coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: Move collection index validation logic to a context assert function (#2116)

Browse Source 
* Abstract validation logic for readability

* Add index validation in collections.move

* Add tests
This commit is contained in:
Saumya Pandey
2021-05-10 11:00:37 +05:30
committed by GitHub
parent 721e7466e6
commit 985f0da674
4 changed files with 35 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/api/collections.js
View File

@ -67,12 +67,10 @@ router.post("collections.create", auth(), async (ctx) => {
}); });
if (index) { if (index) {
const allowedASCII = new RegExp(/^[\x21-\x7E]+$/); ctx.assertIndexCharacters(
if (!allowedASCII.test(index)) { index,
throw new ValidationError( "Index characters must be between x21 to x7E ASCII"
"Index characters must be between x21 to x7E ASCII" );
);
}
} else { } else {
index = fractionalIndex( index = fractionalIndex(
null, null,
@ -664,6 +662,10 @@ router.post("collections.move", auth(), async (ctx) => {
let index = ctx.body.index; let index = ctx.body.index;
ctx.assertPresent(index, "index is required"); ctx.assertPresent(index, "index is required");
ctx.assertIndexCharacters(
index,
"Index characters must be between x21 to x7E ASCII"
);
ctx.assertUuid(id, "id must be a uuid"); ctx.assertUuid(id, "id must be a uuid");
const user = ctx.state.user; const user = ctx.state.user;

17
server/api/collections.test.js
View File

@ -162,6 +162,15 @@ describe("#collections.move", () => {
expect(body.success).toBe(true); expect(body.success).toBe(true);
}); });
it("should return error when index is not valid", async () => {
const { admin, collection } = await seed();
const res = await server.post("/api/collections.move", {
body: { token: admin.getJwtToken(), id: collection.id, index: "يونيكود" },
});
expect(res.status).toEqual(400);
});
it("if index collision occurs, should updated index of other collection", async () => { it("if index collision occurs, should updated index of other collection", async () => {
const { user, admin, collection } = await seed(); const { user, admin, collection } = await seed();
const createdCollectionResponse = await server.post( const createdCollectionResponse = await server.post(
@ -1019,6 +1028,14 @@ describe("#collections.create", () => {
expect(body.policies[0].abilities.export).toBeTruthy(); expect(body.policies[0].abilities.export).toBeTruthy();
}); });
it("should error when index is invalid", async () => {
const user = await buildUser();
const res = await server.post("/api/collections.create", {
body: { token: user.getJwtToken(), name: "Test", index: "يونيكود" },
});
expect(res.status).toEqual(400);
});
it("should allow setting sharing to false", async () => { it("should allow setting sharing to false", async () => {
const { user } = await seed(); const { user } = await seed();
const res = await server.post("/api/collections.create", { const res = await server.post("/api/collections.create", {

6
server/middlewares/validation.js
View File

@ -2,6 +2,7 @@
import { type Context } from "koa"; import { type Context } from "koa";
import validator from "validator"; import validator from "validator";
import { validateColorHex } from "../../shared/utils/color"; import { validateColorHex } from "../../shared/utils/color";
import { validateIndexCharacters } from "../../shared/utils/indexCharacters";
import { ParamRequiredError, ValidationError } from "../errors"; import { ParamRequiredError, ValidationError } from "../errors";
export default function validation() { export default function validation() {
@ -60,6 +61,11 @@ export default function validation() {
} }
}; };
ctx.assertIndexCharacters = (value, message) => {
if (!validateIndexCharacters(value)) {
throw new ValidationError(message);
}
};
return next(); return next();
}; };
} }

4
shared/utils/indexCharacters.js Normal file
View File

@ -0,0 +1,4 @@
// @flow
export const validateIndexCharacters = (index: string) =>
/^[\x21-\x7E]+$/i.test(index);