From 56eda5abf9353cf84bacf9e72a48848dbb38f3e0 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Mon, 8 Sep 2014 15:17:31 -0400
Subject: [PATCH] FIX: Don't allow profile bios longer than 3k chars

---
 .../discourse/controllers/preferences.js.es6          |  8 ++++++--
 app/controllers/application_controller.rb             | 11 +++++++++--
 app/controllers/users_controller.rb                   |  2 +-
 app/models/user_profile.rb                            |  1 +
 app/services/user_updater.rb                          |  3 +--
 config/locales/server.en.yml                          |  2 ++
 db/migrate/20140908191429_trim_profile_length.rb      |  6 ++++++
 spec/fabricators/user_profile_fabricator.rb           |  5 +++++
 spec/models/user_profile_spec.rb                      |  5 +++++
 9 files changed, 36 insertions(+), 7 deletions(-)
 create mode 100644 db/migrate/20140908191429_trim_profile_length.rb

diff --git a/app/assets/javascripts/discourse/controllers/preferences.js.es6 b/app/assets/javascripts/discourse/controllers/preferences.js.es6
index 9ed837fd3..67f9f76ed 100644
--- a/app/assets/javascripts/discourse/controllers/preferences.js.es6
+++ b/app/assets/javascripts/discourse/controllers/preferences.js.es6
@@ -92,10 +92,14 @@ export default ObjectController.extend({
         }
         self.set('bio_cooked', Discourse.Markdown.cook(Discourse.Markdown.sanitize(self.get('bio_raw'))));
         self.set('saved', true);
-      }, function() {
+      }, function(error) {
         // model failed to save
         self.set('saving', false);
-        alert(I18n.t('generic_error'));
+        if (error && error.responseText) {
+          alert($.parseJSON(error.responseText).errors[0]);
+        } else {
+          alert(I18n.t('generic_error'));
+        }
       });
     },
 
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f75ae63c9..08b2bf346 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -292,7 +292,6 @@ class ApplicationController < ActionController::Base
 
     def json_result(obj, opts={})
       if yield(obj)
-
         json = success_json
 
         # If we were given a serializer, add the class to the json that comes back
@@ -302,7 +301,15 @@ class ApplicationController < ActionController::Base
 
         render json: MultiJson.dump(json)
       else
-        render_json_error(obj)
+        error_obj = nil
+        if opts[:additional_errors]
+          error_target = opts[:additional_errors].find do |o|
+            target = obj.send(o)
+            target && target.errors.present?
+          end
+          error_obj = obj.send(error_target) if error_target
+        end
+        render_json_error(error_obj || obj)
       end
     end
 
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index e08f4df69..161e4da62 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -44,7 +44,7 @@ class UsersController < ApplicationController
   def update
     user = fetch_user_from_params
     guardian.ensure_can_edit!(user)
-    json_result(user, serializer: UserSerializer) do |u|
+    json_result(user, serializer: UserSerializer, additional_errors: [:user_profile]) do |u|
       updater = UserUpdater.new(current_user, user)
       updater.update(params)
     end
diff --git a/app/models/user_profile.rb b/app/models/user_profile.rb
index ed8f910f3..c78cee3ef 100644
--- a/app/models/user_profile.rb
+++ b/app/models/user_profile.rb
@@ -1,6 +1,7 @@
 class UserProfile < ActiveRecord::Base
   belongs_to :user, inverse_of: :user_profile
 
+  validates :bio_raw, length: { maximum: 3000 }
   validates :user, presence: true
   before_save :cook
   after_save :trigger_badges
diff --git a/app/services/user_updater.rb b/app/services/user_updater.rb
index 214e8a6c3..19a771b6e 100644
--- a/app/services/user_updater.rb
+++ b/app/services/user_updater.rb
@@ -71,8 +71,7 @@ class UserUpdater
     end
 
     User.transaction do
-      user_profile.save
-      user.save
+      user_profile.save && user.save
     end
   end
 
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 1f7d17923..da6cf6151 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -202,6 +202,8 @@ en:
         name: "Category Name"
       post:
         raw: "Body"
+      user_profile:
+        bio_raw: "About Me"
       user:
         ip_address: ""
     errors:
diff --git a/db/migrate/20140908191429_trim_profile_length.rb b/db/migrate/20140908191429_trim_profile_length.rb
new file mode 100644
index 000000000..4651bcae2
--- /dev/null
+++ b/db/migrate/20140908191429_trim_profile_length.rb
@@ -0,0 +1,6 @@
+class TrimProfileLength < ActiveRecord::Migration
+  def change
+    # In case any profiles exceed 3000 chars
+    execute "UPDATE user_profiles SET bio_raw=LEFT(bio_raw, 3000)"
+  end
+end
diff --git a/spec/fabricators/user_profile_fabricator.rb b/spec/fabricators/user_profile_fabricator.rb
index 14fca5fae..0a59a989b 100644
--- a/spec/fabricators/user_profile_fabricator.rb
+++ b/spec/fabricators/user_profile_fabricator.rb
@@ -1,3 +1,8 @@
 Fabricator(:user_profile) do
   bio_raw "I'm batman!"
 end
+
+Fabricator(:user_profile_long, from: :user_profile) do
+  bio_raw ("trout" * 1000)
+  user
+end
diff --git a/spec/models/user_profile_spec.rb b/spec/models/user_profile_spec.rb
index 025f4f8a6..af0ba6371 100644
--- a/spec/models/user_profile_spec.rb
+++ b/spec/models/user_profile_spec.rb
@@ -32,6 +32,11 @@ describe UserProfile do
       expect(user_profile.valid?).to be_true
     end
 
+    it "doesn't support really long bios" do
+      user_profile = Fabricate.build(:user_profile_long)
+      user_profile.should_not be_valid
+    end
+
     describe 'after save' do
       let(:user) { Fabricate(:user) }