mirror of
https://github.com/mastodon/mastodon.git
synced 2025-01-04 01:15:12 +01:00
Add url validation to Web::PushSubscription endpoints (#30540)
This commit is contained in:
parent
048f9b9d45
commit
eef2cc054f
@ -21,7 +21,7 @@ class Web::PushSubscription < ApplicationRecord
|
|||||||
|
|
||||||
has_one :session_activation, foreign_key: 'web_push_subscription_id', inverse_of: :web_push_subscription, dependent: nil
|
has_one :session_activation, foreign_key: 'web_push_subscription_id', inverse_of: :web_push_subscription, dependent: nil
|
||||||
|
|
||||||
validates :endpoint, presence: true
|
validates :endpoint, presence: true, url: true
|
||||||
validates :key_p256dh, presence: true
|
validates :key_p256dh, presence: true
|
||||||
validates :key_auth, presence: true
|
validates :key_auth, presence: true
|
||||||
|
|
||||||
|
@ -4,10 +4,11 @@ require 'rails_helper'
|
|||||||
|
|
||||||
describe 'API V1 Push Subscriptions' do
|
describe 'API V1 Push Subscriptions' do
|
||||||
let(:user) { Fabricate(:user) }
|
let(:user) { Fabricate(:user) }
|
||||||
|
let(:endpoint) { 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX' }
|
||||||
let(:create_payload) do
|
let(:create_payload) do
|
||||||
{
|
{
|
||||||
subscription: {
|
subscription: {
|
||||||
endpoint: 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX',
|
endpoint: endpoint,
|
||||||
keys: {
|
keys: {
|
||||||
p256dh: 'BEm_a0bdPDhf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=',
|
p256dh: 'BEm_a0bdPDhf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=',
|
||||||
auth: 'eH_C8rq2raXqlcBVDa1gLg==',
|
auth: 'eH_C8rq2raXqlcBVDa1gLg==',
|
||||||
@ -63,6 +64,18 @@ describe 'API V1 Push Subscriptions' do
|
|||||||
expect(endpoint_push_subscriptions.count)
|
expect(endpoint_push_subscriptions.count)
|
||||||
.to eq(1)
|
.to eq(1)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with invalid endpoint URL' do
|
||||||
|
let(:endpoint) { 'app://example.foo' }
|
||||||
|
|
||||||
|
it 'returns a validation error' do
|
||||||
|
subject
|
||||||
|
|
||||||
|
expect(response).to have_http_status(422)
|
||||||
|
expect(endpoint_push_subscriptions.count).to eq(0)
|
||||||
|
expect(endpoint_push_subscription).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'PUT /api/v1/push/subscription' do
|
describe 'PUT /api/v1/push/subscription' do
|
||||||
|
Loading…
Reference in New Issue
Block a user