Skip to content

Commit

Permalink
adds file validation for organization logo to avoids crash
Browse files Browse the repository at this point in the history
  • Loading branch information
nflorentin committed Nov 24, 2023
1 parent d85df1d commit 854027c
Show file tree
Hide file tree
Showing 7 changed files with 27 additions and 3 deletions.
1 change: 1 addition & 0 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ gem 'sidekiq', '~> 6.5'
gem 'sidekiq-cron', '~> 1.9.1'
gem 'aws-sdk-s3', '~> 1.94', require: false
gem 'image_processing', '~> 1.12'
gem 'active_storage_validations', '~> 1.1.3'

# Assets
gem 'jquery-rails', '~> 4.4.0'
Expand Down
6 changes: 6 additions & 0 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ GEM
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
active_storage_validations (1.1.3)
activejob (>= 5.2.0)
activemodel (>= 5.2.0)
activestorage (>= 5.2.0)
activesupport (>= 5.2.0)
activeadmin (2.9.0)
arbre (~> 1.2, >= 1.2.1)
formtastic (>= 3.1, < 5.0)
Expand Down Expand Up @@ -447,6 +452,7 @@ PLATFORMS
ruby

DEPENDENCIES
active_storage_validations (~> 1.1.3)
activeadmin (~> 2.9.0)
aws-sdk-s3 (~> 1.94)
bootsnap (~> 1.12.0)
Expand Down
2 changes: 1 addition & 1 deletion app/helpers/application_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def gravatar_url(user, size = 32)
def organization_logo
org = @organization || @current_organization

return unless org && org.logo.attached?
return unless org && org.logo.attached? && org.errors.details[:logo].blank?
return if "#{controller_name}##{action_name}".in? %w(organizations#index pages#show)

content_tag(:div, class: "row organization-logo") do
Expand Down
1 change: 1 addition & 0 deletions app/models/organization.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ class Organization < ApplicationRecord
has_many :petitions, dependent: :delete_all

validates :name, presence: true, uniqueness: true
validates :logo, content_type: /\Aimage\/.*\z/

before_validation :ensure_url
after_create :create_account
Expand Down
2 changes: 1 addition & 1 deletion app/views/organizations/_form.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,6 @@
<%= f.input :address %>
<%= f.input :neighborhood %>
<%= f.input :city %>
<%= f.input :logo %>
<%= f.input :logo, input_html: { accept: "image/*" } %>
<%= f.button :submit %>
<% end %>
4 changes: 3 additions & 1 deletion config/database.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
defaults: &defaults
adapter: postgresql
username: <%= ENV['DATABASE_USER'] || ENV["POSTGRES_USER"] %>
username: postgres
template: 'template0'
encoding: 'UTF8'
host: localhost
port: 5441

development:
<<: *defaults
Expand Down
14 changes: 14 additions & 0 deletions spec/models/organization_spec.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,20 @@
RSpec.describe Organization do
let(:organization) { Fabricate(:organization) }

describe "logo validation" do
it "validates content_type" do
temp_file = Tempfile.new('test.txt')
organization.logo.attach(io: File.open(temp_file.path), filename: 'test.txt')

expect(organization).to be_invalid

temp_file = Tempfile.new('test.png')
organization.logo.attach(io: File.open(temp_file.path), filename: 'test.png')

expect(organization).to be_valid
end
end

describe '#display_id' do
subject { organization.display_id }

Expand Down

0 comments on commit 854027c

Please sign in to comment.