diff --git a/app/models/account.rb b/app/models/account.rb index 140cef072ef6..10e022aa418a 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -33,6 +33,7 @@ class Account < ApplicationRecord validates :name, presence: true validates :auto_resolve_duration, numericality: { greater_than_or_equal_to: 1, less_than_or_equal_to: 999, allow_nil: true } + validates :name, length: { maximum: 255 } has_many :account_users, dependent: :destroy_async has_many :agent_bot_inboxes, dependent: :destroy_async diff --git a/app/models/contact.rb b/app/models/contact.rb index ebddb68282c1..106930db446b 100644 --- a/app/models/contact.rb +++ b/app/models/contact.rb @@ -36,6 +36,7 @@ class Contact < ApplicationRecord validates :phone_number, allow_blank: true, uniqueness: { scope: [:account_id] }, format: { with: /\+[1-9]\d{1,14}\z/, message: 'should be in e164 format' } + validates :name, length: { maximum: 255 } belongs_to :account has_many :conversations, dependent: :destroy_async diff --git a/app/models/message.rb b/app/models/message.rb index e8f3c3727a13..7f2655b350b2 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -39,6 +39,7 @@ class Message < ApplicationRecord validates :conversation_id, presence: true validates_with ContentAttributeValidator validates :content_type, presence: true + validates :content, length: { maximum: 150_000 } # when you have a temperory id in your frontend and want it echoed back via action cable attr_accessor :echo_id diff --git a/app/models/user.rb b/app/models/user.rb index 4a1fa249ea16..d28c40d6a298 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -68,7 +68,7 @@ class User < ApplicationRecord # validates_uniqueness_of :email, scope: :account_id validates :email, :name, presence: true - validates_length_of :name, minimum: 1 + validates_length_of :name, minimum: 1, maximum: 255 has_many :account_users, dependent: :destroy_async has_many :accounts, through: :account_users diff --git a/spec/controllers/api/v1/accounts/contacts_controller_spec.rb b/spec/controllers/api/v1/accounts/contacts_controller_spec.rb index 6975fa0159fc..44e47dab7abe 100644 --- a/spec/controllers/api/v1/accounts/contacts_controller_spec.rb +++ b/spec/controllers/api/v1/accounts/contacts_controller_spec.rb @@ -387,6 +387,18 @@ expect(json_response['payload']['contact']['custom_attributes']).to eq({ 'test' => 'test', 'test1' => 'test1' }) end + it 'does not create the contact' do + valid_params[:contact][:name] = 'test' * 999 + + post "/api/v1/accounts/#{account.id}/contacts", headers: admin.create_new_auth_token, + params: valid_params + + expect(response).to have_http_status(:unprocessable_entity) + + json_response = JSON.parse(response.body) + expect(json_response['message']).to eq('Name is too long (maximum is 255 characters)') + end + it 'creates the contact inbox when inbox id is passed' do expect do post "/api/v1/accounts/#{account.id}/contacts", headers: admin.create_new_auth_token, diff --git a/spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb b/spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb index 605e75b56227..637b36192fd2 100644 --- a/spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb +++ b/spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb @@ -35,6 +35,21 @@ expect(conversation.messages.first.content).to eq(params[:content]) end + it 'does not create the message' do + params = { content: "#{'h' * 150 * 1000}a", private: true } + + post api_v1_account_conversation_messages_url(account_id: account.id, conversation_id: conversation.display_id), + params: params, + headers: agent.create_new_auth_token, + as: :json + + expect(response).to have_http_status(:unprocessable_entity) + + json_response = JSON.parse(response.body) + + expect(json_response['error']).to eq('Validation failed: Content is too long (maximum is 150000 characters)') + end + it 'creates an outgoing text message with a specific bot sender' do agent_bot = create(:agent_bot) time_stamp = Time.now.utc.to_s diff --git a/spec/controllers/api/v1/accounts_controller_spec.rb b/spec/controllers/api/v1/accounts_controller_spec.rb index 76d32eeaaa5c..e86834d88b1a 100644 --- a/spec/controllers/api/v1/accounts_controller_spec.rb +++ b/spec/controllers/api/v1/accounts_controller_spec.rb @@ -158,6 +158,19 @@ expect(account.reload.support_email).to eq(params[:support_email]) expect(account.reload.auto_resolve_duration).to eq(params[:auto_resolve_duration]) end + + it 'Throws error 422' do + params[:name] = 'test' * 999 + + put "/api/v1/accounts/#{account.id}", + params: params, + headers: admin.create_new_auth_token, + as: :json + + expect(response).to have_http_status(:unprocessable_entity) + json_response = JSON.parse(response.body) + expect(json_response['message']).to eq('Name is too long (maximum is 255 characters)') + end end end diff --git a/spec/controllers/api/v1/profiles_controller_spec.rb b/spec/controllers/api/v1/profiles_controller_spec.rb index 27763aa12e5f..77cd77bfe7e6 100644 --- a/spec/controllers/api/v1/profiles_controller_spec.rb +++ b/spec/controllers/api/v1/profiles_controller_spec.rb @@ -93,6 +93,18 @@ expect(response).to have_http_status(:unprocessable_entity) end + it 'validate name' do + user_name = 'test' * 999 + put '/api/v1/profile', + params: { profile: { name: user_name } }, + headers: agent.create_new_auth_token, + as: :json + + expect(response).to have_http_status(:unprocessable_entity) + json_response = JSON.parse(response.body) + expect(json_response['message']).to eq('Name is too long (maximum is 255 characters)') + end + it 'updates avatar' do # no avatar before upload expect(agent.avatar.attached?).to eq(false) diff --git a/spec/controllers/api/v1/widget/messages_controller_spec.rb b/spec/controllers/api/v1/widget/messages_controller_spec.rb index a8120d93e79a..eac1c2993891 100644 --- a/spec/controllers/api/v1/widget/messages_controller_spec.rb +++ b/spec/controllers/api/v1/widget/messages_controller_spec.rb @@ -45,6 +45,21 @@ expect(json_response['content']).to eq(message_params[:content]) end + it 'does not create the message' do + conversation.destroy # Test all params + message_params = { content: "#{'h' * 150 * 1000}a", timestamp: Time.current } + post api_v1_widget_messages_url, + params: { website_token: web_widget.website_token, message: message_params }, + headers: { 'X-Auth-Token' => token }, + as: :json + + expect(response).to have_http_status(:unprocessable_entity) + + json_response = JSON.parse(response.body) + + expect(json_response['message']).to eq('Content is too long (maximum is 150000 characters)') + end + it 'creates attachment message in conversation' do file = fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png') message_params = { content: 'hello world', timestamp: Time.current, attachments: [file] } diff --git a/spec/controllers/public/api/v1/inbox/messages_controller_spec.rb b/spec/controllers/public/api/v1/inbox/messages_controller_spec.rb index 530efc4befa2..54c1cc2cd3df 100644 --- a/spec/controllers/public/api/v1/inbox/messages_controller_spec.rb +++ b/spec/controllers/public/api/v1/inbox/messages_controller_spec.rb @@ -28,6 +28,18 @@ expect(data['content']).to eq('hello') end + it 'does not create the message' do + content = "#{'h' * 150 * 1000}a" + post "/public/api/v1/inboxes/#{api_channel.identifier}/contacts/#{contact_inbox.source_id}/conversations/#{conversation.display_id}/messages", + params: { content: content } + + expect(response).to have_http_status(:unprocessable_entity) + + json_response = JSON.parse(response.body) + + expect(json_response['message']).to eq('Content is too long (maximum is 150000 characters)') + end + it 'creates attachment message in conversation' do file = fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png') post "/public/api/v1/inboxes/#{api_channel.identifier}/contacts/#{contact_inbox.source_id}/conversations/#{conversation.display_id}/messages",