mirrors/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-11-20 03:25:17 +01:00
Code Issues Projects Releases Wiki Activity

Add url validation to Web::PushSubscription endpoints (#30540)

Browse Source
This commit is contained in:
Emelia Smith 2024-06-05 10:06:06 +02:00 committed by GitHub
parent 048f9b9d45
commit eef2cc054f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/web/push_subscription.rb
View File

@ -21,7 +21,7 @@ class Web::PushSubscription < ApplicationRecord
has_one :session_activation, foreign_key: 'web_push_subscription_id', inverse_of: :web_push_subscription, dependent: nil has_one :session_activation, foreign_key: 'web_push_subscription_id', inverse_of: :web_push_subscription, dependent: nil
validates :endpoint, presence: true validates :endpoint, presence: true, url: true
validates :key_p256dh, presence: true validates :key_p256dh, presence: true
validates :key_auth, presence: true validates :key_auth, presence: true

15
spec/requests/api/v1/push/subscriptions_spec.rb
View File

@ -4,10 +4,11 @@ require 'rails_helper'
describe 'API V1 Push Subscriptions' do describe 'API V1 Push Subscriptions' do
let(:user) { Fabricate(:user) } let(:user) { Fabricate(:user) }
let(:endpoint) { 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX' }
let(:create_payload) do let(:create_payload) do
{ {
subscription: { subscription: {
endpoint: 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX', endpoint: endpoint,
keys: { keys: {
p256dh: 'BEm_a0bdPDhf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=', p256dh: 'BEm_a0bdPDhf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=',
auth: 'eH_C8rq2raXqlcBVDa1gLg==', auth: 'eH_C8rq2raXqlcBVDa1gLg==',
@ -63,6 +64,18 @@ describe 'API V1 Push Subscriptions' do
expect(endpoint_push_subscriptions.count) expect(endpoint_push_subscriptions.count)
.to eq(1) .to eq(1)
end end
context 'with invalid endpoint URL' do
let(:endpoint) { 'app://example.foo' }
it 'returns a validation error' do
subject
expect(response).to have_http_status(422)
expect(endpoint_push_subscriptions.count).to eq(0)
expect(endpoint_push_subscription).to be_nil
end
end
end end
describe 'PUT /api/v1/push/subscription' do describe 'PUT /api/v1/push/subscription' do