Fixes #3492 - POST /api/v1/users/avatar with empty input causes "undefined method `substr' for nil:NilClass"

This commit is contained in:
Mantas Masalskis 2021-04-30 13:36:23 +00:00 committed by Thorsten Eckel
parent 7e54afcd25
commit a3fe217ac6
4 changed files with 51 additions and 3 deletions

View file

@ -781,8 +781,19 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content
def avatar_new
# get & validate image
file_full = StaticAssets.data_url_attributes(params[:avatar_full])
file_resize = StaticAssets.data_url_attributes(params[:avatar_resize])
begin
file_full = StaticAssets.data_url_attributes(params[:avatar_full])
rescue
render json: { error: 'Full size image is invalid' }, status: :unprocessable_entity
return
end
begin
file_resize = StaticAssets.data_url_attributes(params[:avatar_resize])
rescue
render json: { error: 'Resized image is invalid' }, status: :unprocessable_entity
return
end
avatar = Avatar.add(
object: 'User',

View file

@ -24,7 +24,7 @@ returns
end
return data
end
raise "Unable to parse data url: #{data_url.substr(0, 100)}"
raise "Unable to parse data url: #{data_url&.slice(0, 100)}"
end
=begin

View file

@ -0,0 +1,13 @@
require 'rails_helper'
RSpec.describe StaticAssets do
describe '.data_url_attributes' do
it 'raises error if empty string given' do
expect { described_class.data_url_attributes('') }.to raise_error(/Unable to parse data url/)
end
it 'raises error if nil' do
expect { described_class.data_url_attributes(nil) }.to raise_error(/Unable to parse data url/)
end
end
end

View file

@ -1431,4 +1431,28 @@ RSpec.describe 'User', type: :request do
end
end
end
describe 'POST /api/v1/users/avatar', authenticated_as: :user do
let(:user) { create(:user) }
let(:base64) { 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==' }
def make_request(params)
post '/api/v1/users/avatar', params: params, as: :json
end
it 'returns verbose error when full image is missing' do
make_request(avatar_full: '')
expect(json_response).to include('error' => match(/Full/).and(match(/is invalid/)))
end
it 'returns verbose error when resized image is missing' do
make_request(avatar_full: base64)
expect(json_response).to include('error' => match(/Resized/).and(match(/is invalid/)))
end
it 'successfully changes avatar' do
expect { make_request(avatar_full: base64, avatar_resize: base64) }
.to change { Avatar.list('User', user.id) }
end
end
end