NoLog.cz/gancio-upstream
6
0
Fork 0
mirror of https://framagit.org/les/gancio.git synced 2025-01-31 16:42:22 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix: validate tag, fix #464

Browse source
This commit is contained in:
lesion 2024-09-18 12:29:59 +02:00
parent 82578b94c3
commit c693007fc4
No known key found for this signature in database
GPG key ID: 352918250B012177
3 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server/api/controller/event.js
View file

@ -545,6 +545,9 @@ const eventController = {
// create/assign tags
let tags = []
if (body.tags) {
if (!Array.isArray(body.tags)) {
return res.status(400).send('tags field must be an array')
}
tags = await tagController._findOrCreate(body.tags)
await event.setTags(tags)
}
@ -691,6 +694,9 @@ const eventController = {
// create/assign tags
let tags = []
if (body.tags) {
if (!Array.isArray(body.tags)) {
return res.status(400).send('tags field must be an array')
}
tags = await tagController._findOrCreate(body.tags)
}
await event.setTags(tags)

2
server/api/controller/tag.js
View file

@ -11,7 +11,7 @@ module.exports = {
async _findOrCreate (tags) {
// trim tags
const trimmedTags = tags.map(t => t.trim())
const trimmedTags = tags?.map(t => t.trim())
// search for already existing tags (case insensitive, note that LOWER sql function is not the same as toLocaleLowerCase due to #329)
const existingTags = await sequelize.query(`SELECT * FROM ${escapeCol('tags')} where LOWER(${escapeCol('tag')}) in (${tags.map(t => 'LOWER(?)').join(',')})`,

12
tests/app.test.js
View file

@ -401,6 +401,16 @@ describe('Tags', () => {
expect(event.body.tags).toStrictEqual(['ciao'])
})
test('should not allow non-array tags field', async () => {
const response = await request(app).post('/api/event')
.send({ title: 'test non-array tags', place_id: places[1], start_datetime: dayjs().unix() + 1000, tags: 'Tag1' })
.auth(token.access_token, { type: 'bearer' })
.expect(400)
expect(response.text).toBe('tags field must be an array')
})
test('should create event trimming tags / ignore sensitiviness', async () => {
const ret = await request(app).post('/api/event')
.send({ title: 'test trimming tags', place_id: places[1], start_datetime: dayjs().unix() + 1000, tags: ['Tag1', 'taG2 '] })
@ -477,7 +487,7 @@ describe('Place', () => {
.expect(200)
expect(response.body.place.name).toBe('place name 2')
expect(response.body.events.length).toBe(3)
expect(response.body.events.length).toBe(4)
expect(response.body.events[0].place.name).toBe('place name 2')
})