/addon.js:896:27)
DEPRECATION: Overriding init without calling this._super is deprecated. Please call `this._super.init && this._super.init.apply(this, arguments);` ember-cli-jshint
    at Function.Addon.lookup (/home/deovandski/Fakktion/frontend/node_modules/ember-cli/lib/models/addon.js:896:27)
DEPRECATION: Overriding init without calling this._super is deprecated. Please call `this._super.init && this._super.init.apply(this, arguments);` loader.js
    at Function.Addon.lookup (/home/deovandski/Fakktion/frontend/node_modules/ember-cli/lib/models/addon.js:896:27)
DEPRECATION: Overriding init without calling this._super is deprecated. Please call `this._super.init && this._super.init.apply(this, arguments);` ember-cli-rails-addon
    at Function.Addon.lookup (/home/deovandski/Fakktion/frontend/node_modules/ember-cli/lib/models/addon.js:896:27)
DEPRECATION: Overriding init without calling this._super is deprecated. Please call `this._super.init && this._super.init.apply(this, arguments);` release
    at /home/deovandski/Fakktion/frontend/node_modules/ember-cli/lib/models/project.js:404:38

Fakktion Frontend needs to be compliant with Deprecations introduced on 2.7+ in order for it to be ready for Ember.js 3.0

• SortBy on Filters present on the {{partials}}
• Add search bar to Genre and Fact Type partials. Reuse Application model

https://stackoverflow.com/questions/35534260/ember-2-3-record-is-updated-on-save-but-ember-still-says-that-it-failed-on

The idea for this feature would be for admin users to communicate with other users through application wide messages where all users can see them.

Checks initiated for Admin Messages

AdminMessage.create

• AdminCheck being run?
• AdminOldMessagesCheck bring run?

AdminMessage.edit

• Is the return of the check correct?
• Do not allow edit of messages older than 1 month to prevent issues with AdminOldMessagesCheck.
• AdminOldMessagesCheck bring run?

AdminMessage.delete

• Only allow deletion if older than 15 days.
• Only Legend can delete messages mannualy.

AdminOldMessagesCheck

• Any messages older than 1 month being deleted?
• Is the return correct? (number of current messages)

Ubuntu Deployment:

• Confirm SSL NGINX template configuration.

Planned work for Ember.js:

• Setup RESTFUL links for comments and add "Add comment" to an outlet instead of another page
• Post filter cleanup and test [See #20]
• FIlter by Date range needs implementation. [See #20]

Planned Work for EmberCLI:

• EmberCLI update to 2.0 Ember Cli Releases

Previous implementations described on Work History.

In order to prevent brute force attacks, ReCaptcha on Login form is a must.

https://www.google.com/recaptcha/

Other Deletion checks that will not be implemented

Checks that would be fulfilled:

Genre.delete

• is dependencies check being run?
• Is the legend check being run?

FactType.delete

• is dependencies check being run?
• Is the legend check being run?

Topic.delete

• is dependencies check being run?
• Is the legend check being run?

Category.delete

• is dependencies check being run?
• Is the delete check being run?

Post.delete

• Is there any dependencies?
• is the Owner check/ Admin check being performed?

Comment.delete

• Is there any dependencies?
• is the Owner check/ Legend check being performed?
• Is the associated votes being deleted?

CommentVote.delete

• Do not allow direct deletion.

InnerCommentVote.delete

• Do not allow direct deletion.

User.delete

• Allow deletion only if there are no dependencies.

AdminMessage.delete

• Only allow route entrance if admin.
• Only allow deletion if older than 15 days.
• Only Legend can delete messages manually.

Genre.delete

• is dependencies check being run?
• Is the legend check being run?

FactType.delete

• is dependencies check being run?
• Is the legend check being run?

Topic.delete

• is dependencies check being run?
• Is the legend check being run?

Category.delete

• is dependencies check being run?
• Is the delete check being run?

Post.delete

• Is there any dependencies?
• is the Owner check/ Admin check being performed?

Comment.delete

• Is there any dependencies?
• is the Owner check/ Legend check being performed?
• Is the associated votes being deleted?

InnerComment.delete

• Is there any dependencies?
• is the Owner check/ Legend check being performed?
• Is the associated votes being deleted?

CommentVote.delete

• Do not allow direct deletion.

InnerCommentVote.delete

• Do not allow direct deletion.

Ubuntu release checks:

• Finish #13

• Add fallback procedure to logout in case of adapter failure. Not perfect, but works for now.

Implement Pagination System for extreme scale up of posts on index and possible for tags management pages as well.

https://github.com/mharris717/ember-cli-pagination

Comment and Inner comment implementation could use something in the lines of infinite scroll capabilities? Or this feature could be also used on the previous stated resources as well for the sake of repetition.

Possible classe structure:

vote box

• upvotebox
  • upvote_button
    • current_vote box
  • current_vote_label
    • {{ember hook}}
  • downvote box
    • downvote_button

For each comment, display counters N and M based on current dimensional array being looped through?

Loading template customized for each CM or ICM? or inherit from Application?

• Unify User soft_delete, hidden and is_banned (Fixed on a previous commit.)
• Finish #19
• Fix creating posts issue.
• Fixed Editing posts and refactored logic for partial tag update
• Documentation accross API.
• Server Side validation for LocalStorage. Prevent User impersonation from the client
• Permanently remove authenticity_token from all user queries. The only endpoint that should give away the token is for Devise sign-in (which requires knowing the user password...)
• Solve update without password... Depending on https://stackoverflow.com/questions/36121282/how-to-remove-parameters-from-ams-0-10-0-rc4-deserialization
• Implemented 404 handlers.
• Refactored Resources to use API controller main method for CREATE, PUT AND DELETE
• Implemented DESTROY restrictions on all resources to prevent hasMany and belongsTo possible Issues.
• Basic Testing procedures implemented on all resources.
• Model tag methods is now using inheritance to follow DRY patterns
• Ember-cli-blanket implementation
• Extended Rails tests for Model, Controllers, Serializers and etc. Achieve Coverage of ~90%. Will depend on this StackOverflow question.
• Ember Cli Code coverage implementation (Logic implemented, but CodeCLimate does not accept the logic for multiple payloads)
• Split Code Covergae so that CodeClimate reports Frontend and Coveralls reports Backend.
• TravisCI build updated
• Finished #9 for both Users.create and User.edit
• Resolved Moment.js falling back to Datejs construction
• Post views counter now fully working.
• Refactored selected tags and containers to its own button for further customization on Experimental v0.7

Work Done on the closing commit:

• String normalization across the entire application. Values in which comparison is performed such as email is now stored as lower case throughout the underhood and displayed as Capitalized on the frontend through a Handlebars helper.
• Unified Post and Comment soft_delete and hidden as the external appearance will be similar.
• Models are now normalizing incoming data and checking for crucial missing data such as is_admin.
• Documentation for Work History and Planned Work is now implemented alongside the issue tracking system.
• Fixed Fixtures

Work History until v0.5

• Rails 4.2 implementation
• Assets Pipeline including bourbon and neat setup
• Server Setup
• Database initial migrations
• ERD implementation
• Ember-Rails 1.8 implementation
• Active Model Serializers implementation
• Ember-Data implementation
• JSON API setup
• Ember-Rails Adapters, Controllers, Templates, and Views setup.
• Ember-Rails: View posts based on selected tags user story implementation
• Ember.js sources upgrade to 1.13
• Resolved deprecations and errors caused by migration
• Devise Implementation
• EmberCLI migration
• Resolved deprecations from CLI Migrations
• Pipeline Asset fix
• Ember Devise Login
• Custom Session for Login
• Rails to ember routes transition implemented. Sharing links should automatically make Rails redirect it to ember, and ember should be able to understand what they are about.
• Raw RESTful Links implemented for post creation and edit.
• Create Application space for displaying tags and topic search (above application outlet) {now named Center Panel}
• Changed CSS to support Center Panel.
• Genres live tag manipulation (Displays the selected tag name and allows user to clear selection.)
• Setup Travis CI and underlying testing foundation for Rails and Ember.
• Setup Code Coverage for Rails.
• Live tag manipulation user story implementation
• Hide/show CentralPanel and Sidebars based on currentRoute implemented.
• Complete the setup for almost all RESTful links for posts
• Attempted to switch from Partial to Render, but Render helper is not the solution for the relational tags
• Refactored application partials in order to separate them from the RESTful links.
• Refactored Router to reflected RESTful links (including upcoming ones.)
• Added Show/Hide Buttons for all tags
• Refactored buttons mixins to support different types of buttons.
• Changed Central Upper Panel G/FT/C and PD tags to support button_type2
• Changed documentation and created Design and Code information documents for developers looking to see the overall functionality of the project and some technical information not available on the research paper.
• Deleted several deprecated files carried over from the initial project (When everything was created on Rails)
• Users able to create Posts from the current Genre, Fact Type, and Category selected tags story implementation
• Scss initial ember and rails split and scss setup for create RESTful pages.
• Changed facebook_id to facebookURL across the application.
• Fixed Central Panel and Sidebars visibility based on current route.
• Fixed css for creating new User template. Now everything is well aligned and dynamic sized.
• New footer css! Now all content will be properly organized above the footer while it stays in the bottom.
• Code Climate upgraded to use the new Engines-enabled config file.
• Moment.js now available for date manipulation
• Sign Up validation now also checks against users model for uniqueness. Now it only misses handling birthday input and check if date => 18 years.
• Ember Devise SignUp (User RESTfull links setup) is now complete!
• Revised camelCase and under_score_case usage throughout the frontend and backend.
• Full Name privacy is now enabled on user signup.
• User Profile (user.show) link is now live and with raw css
• Added a confirmation message for user logout.
• Implemented the display for posts and comments created by an user.
• 3/4 implementing User being able to edit information.
• Profile Page
• SCSS structure update for entire project and added new MixinsButtons.
• Index Page is now just a welcome page while posts.index became the new forum.
• Genre Manage button redirects to the genres.index for future development.
• Fixed error caused by null default values and fixed a possible exploit of a new user becoming admin or super user on users/create.
• Complete the setup for all RESTful links for tags
• Rails Asset Pipeline is now working!
• Hide/shows buttons changed to match initial expectation (see research link on Readme.md)
• Rails counter_cache has been set accross the application.
• Search by Topic name has been implemented.
• Search by Post date is now setup
• Ember-cli updated to 1.13.8
• Comments resource has been implemented on posts.
• Raw post.index implemented and post edit route is complete
• Active Model Serializers upgrade to 0.10.0.rc2 including entire project plural/singular and relationships normalization.
• Fact Types, Genres and Topics RESTful links implementation
• Active Model Serializers upgrade to 0.10.0.rc3.
• JSON API Implementation (JSONAPI branch has all the details)

Noticed on Checkpoint 8 committed on 3/30/16. Devise sign in always responds with the same user upon signin even if there are other credentials...

Root cause unknown. Ideas to investigate:

• Cookie based CSRFprotection somehow interfering with Devise? Pull a Experimental v0.5 commit and thoroughly test to see if the nonimplementation of CSRF allows it to work.
• Devise dropped support for token on 3.x... Further check how this will be dealt with or if the recent up in version was the reason behind the failure.
• Devise not handling Destroy session properly? If so, drop the use of custom session? Guarantees that it will not be as finicky?

Stuff left to do regarding Post filtering:

• Implement the search date range function.
• Blackbox testing of each searching. 11111 seems fine, 11000, 11100, 11110 seems to contain some issues... The two below are related.
• Find root cause behind Posting Date and Fact Type no post issue.
• Find root cause behind Posting Date and Category no post issue.

• Comments Upvote/Downvote system.
• Inner Comments Upvote/Downvote system.
• Post Upvote/Downvote system final decision.
• Tags of a post being created needs to be more eye-catchy.
• Add "Create Post" button to Select Topics page.
• Add more information on Post.create about how tags are created.
• Add basic HTML tags info
• Removed Post importance/eligibility counter.
• remove hidden attribute from comments and inner comments for the sake of dynamic application of it during controller init...
• Finish #29
• Made Tag buttons more consistent in width.
• Application and Tags.Index unified variables
• Improved Posts.create warning tags and HTML basics
• Display Post creation date in the place of edit button when the post is not created by the user.
• Impose a text limit on Posts, comments and inner comments.
• Inner Comment reduce Textbox Are size to 1/4 of the current size.
• Implement ol, ol and li for lists.
• Revise seeds for now allowed s, b and i, and removal of the H4 for in favor of H5
• Refactored Post Information
• Undo changes when user cancel edits.
• Remove Banned date and times banned for new banning system to take place
• Implement Reputation system
• Make sure that Hidden attribute is removed.
• Double Character count for all resources
• Comments and Inner comments needs to be sorted by empathy_level
• Major Fakktion styles Refactor for unification under setup.
• Styles Issue fixed which caused major blank areas on certain mobile screens.
• Tooltips scss override to prevent using 100% from ember-view
• All tag selection buttons refactored to save space
• Posts/create | URL regex for both fact and fiction link?
• Posts/edit | Symbolic link to the above problem
• Resize Header for mobile viewing.
• Footer media queries to allow more main space.
• Index Page Comment and View count resize.
• Index Create Post resize buttom to auto instead of 100%
• Comment and Inner Comment allow resize of user info box to allow more text space.

Tests procedures

• Base tests from all Checklists.

User.create

Force the following to be default when creating a User:

• admin_messages_count
• comments_count
• facebook_url
• is_admin
• is_super_user
• is_legend
• twitter_utl
• Is the unique keys being checked against?

User.edit

• is authorization check being used?
• is the Super User check being run for profile check?
• is the Admin check being run for profile check?
• is the Legend check being run for profile check?
• Is the unique keys being checked against?

User.delete

• Do not allow deletion

Super User Method Check

• Is the reputation being checked against for super user? (500 Reputation)
• is the user being upgrade/downgrade according to his/her reputation?
• Correct return?

Admin Method Check

• Is the reputation being checked against for admin? (1500 Reputation)
• is the user being upgrade/downgrade according to his/her reputation?
• Correct return?

Legend Method Check

• Is the reputation being checked against for legend? (3000 Reputation)
• is the user being upgrade/downgrade according to his/her reputation?
• Correct return?

Authorization Check

is the following being checked against?

• User authentication token
• email
• user Id
• Is the return of the check correct?

Genre.create

• Is the counters being set to 0?
• Is the unique name key being checked against?

Genre.edit

• Is the unique name key being checked against?
• Is the admin check being run?

FactType.create

• Is the counters being set to 0?
• Is the unique name key being checked against?

FactType.edit

• Is the unique name key being checked against?
• Is the admin check being run?

Topic.create

• Is the counters being set to 0?
• Is the unique name key being checked against?

Topic.edit

• Is the unique name key being checked against?
• Is the admin check being run?

Category.create

• Is the counters being set to 0?
• Is the unique name key being checked against?

Category.edit

• Is the unique name key being checked against?
• Is the admin check being run?

Post.create

• Is there a Topic, Category, FactType and Genre tag present?
• Is the User belongs to present?
• Is the text size limits being followed? min 10/max 1k
• Is the fact and Fiction link REGEX being followed?
• is XSS attacks being prevented like a boss?

Post.edit

• Is there a Topic, Category, FactType and Genre tag present?
• Is the User belongs to present?
• Is the text size limits being followed? min 10/max 1k
• Is the fact and Fiction link REGEX being followed?
• is XSS attacks being prevented like a boss?
• is the Owner check being performed?

Comment.create

• Is the User and Post belongs to present?
• Is the text size limits being followed? min 10/max 500
• is XSS attacks being prevented like a boss?

Comment.edit

• Is the User and Post belongs to present?
• Is the text size limits being followed? min 10/max 500
• is XSS attacks being prevented like a boss?
• is the Owner check being performed?

InnerComment.create

• Is the User and Comment belongs to present?
• Is the text size limits being followed? min 10/max 250

InnerComment.edit

• Is the User and Comment belongs to present?
• Is the text size limits being followed? min 10/max 250
• is the owner check being performed?

InnerComment.delete

• Is there any dependencies?
• is the Owner check/ Legend check being performed?
• Is the associated votes being deleted?

CommentVote.create

• is the Super User check being run for profile check?
• is the Admin check being run for profile check?
• is the Legend check being run for profile check?
• Is superUser getting 2x the score?
• Is admins getting 3x the score?
• Is legends getting 4x the score?

CommentVote.edit

• is the Super User check being run for profile check?
• is the Admin check being run for profile check?
• is the Legend check being run for profile check?
• Is superUser getting 2x the score?
• Is admins getting 3x the score?
• Is legends getting 4x the score?

InnerCommentVote.create

• is the Super User check being run for profile check?
• is the Admin check being run for profile check?
• is the Legend check being run for profile check?
• Is superUser getting 2x the score?
• Is admins getting 3x the score?
• Is legends getting 4x the score?

InnerCommentVote.edit

• is the Super User check being run for profile check?
• is the Admin check being run for profile check?
• is the Legend check being run for profile check?
• Is superUser getting 2x the score?
• Is admins getting 3x the score?
• Is legends getting 4x the score?

Frontend Checks

Token Validation

• is the check being performed upon LocalStorage usage?
• is the appropriate actions being taken upon 403?

User Signup

• Is all the required fields correctly being filled?
• is all warning for required fields implemented?
• is all resources being sent upon store.save()?

User.edit

• is owner check authorization being checked upon entering route?
• Is the unique keys being checked against?
• Resources being reloaded upon edit canceled?
• Is the resources being sent?
• edit.js 288: this.get(...).rollbackAttributes is not a function

AdminMessage.create

• Is is fully disabled?

AdminMessage.edit

• Is is fully disabled?

Genre.create

• Is the counters being set to 0?
• Is the unique name key being checked against?
• Is the resources being sent?

Genre.edit

• Is the unique name key being checked against?
• Is the admin check being run?
• Resources being reloaded upon edit canceled?
• Is the resources being sent?

FactType.create

• Is the counters being set to 0?
• Is the unique name key being checked against?
• Is the resources being sent?

FactType.edit

• Is the unique name key being checked against?
• Is the admin check being run?
• Resources being reloaded upon edit canceled?
• Is the resources being sent?

Topic.create

• Is the counters being set to 0?
• Is the unique name key being checked against?
• Is the resources being sent?

Topic.edit

• Is the unique name key being checked against?
• Is the admin check being run?
• Resources being reloaded upon edit canceled?
• Is the resources being sent?

Category.create

• Is the counters being set to 0?
• Is the unique name key being checked against?
• Is the resources being sent?

Category.edit

• Is the unique name key being checked against?
• Is the admin check being run?
• Resources being reloaded upon edit canceled?
• Is the resources being sent?

Post.create

• Is there a Topic, Category, FactType and Genre tag present?
• Is the User belongs to present?
• Is the text size limits being followed? min 10/max 2k
• Is the resources being sent?

Post.edit

• Is there a Topic, Category, FactType and Genre tag present?
• Is the text size limits being followed? min 10/max 2k
• Is the fact and Fiction link REGEX being followed?
• is the Owner check being performed?
• Resources being reloaded upon edit canceled?
• Is the resources being sent?

Comment.create

• Is the User and Post belongs to present?
• Is the text size limits being followed? min 10/max 1k
• Is the resources being sent?

Comment.edit

• Is the User and Post belongs to present?
• Is the text size limits being followed? min 10/max 1k
• Is the resources being sent?
• is the Owner check being performed?
• Resources being reloaded upon edit canceled?

InnerComment.create

• Is the User and Comment belongs to present?
• Is the text size limits being followed? min 10/max 500
• Is the resources being sent?

InnerComment.edit

• Is the User and Comment belongs to present?
• Is the text size limits being followed? min 10/max 500
• is the owner check being performed?
• Resources being reloaded upon edit canceled?
• Is the resources being sent?

CommentVote.create

• is the Super User check being run for profile check?
• is the Admin check being run for profile check?
• is the Legend check being run for profile check?
• Is superUser getting 2x the score?
• Is admins getting 3x the score?
• Is legends getting 4x the score?
• Is the resources being sent?

CommentVote.edit

• is the Super User check being run for profile check?
• is the Admin check being run for profile check?
• is the Legend check being run for profile check?
• Is superUser getting 2x the score?
• Is admins getting 3x the score?
• Is legends getting 4x the score?
• Is the resources being sent?

InnerCommentVote.create

• is the Super User check being run for profile check?
• is the Admin check being run for profile check?
• is the Legend check being run for profile check?
• Is superUser getting 2x the score?
• Is admins getting 3x the score?
• Is legends getting 4x the score?

InnerCommentVote.edit

• is the Super User check being run for profile check?
• is the Admin check being run for profile check?
• is the Legend check being run for profile check?
• Is superUser getting 2x the score?
• Is admins getting 3x the score?
• Is legends getting 4x the score?

Other Frontend checks

• Perform Validation on this.route('header');
• Perform Validation on this.route('login', { path: '/login' });
• Perform Validation on this.route('adminPanel', { path: '/adminPanel' });
• Perform Validation on

this.route('users', function(){
    this.route('create');
  });

• Perform Validation on

this.route('user', { path:'user/:user_id' }, function() {
    this.route('edit');
    this.route('posts'); // view all posts by x User
    this.route('comments'); // View all Comments by x User
  });

• Perform Validation on

this.route('adminMessages', function(){
    this.route('create');
  });

• Perform Validation on

this.route('adminMessage', { path:'adminMessage/:admin_message_id' }, function() {
    this.route('edit');
  });

• Perform Validation on

 this.route('posts', function(){
    this.route('create');
  });

• Perform Validation on

this.route('post', { path:'post/:post_id' }, function() {
    this.route('edit');
    this.route('comments', function(){
      this.route('create');
    });

• Perform Validation on

this.route('comment', { path:'comment/:comment_id' }, function() {
      this.route('innerComments', function(){
        this.route('create');
      });
      this.route('innerComment', { path:'innerComment/:inner_comment_id' }, function() {
      });
    });
  });

• Perform Validation on

  this.route('genres', function(){
    this.route('create');
  });
  this.route('genre', { path:'genre/:genre_id' }, function() {
    this.route('edit');
  });

• Perform Validation on

  this.route('factTypes', function(){
    this.route('create');
  });
  this.route('factType', { path:'factType/:factType_id' }, function() {
    this.route('edit');
  });

• Perform Validation on

  this.route('topics', function(){
    this.route('create');
  });
  this.route('topic', { path:'topic/:topic_id' }, function() {
    this.route('edit');
  });

• Perform Validation on

  this.route('categories', function(){
    this.route('create');
  });
  this.route('category', { path:'category/:category_id' }, function() {
    this.route('edit');
 });

• Perform Validation on this.route('footer');
• Perform Validation on this.route('legalInfo');
• Perform Validation on this.route('privacyInfo');
• Perform Validation on this.route('support');
• Perform Validation on this.route('not-found', { path: '/*wildcard' });

Hacking Attempts

• Is LocalStorage not being fooled by tampering with its data?
• Is Backend reinforcing tokens?
• Are Passwords secured?
• Is reputation out of reach from being manipulated through update(params)?

Other Checks

• All code follow spaces instead of tabs.
• All Header buttons works
• All Footer buttons works
• All Post related buttons works
• All commenting system buttons works
• All Tags buttons works
• Frontend Coverage is above 75%?
• Backend Coverage is above 90%?

New banning system idea

Instead of using workers, or relying on period bans, the new system will solely rely on User reputation.

• When a user is banned or the account has been soft_deleted, display a note alongside the user identification on posts and comments.
• Allow a User to log in during all bans

Level 1 Ban = -100 Reputation

• User can control his/her profile, create comments and posts during the ban. However, all other functionalities are blocked.
• Backend enforcement of said rule.

Level 2 Ban = -250 Reputation

• User can control his/her profile, and create comments and Inner Comments. However, all other functionalities including creating posts are blocked.
• Backend enforcement of said rule.

Level 3 Ban = -500 Reputation

• User can control his/her profile and create Inner Comments.
• Backend enforcement of said rule.

Level 4 Ban = -1000 Reputation

• User can control his/her profile for the duration of the ban. Aso, show a message that the user is banned permanently.
• Backend enforcement of said rule.

Applications that pass unverified user input to the render method in a controller or a view may be vulnerable to a code injection.

An attacker could use the request parameters to coerce the controller to execute arbitrary ruby code.

Affected versions: 3.2.x, 4.0.x, 4.1.x, 4.2.x
Not affected: 5.x
Fixed versions: 3.2.22.2, 4.1.14.2, 4.2.5.2
Identifier: CVE-2016-2098
Solution: Upgrade to latest or use workaround; see provided link.
Credit: Tobias Kraze from makandra and Joernchen of Phenoelit
Source: https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q

Planned Work for AMS implementation:

• JSON API Implementation.
• Deserialization ( Depending on #1235.)
• Code cleanup for convention purposes.

Planned Work for Ember Data implementation:

• JSON API Implementation.
• Fix Deprecations and Update to Ember Data 2.0 (depends on EmberCLI)
• Code cleanup for convention purposes.

• Separate DOB into three boxes for both User/edit and users/create

Follow up on #12 as I prepare to close #14. soft_delete is a requirement as is_banned alongside times_banned is not the best route to find if the user is currently banned or if the user requested the deletion of his/ her account.

Using soft_delete will allow the display of "Account deactivated" rather easily. Also, soft_delete will allow the user to reactivate the account rather easily. Hard delete could be done with a user shim that display deleted account instead of upgrading the system to handle such event...

Security issue from Hakiri: There is a possible XSS vulnerability in Action View. Text declared as

Security issue from Hakiri: Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks. For more...

Change page titles as user enter certain resources such as posts or routes.

ember-cli-document-title is the way to go if this would be ever implemented

• Revise Production seeding when leaving experimental to not delete any data...
• Comment seeding is evaluating wrongly when Comment.count is 0. (Introduced on 17da501)