Fixes #3492 - POST /api/v1/users/avatar with empty input causes "undefined method `substr' for nil:NilClass"
This commit is contained in:
Mantas Masalskis
Thorsten Eckel
parent
7e54afcd25
commit
a3fe217ac6
4 changed files with 51 additions and 3 deletions
|
|
@ -781,8 +781,19 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content
|
|||
|
||||
def avatar_new
|
||||
# get & validate image
|
||||
file_full = StaticAssets.data_url_attributes(params[:avatar_full])
|
||||
file_resize = StaticAssets.data_url_attributes(params[:avatar_resize])
|
||||
begin
|
||||
file_full = StaticAssets.data_url_attributes(params[:avatar_full])
|
||||
rescue
|
||||
render json: { error: 'Full size image is invalid' }, status: :unprocessable_entity
|
||||
return
|
||||
end
|
||||
|
||||
begin
|
||||
file_resize = StaticAssets.data_url_attributes(params[:avatar_resize])
|
||||
rescue
|
||||
render json: { error: 'Resized image is invalid' }, status: :unprocessable_entity
|
||||
return
|
||||
end
|
||||
|
||||
avatar = Avatar.add(
|
||||
object: 'User',
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ returns
|
|||
end
|
||||
return data
|
||||
end
|
||||
raise "Unable to parse data url: #{data_url.substr(0, 100)}"
|
||||
raise "Unable to parse data url: #{data_url&.slice(0, 100)}"
|
||||
end
|
||||
|
||||
=begin
|
||||
|
|
|
|||
13
spec/lib/static_assets_spec.rb
Normal file
13
spec/lib/static_assets_spec.rb
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
require 'rails_helper'
|
||||
|
||||
RSpec.describe StaticAssets do
|
||||
describe '.data_url_attributes' do
|
||||
it 'raises error if empty string given' do
|
||||
expect { described_class.data_url_attributes('') }.to raise_error(/Unable to parse data url/)
|
||||
end
|
||||
|
||||
it 'raises error if nil' do
|
||||
expect { described_class.data_url_attributes(nil) }.to raise_error(/Unable to parse data url/)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -1431,4 +1431,28 @@ RSpec.describe 'User', type: :request do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'POST /api/v1/users/avatar', authenticated_as: :user do
|
||||
let(:user) { create(:user) }
|
||||
let(:base64) { 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==' }
|
||||
|
||||
def make_request(params)
|
||||
post '/api/v1/users/avatar', params: params, as: :json
|
||||
end
|
||||
|
||||
it 'returns verbose error when full image is missing' do
|
||||
make_request(avatar_full: '')
|
||||
expect(json_response).to include('error' => match(/Full/).and(match(/is invalid/)))
|
||||
end
|
||||
|
||||
it 'returns verbose error when resized image is missing' do
|
||||
make_request(avatar_full: base64)
|
||||
expect(json_response).to include('error' => match(/Resized/).and(match(/is invalid/)))
|
||||
end
|
||||
|
||||
it 'successfully changes avatar' do
|
||||
expect { make_request(avatar_full: base64, avatar_resize: base64) }
|
||||
.to change { Avatar.list('User', user.id) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue