Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix: Added the backend validation for name (#3878)
- Added the backend validation for name
- Add message size constraint
  • Loading branch information
tejaswinichile committed Feb 2, 2022
1 parent e99ea0b commit 8821106
Show file tree
Hide file tree
Showing 10 changed files with 83 additions and 1 deletion.
1 change: 1 addition & 0 deletions app/models/account.rb
Expand Up @@ -33,6 +33,7 @@ class Account < ApplicationRecord

validates :name, presence: true
validates :auto_resolve_duration, numericality: { greater_than_or_equal_to: 1, less_than_or_equal_to: 999, allow_nil: true }
validates :name, length: { maximum: 255 }

has_many :account_users, dependent: :destroy_async
has_many :agent_bot_inboxes, dependent: :destroy_async
Expand Down
1 change: 1 addition & 0 deletions app/models/contact.rb
Expand Up @@ -36,6 +36,7 @@ class Contact < ApplicationRecord
validates :phone_number,
allow_blank: true, uniqueness: { scope: [:account_id] },
format: { with: /\+[1-9]\d{1,14}\z/, message: 'should be in e164 format' }
validates :name, length: { maximum: 255 }

belongs_to :account
has_many :conversations, dependent: :destroy_async
Expand Down
1 change: 1 addition & 0 deletions app/models/message.rb
Expand Up @@ -39,6 +39,7 @@ class Message < ApplicationRecord
validates :conversation_id, presence: true
validates_with ContentAttributeValidator
validates :content_type, presence: true
validates :content, length: { maximum: 150_000 }

# when you have a temperory id in your frontend and want it echoed back via action cable
attr_accessor :echo_id
Expand Down
2 changes: 1 addition & 1 deletion app/models/user.rb
Expand Up @@ -68,7 +68,7 @@ class User < ApplicationRecord
# validates_uniqueness_of :email, scope: :account_id

validates :email, :name, presence: true
validates_length_of :name, minimum: 1
validates_length_of :name, minimum: 1, maximum: 255

has_many :account_users, dependent: :destroy_async
has_many :accounts, through: :account_users
Expand Down
12 changes: 12 additions & 0 deletions spec/controllers/api/v1/accounts/contacts_controller_spec.rb
Expand Up @@ -387,6 +387,18 @@
expect(json_response['payload']['contact']['custom_attributes']).to eq({ 'test' => 'test', 'test1' => 'test1' })
end

it 'does not create the contact' do
valid_params[:contact][:name] = 'test' * 999

post "/api/v1/accounts/#{account.id}/contacts", headers: admin.create_new_auth_token,
params: valid_params

expect(response).to have_http_status(:unprocessable_entity)

json_response = JSON.parse(response.body)
expect(json_response['message']).to eq('Name is too long (maximum is 255 characters)')
end

it 'creates the contact inbox when inbox id is passed' do
expect do
post "/api/v1/accounts/#{account.id}/contacts", headers: admin.create_new_auth_token,
Expand Down
Expand Up @@ -35,6 +35,21 @@
expect(conversation.messages.first.content).to eq(params[:content])
end

it 'does not create the message' do
params = { content: "#{'h' * 150 * 1000}a", private: true }

post api_v1_account_conversation_messages_url(account_id: account.id, conversation_id: conversation.display_id),
params: params,
headers: agent.create_new_auth_token,
as: :json

expect(response).to have_http_status(:unprocessable_entity)

json_response = JSON.parse(response.body)

expect(json_response['error']).to eq('Validation failed: Content is too long (maximum is 150000 characters)')
end

it 'creates an outgoing text message with a specific bot sender' do
agent_bot = create(:agent_bot)
time_stamp = Time.now.utc.to_s
Expand Down
13 changes: 13 additions & 0 deletions spec/controllers/api/v1/accounts_controller_spec.rb
Expand Up @@ -158,6 +158,19 @@
expect(account.reload.support_email).to eq(params[:support_email])
expect(account.reload.auto_resolve_duration).to eq(params[:auto_resolve_duration])
end

it 'Throws error 422' do
params[:name] = 'test' * 999

put "/api/v1/accounts/#{account.id}",
params: params,
headers: admin.create_new_auth_token,
as: :json

expect(response).to have_http_status(:unprocessable_entity)
json_response = JSON.parse(response.body)
expect(json_response['message']).to eq('Name is too long (maximum is 255 characters)')
end
end
end

Expand Down
12 changes: 12 additions & 0 deletions spec/controllers/api/v1/profiles_controller_spec.rb
Expand Up @@ -93,6 +93,18 @@
expect(response).to have_http_status(:unprocessable_entity)
end

it 'validate name' do
user_name = 'test' * 999
put '/api/v1/profile',
params: { profile: { name: user_name } },
headers: agent.create_new_auth_token,
as: :json

expect(response).to have_http_status(:unprocessable_entity)
json_response = JSON.parse(response.body)
expect(json_response['message']).to eq('Name is too long (maximum is 255 characters)')
end

it 'updates avatar' do
# no avatar before upload
expect(agent.avatar.attached?).to eq(false)
Expand Down
15 changes: 15 additions & 0 deletions spec/controllers/api/v1/widget/messages_controller_spec.rb
Expand Up @@ -45,6 +45,21 @@
expect(json_response['content']).to eq(message_params[:content])
end

it 'does not create the message' do
conversation.destroy # Test all params
message_params = { content: "#{'h' * 150 * 1000}a", timestamp: Time.current }
post api_v1_widget_messages_url,
params: { website_token: web_widget.website_token, message: message_params },
headers: { 'X-Auth-Token' => token },
as: :json

expect(response).to have_http_status(:unprocessable_entity)

json_response = JSON.parse(response.body)

expect(json_response['message']).to eq('Content is too long (maximum is 150000 characters)')
end

it 'creates attachment message in conversation' do
file = fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png')
message_params = { content: 'hello world', timestamp: Time.current, attachments: [file] }
Expand Down
12 changes: 12 additions & 0 deletions spec/controllers/public/api/v1/inbox/messages_controller_spec.rb
Expand Up @@ -28,6 +28,18 @@
expect(data['content']).to eq('hello')
end

it 'does not create the message' do
content = "#{'h' * 150 * 1000}a"
post "/public/api/v1/inboxes/#{api_channel.identifier}/contacts/#{contact_inbox.source_id}/conversations/#{conversation.display_id}/messages",
params: { content: content }

expect(response).to have_http_status(:unprocessable_entity)

json_response = JSON.parse(response.body)

expect(json_response['message']).to eq('Content is too long (maximum is 150000 characters)')
end

it 'creates attachment message in conversation' do
file = fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png')
post "/public/api/v1/inboxes/#{api_channel.identifier}/contacts/#{contact_inbox.source_id}/conversations/#{conversation.display_id}/messages",
Expand Down

0 comments on commit 8821106

Please sign in to comment.