FIX: Don't allow profile bios longer than 3k chars

This commit is contained in:
Robin Ward 2014-09-08 15:17:31 -04:00
parent f2cca140b4
commit 56eda5abf9
9 changed files with 36 additions and 7 deletions

View file

@ -92,10 +92,14 @@ export default ObjectController.extend({
}
self.set('bio_cooked', Discourse.Markdown.cook(Discourse.Markdown.sanitize(self.get('bio_raw'))));
self.set('saved', true);
}, function() {
}, function(error) {
// model failed to save
self.set('saving', false);
if (error && error.responseText) {
alert($.parseJSON(error.responseText).errors[0]);
} else {
alert(I18n.t('generic_error'));
}
});
},

View file

@ -292,7 +292,6 @@ class ApplicationController < ActionController::Base
def json_result(obj, opts={})
if yield(obj)
json = success_json
# If we were given a serializer, add the class to the json that comes back
@ -302,7 +301,15 @@ class ApplicationController < ActionController::Base
render json: MultiJson.dump(json)
else
render_json_error(obj)
error_obj = nil
if opts[:additional_errors]
error_target = opts[:additional_errors].find do |o|
target = obj.send(o)
target && target.errors.present?
end
error_obj = obj.send(error_target) if error_target
end
render_json_error(error_obj || obj)
end
end

View file

@ -44,7 +44,7 @@ class UsersController < ApplicationController
def update
user = fetch_user_from_params
guardian.ensure_can_edit!(user)
json_result(user, serializer: UserSerializer) do |u|
json_result(user, serializer: UserSerializer, additional_errors: [:user_profile]) do |u|
updater = UserUpdater.new(current_user, user)
updater.update(params)
end

View file

@ -1,6 +1,7 @@
class UserProfile < ActiveRecord::Base
belongs_to :user, inverse_of: :user_profile
validates :bio_raw, length: { maximum: 3000 }
validates :user, presence: true
before_save :cook
after_save :trigger_badges

View file

@ -71,8 +71,7 @@ class UserUpdater
end
User.transaction do
user_profile.save
user.save
user_profile.save && user.save
end
end

View file

@ -202,6 +202,8 @@ en:
name: "Category Name"
post:
raw: "Body"
user_profile:
bio_raw: "About Me"
user:
ip_address: ""
errors:

View file

@ -0,0 +1,6 @@
class TrimProfileLength < ActiveRecord::Migration
def change
# In case any profiles exceed 3000 chars
execute "UPDATE user_profiles SET bio_raw=LEFT(bio_raw, 3000)"
end
end

View file

@ -1,3 +1,8 @@
Fabricator(:user_profile) do
bio_raw "I'm batman!"
end
Fabricator(:user_profile_long, from: :user_profile) do
bio_raw ("trout" * 1000)
user
end

View file

@ -32,6 +32,11 @@ describe UserProfile do
expect(user_profile.valid?).to be_true
end
it "doesn't support really long bios" do
user_profile = Fabricate.build(:user_profile_long)
user_profile.should_not be_valid
end
describe 'after save' do
let(:user) { Fabricate(:user) }