Add shortcut to tip user #5415
Add shortcut to tip user #5415
Conversation
zoek1
requested review from
danlipert,
octavioamu and
thelostone-mc
as code owners
Codecov Report
@@ Coverage Diff @@
## master #5415 +/- ##
==========================================
+ Coverage 29.83% 30.23% +0.39%
==========================================
Files 241 248 +7
Lines 20433 21200 +767
Branches 2926 3072 +146
==========================================
+ Hits 6096 6409 +313
- Misses 14086 14515 +429
- Partials 251 276 +25
Continue to review full report at Codecov.
|
app/assets/v2/js/user-search.js
Outdated
| let existent_properties = {}; | ||
|
|
||
| if (base_user.element) { | ||
| let attr = base_user.element.attributes; |
There was a problem hiding this comment.
would it make sense to keep this as const ?
There was a problem hiding this comment.
🤔 maybe, we dont want alterate the attributes object, so const makes more sense than 'let`.
app/assets/v2/js/user-search.js
Outdated
| let attr_length = attr.length; | ||
|
|
||
|
|
||
| for (var i = 0; i < attr_length; i++) { |
app/dashboard/tip_views.py
Outdated
| @@ -379,5 +395,7 @@ def send_tip_2(request): | |||
| 'from_handle': from_username, | |||
| 'title': 'Send Tip | Gitcoin', | |||
| 'card_desc': 'Send a tip to any github user at the click of a button.', | |||
| 'user_json': user, | |||
| 'username': username | |||
There was a problem hiding this comment.
I wonder if we need to conditionally include these context params to prevent someone crafting a malicious URL and sending it to another user
| {% endblock %} | ||
| @ratelimit(key='ip', rate='5/m', method=ratelimit.UNSAFE, block=True) |
There was a problem hiding this comment.
That's embarrassing, i apologize for that, I remove immediately.
| {% if not user_json and username %} | ||
| <script> | ||
| setTimeout(function() { | ||
| alert("Sorry, we can find the user @{{ username }}"); |
There was a problem hiding this comment.
lets remove the username here - I'm not sure exactly how the django template injection prevention would work here, but I worry someone will create a URL with the username "); do_something_bad();
There was a problem hiding this comment.
Sure, no problem. Just by reference https://docs.djangoproject.com/en/2.2/topics/security/#cross-site-scripting-xss-protection
There was a problem hiding this comment.
Yeah - I'm just paranoid :) I trust the Django devs are good and all, but you can never be too careful!
| @@ -172,7 +172,7 @@ <h3>{% trans "with instructions about how to receive their tip." %}</h1> | |||
| {% if not user_json and username %} | |||
| <script> | |||
| setTimeout(function() { | |||
| alert("Sorry, we can find the user @{{ username }}"); | |||
| alert("Sorry, we can find the user"); | |||
There was a problem hiding this comment.
@thelostone-mc we should use _alert here, right?
|
@octavioamu could you review this PR? 😄 |
|
@zoek1 what would you guys think of adding a 'tip this user' button on the gitcoin profiile at https://bits.owocki.com/P8uYjrNd when this goes live? putting it next to the chat icon could be a really compelling way to drive more tips. @octavioamu @danlipert i'm excited for this to go live! can we get some review cycles on it? |
|
That would be great @owocki, definitely will be more accessible and I hope increase the tips for users. The button should be only text or will has the tip icon? Also will be the same color as the chat icon? |
| {% if not user_json and username %} | ||
| <script> | ||
| setTimeout(function() { | ||
| _alert("Sorry, we can find the user"); |
app/dashboard/tip_views.py
Outdated
| is_user_authenticated = request.user.is_authenticated | ||
| from_username = request.user.username if is_user_authenticated else '' | ||
| primary_from_email = request.user.email if is_user_authenticated else '' | ||
|
|
||
| user = {} | ||
| if username: | ||
| profiles = Profile.objects.filter(handle__icontains=username) |
There was a problem hiding this comment.
we should do an exact match here to prevent similar names matching: i.e. I try to tip user Dan but theres a user named DanBot. Since there's no order_by clause we can't be sure which user will get returned. Better to use iexact here.
There was a problem hiding this comment.
Good catch, i already changed it! 😃
|
@zoek1 same color as the chat icon pls + feel free to use this fontawesome icon for it https://fontawesome.com/icons/ethereum?style=brands |
|
The tip button at the user profile page look like this: |
|
@zoek1 looks really good! im pumped.. @danlipert can we target release this week for this |
looks like it didnt get into the release? any objections if i test/push it myself? |
Description
When a user adds the query parameter with a user handle, if the user exists set the user data at the tip form, if not display a error messages.
Refers/Fixes
#5346
Testing