Uploading an avatar media exceeding max size returns a 413

Until now it was returning a 500 because the upload plug were going
through the changeset and ending in the JSON encoder, which raised
because struct has to @derive the encoder.
This commit is contained in:
duponin 2022-12-11 22:54:47 +01:00 committed by Francis Dinh
parent 77e9a52450
commit c9304962c3
Signed by untrusted user: norm
GPG key ID: 7123E30E441E80DE
4 changed files with 42 additions and 3 deletions

View file

@ -599,7 +599,13 @@ defp put_change_if_present(changeset, map_field, value_function) do
{:ok, new_value} <- value_function.(value) do {:ok, new_value} <- value_function.(value) do
put_change(changeset, map_field, new_value) put_change(changeset, map_field, new_value)
else else
_ -> changeset {:error, :file_too_large} ->
Ecto.Changeset.validate_change(changeset, map_field, fn map_field, _value ->
[{map_field, "file is too large"}]
end)
_ ->
changeset
end end
end end

View file

@ -64,7 +64,8 @@ def update_credentials_operation do
requestBody: request_body("Parameters", update_credentials_request(), required: true), requestBody: request_body("Parameters", update_credentials_request(), required: true),
responses: %{ responses: %{
200 => Operation.response("Account", "application/json", Account), 200 => Operation.response("Account", "application/json", Account),
403 => Operation.response("Error", "application/json", ApiError) 403 => Operation.response("Error", "application/json", ApiError),
413 => Operation.response("Error", "application/json", ApiError)
} }
} }
end end

View file

@ -251,7 +251,11 @@ def update_credentials(%{assigns: %{user: user}, body_params: params} = conn, _p
with_pleroma_settings: true with_pleroma_settings: true
) )
else else
_e -> render_error(conn, :forbidden, "Invalid request") {:error, %Ecto.Changeset{errors: [avatar: {"file is too large", _}]}} ->
render_error(conn, :request_entity_too_large, "File is too large")
_e ->
render_error(conn, :forbidden, "Invalid request")
end end
end end

View file

@ -272,6 +272,34 @@ test "updates the user's avatar", %{user: user, conn: conn} do
assert user.avatar == nil assert user.avatar == nil
end end
test "updates the user's avatar, upload_limit, returns a HTTP 413", %{conn: conn, user: user} do
upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
assert :ok ==
File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
new_avatar_oversized = %Plug.Upload{
content_type: nil,
path: Path.absname("test/tmp/large_binary.data"),
filename: "large_binary.data"
}
assert user.avatar == %{}
res =
patch(conn, "/api/v1/accounts/update_credentials", %{"avatar" => new_avatar_oversized})
assert user_response = json_response_and_validate_schema(res, 413)
assert user_response["avatar"] != User.avatar_url(user)
user = User.get_by_id(user.id)
assert user.avatar == %{}
clear_config([:instance, :upload_limit], upload_limit)
assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
end
test "updates the user's banner", %{user: user, conn: conn} do test "updates the user's banner", %{user: user, conn: conn} do
new_header = %Plug.Upload{ new_header = %Plug.Upload{
content_type: "image/jpeg", content_type: "image/jpeg",