mirror of
https://git.kescher.at/CatCatNya/catstodon.git
synced 2024-11-29 08:29:03 +01:00
Add url validation to Web::PushSubscription endpoints (#30540)
This commit is contained in:
parent
048f9b9d45
commit
eef2cc054f
2 changed files with 15 additions and 2 deletions
|
@ -21,7 +21,7 @@ class Web::PushSubscription < ApplicationRecord
|
|||
|
||||
has_one :session_activation, foreign_key: 'web_push_subscription_id', inverse_of: :web_push_subscription, dependent: nil
|
||||
|
||||
validates :endpoint, presence: true
|
||||
validates :endpoint, presence: true, url: true
|
||||
validates :key_p256dh, presence: true
|
||||
validates :key_auth, presence: true
|
||||
|
||||
|
|
|
@ -4,10 +4,11 @@ require 'rails_helper'
|
|||
|
||||
describe 'API V1 Push Subscriptions' do
|
||||
let(:user) { Fabricate(:user) }
|
||||
let(:endpoint) { 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX' }
|
||||
let(:create_payload) do
|
||||
{
|
||||
subscription: {
|
||||
endpoint: 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX',
|
||||
endpoint: endpoint,
|
||||
keys: {
|
||||
p256dh: 'BEm_a0bdPDhf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=',
|
||||
auth: 'eH_C8rq2raXqlcBVDa1gLg==',
|
||||
|
@ -63,6 +64,18 @@ describe 'API V1 Push Subscriptions' do
|
|||
expect(endpoint_push_subscriptions.count)
|
||||
.to eq(1)
|
||||
end
|
||||
|
||||
context 'with invalid endpoint URL' do
|
||||
let(:endpoint) { 'app://example.foo' }
|
||||
|
||||
it 'returns a validation error' do
|
||||
subject
|
||||
|
||||
expect(response).to have_http_status(422)
|
||||
expect(endpoint_push_subscriptions.count).to eq(0)
|
||||
expect(endpoint_push_subscription).to be_nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'PUT /api/v1/push/subscription' do
|
||||
|
|
Loading…
Reference in a new issue