fix: add backend url validation (#4009)

* fix: add backend url validation * test: update links to be valid * fix: add url validation for building selection criteria * test: update buildingSelectionCriteria to be valid url
bloom-housing · Apr 22, 2024 · d926e8f · d926e8f
1 parent e7cf68d
commit d926e8f
Show file tree

Hide file tree

Showing 9 changed files with 84 additions and 24 deletions.
diff --git a/api/src/decorators/hasHttps.decorator.ts b/api/src/decorators/hasHttps.decorator.ts
@@ -0,0 +1,31 @@
+import {
+  registerDecorator,
+  ValidationArguments,
+  ValidationOptions,
+  ValidatorConstraint,
+  ValidatorConstraintInterface,
+} from 'class-validator';
+
+export function hasHttps(validationOptions?: ValidationOptions) {
+  return function (object: unknown, propertyName: string) {
+    registerDecorator({
+      target: object.constructor,
+      propertyName,
+      options: validationOptions,
+      constraints: [],
+      validator: hasHttpsConstraint,
+    });
+  };
+}
+
+@ValidatorConstraint({ name: 'hasHttps' })
+export class hasHttpsConstraint implements ValidatorConstraintInterface {
+  validate(url: string) {
+    const httpsRegex = /^https?:\/\//i;
+    return httpsRegex.test(url);
+  }
+
+  defaultMessage(args: ValidationArguments) {
+    return `${args.property} must have https://`;
+  }
+}
diff --git a/api/src/dtos/application-methods/application-method.dto.ts b/api/src/dtos/application-methods/application-method.dto.ts
@@ -6,12 +6,15 @@ import {
   IsString,
   MaxLength,
   ValidateNested,
+  ValidateIf,
+  IsUrl,
 } from 'class-validator';
 import { ValidationsGroupsEnum } from '../../enums/shared/validation-groups-enum';
 import { AbstractDTO } from '../shared/abstract.dto';
 import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
 import { ApplicationMethodsTypeEnum } from '@prisma/client';
 import { PaperApplication } from '../paper-applications/paper-application.dto';
+import { hasHttps } from '../../decorators/hasHttps.decorator';
 
 export class ApplicationMethod extends AbstractDTO {
   @Expose()
@@ -36,6 +39,14 @@ export class ApplicationMethod extends AbstractDTO {
   @IsString({ groups: [ValidationsGroupsEnum.default] })
   @MaxLength(4096, { groups: [ValidationsGroupsEnum.default] })
   @ApiPropertyOptional()
+  @ValidateIf((o) => o.type === ApplicationMethodsTypeEnum.ExternalLink, {
+    groups: [ValidationsGroupsEnum.default],
+  })
+  @hasHttps({ groups: [ValidationsGroupsEnum.default] })
+  @IsUrl(
+    { require_protocol: true },
+    { groups: [ValidationsGroupsEnum.default] },
+  )
   externalReference?: string;
 
   @Expose()

diff --git a/api/src/dtos/listings/listing-event.dto.ts b/api/src/dtos/listings/listing-event.dto.ts
@@ -5,6 +5,8 @@ import {
   IsDefined,
   IsString,
   ValidateNested,
+  ValidateIf,
+  IsUrl,
 } from 'class-validator';
 import { ValidationsGroupsEnum } from '../../enums/shared/validation-groups-enum';
 import { ListingEventsTypeEnum } from '@prisma/client';
@@ -43,6 +45,13 @@ export class ListingEvent extends AbstractDTO {
   @Expose()
   @IsString({ groups: [ValidationsGroupsEnum.default] })
   @ApiPropertyOptional()
+  @ValidateIf((o) => o.url && o.url.length > 0, {
+    groups: [ValidationsGroupsEnum.default],
+  })
+  @IsUrl(
+    { require_protocol: true },
+    { groups: [ValidationsGroupsEnum.default] },
+  )
   url?: string;
 
   @Expose()

diff --git a/api/src/dtos/listings/listing.dto.ts b/api/src/dtos/listings/listing.dto.ts
@@ -7,6 +7,7 @@ import {
   IsEnum,
   IsNumber,
   IsString,
+  IsUrl,
   MaxLength,
   ValidateNested,
 } from 'class-validator';
@@ -192,6 +193,10 @@ class Listing extends AbstractDTO {
   @Expose()
   @IsString({ groups: [ValidationsGroupsEnum.default] })
   @ApiPropertyOptional()
+  @IsUrl(
+    { require_protocol: true },
+    { groups: [ValidationsGroupsEnum.default] },
+  )
   buildingSelectionCriteria?: string;
 
   @Expose()

diff --git a/api/src/dtos/multiselect-questions/multiselect-link.dto.ts b/api/src/dtos/multiselect-questions/multiselect-link.dto.ts
@@ -1,5 +1,5 @@
 import { Expose } from 'class-transformer';
-import { IsString, IsDefined } from 'class-validator';
+import { IsString, IsDefined, IsUrl } from 'class-validator';
 import { ValidationsGroupsEnum } from '../../enums/shared/validation-groups-enum';
 import { ApiProperty } from '@nestjs/swagger';
 
@@ -14,5 +14,9 @@ export class MultiselectLink {
   @IsString({ groups: [ValidationsGroupsEnum.default] })
   @IsDefined({ groups: [ValidationsGroupsEnum.default] })
   @ApiProperty()
+  @IsUrl(
+    { require_protocol: true },
+    { groups: [ValidationsGroupsEnum.default] },
+  )
   url: string;
 }
diff --git a/api/test/integration/listing.e2e-spec.ts b/api/test/integration/listing.e2e-spec.ts
@@ -282,7 +282,7 @@ describe('Listing Controller Tests', () => {
       applicationDropOffAddressOfficeHours: 'drop off office hours string',
       applicationDropOffAddressType: ApplicationAddressTypeEnum.leasingAgent,
       applicationMailingAddressType: ApplicationAddressTypeEnum.leasingAgent,
-      buildingSelectionCriteria: 'selection criteria',
+      buildingSelectionCriteria: 'https://selection-criteria.com',
       costsNotIncluded: 'all costs included',
       creditHistory: 'credit history',
       criminalBackground: 'criminal background',

diff --git a/api/test/integration/multiselect-question.e2e-spec.ts b/api/test/integration/multiselect-question.e2e-spec.ts
@@ -146,11 +146,11 @@ describe('MultiselectQuestion Controller Tests', () => {
         links: [
           {
             title: 'title 1',
-            url: 'title 1',
+            url: 'https://title-1.com',
           },
           {
             title: 'title 2',
-            url: 'title 2',
+            url: 'https://title-2.com',
           },
         ],
         jurisdictions: [{ id: jurisdictionId }],
@@ -162,7 +162,7 @@ describe('MultiselectQuestion Controller Tests', () => {
             links: [
               {
                 title: 'title 3',
-                url: 'title 3',
+                url: 'https://title-3.com',
               },
             ],
             collectAddress: true,
@@ -175,7 +175,7 @@ describe('MultiselectQuestion Controller Tests', () => {
             links: [
               {
                 title: 'title 4',
-                url: 'title 4',
+                url: 'https://title-4.com',
               },
             ],
             collectAddress: true,
@@ -204,11 +204,11 @@ describe('MultiselectQuestion Controller Tests', () => {
         links: [
           {
             title: 'title 1',
-            url: 'title 1',
+            url: 'https://title-1.com',
           },
           {
             title: 'title 2',
-            url: 'title 2',
+            url: 'https://title-2.com',
           },
         ],
         jurisdictions: [{ id: jurisdictionId }],
@@ -220,7 +220,7 @@ describe('MultiselectQuestion Controller Tests', () => {
             links: [
               {
                 title: 'title 3',
-                url: 'title 3',
+                url: 'https://title-3.com',
               },
             ],
             collectAddress: true,
@@ -233,7 +233,7 @@ describe('MultiselectQuestion Controller Tests', () => {
             links: [
               {
                 title: 'title 4',
-                url: 'title 4',
+                url: 'https://title-4.com',
               },
             ],
             collectAddress: true,
@@ -266,11 +266,11 @@ describe('MultiselectQuestion Controller Tests', () => {
         links: [
           {
             title: 'title 1',
-            url: 'title 1',
+            url: 'https://title-1.com',
           },
           {
             title: 'title 2',
-            url: 'title 2',
+            url: 'https://title-2.com',
           },
         ],
         jurisdictions: [{ id: jurisdictionId }],
@@ -282,7 +282,7 @@ describe('MultiselectQuestion Controller Tests', () => {
             links: [
               {
                 title: 'title 3',
-                url: 'title 3',
+                url: 'https://title-3.com',
               },
             ],
             collectAddress: true,
@@ -295,7 +295,7 @@ describe('MultiselectQuestion Controller Tests', () => {
             links: [
               {
                 title: 'title 4',
-                url: 'title 4',
+                url: 'https://title-4.com',
               },
             ],
             collectAddress: true,

diff --git a/api/test/integration/permission-tests/helpers.ts b/api/test/integration/permission-tests/helpers.ts
@@ -165,11 +165,11 @@ export const buildMultiselectQuestionCreateMock = (
     links: [
       {
         title: 'title 1',
-        url: 'title 1',
+        url: 'https://title-1.com',
       },
       {
         title: 'title 2',
-        url: 'title 2',
+        url: 'https://title-2.com',
       },
     ],
     jurisdictions: [{ id: jurisId }],
@@ -181,7 +181,7 @@ export const buildMultiselectQuestionCreateMock = (
         links: [
           {
             title: 'title 3',
-            url: 'title 3',
+            url: 'https://title-3.com',
           },
         ],
         collectAddress: true,
@@ -194,7 +194,7 @@ export const buildMultiselectQuestionCreateMock = (
         links: [
           {
             title: 'title 4',
-            url: 'title 4',
+            url: 'https://title-4.com',
           },
         ],
         collectAddress: true,
@@ -219,11 +219,11 @@ export const buildMultiselectQuestionUpdateMock = (
     links: [
       {
         title: 'title 1',
-        url: 'title 1',
+        url: 'https://title-1.com',
       },
       {
         title: 'title 2',
-        url: 'title 2',
+        url: 'https://title-2.com',
       },
     ],
     jurisdictions: [{ id: jurisId }],
@@ -235,7 +235,7 @@ export const buildMultiselectQuestionUpdateMock = (
         links: [
           {
             title: 'title 3',
-            url: 'title 3',
+            url: 'https://title-3.com',
           },
         ],
         collectAddress: true,
@@ -248,7 +248,7 @@ export const buildMultiselectQuestionUpdateMock = (
         links: [
           {
             title: 'title 4',
-            url: 'title 4',
+            url: 'https://title-4.com',
           },
         ],
         collectAddress: true,
@@ -662,7 +662,7 @@ export const constructFullListingData = async (
     applicationDropOffAddressOfficeHours: 'drop off office hours string',
     applicationDropOffAddressType: ApplicationAddressTypeEnum.leasingAgent,
     applicationMailingAddressType: ApplicationAddressTypeEnum.leasingAgent,
-    buildingSelectionCriteria: 'selection criteria',
+    buildingSelectionCriteria: 'https://selection-criteria.com',
     costsNotIncluded: 'all costs included',
     creditHistory: 'credit history',
     criminalBackground: 'criminal background',

diff --git a/api/test/unit/services/listing.service.spec.ts b/api/test/unit/services/listing.service.spec.ts
@@ -365,7 +365,7 @@ describe('Testing listing service', () => {
       applicationDropOffAddressOfficeHours: 'drop off office hours string',
       applicationDropOffAddressType: ApplicationAddressTypeEnum.leasingAgent,
       applicationMailingAddressType: ApplicationAddressTypeEnum.leasingAgent,
-      buildingSelectionCriteria: 'selection criteria',
+      buildingSelectionCriteria: 'https://selection-criteria.com',
       costsNotIncluded: 'all costs included',
       creditHistory: 'credit history',
       criminalBackground: 'criminal background',