knova/akkoma
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity

Return 413 when an actor's banner or background exceeds the size limit

Browse source
This commit is contained in:
duponin 2022-12-11 23:15:08 +01:00 committed by Francis Dinh
parent c9304962c3
commit 3e9c0b380a
Signed by untrusted user: norm
GPG key ID: 7123E30E441E80DE
2 changed files with 60 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/pleroma/web/mastodon_api/controllers/account_controller.ex
View file

@ -254,6 +254,12 @@ def update_credentials(%{assigns: %{user: user}, body_params: params} = conn, _p
{:error, %Ecto.Changeset{errors: [avatar: {"file is too large", _}]}} -> {:error, %Ecto.Changeset{errors: [avatar: {"file is too large", _}]}} ->
render_error(conn, :request_entity_too_large, "File is too large") render_error(conn, :request_entity_too_large, "File is too large")
{:error, %Ecto.Changeset{errors: [banner: {"file is too large", _}]}} ->
render_error(conn, :request_entity_too_large, "File is too large")
{:error, %Ecto.Changeset{errors: [background: {"file is too large", _}]}} ->
render_error(conn, :request_entity_too_large, "File is too large")
_e -> _e ->
render_error(conn, :forbidden, "Invalid request") render_error(conn, :forbidden, "Invalid request")
end end

54
test/pleroma/web/mastodon_api/update_credentials_test.exs
View file

@ -319,6 +319,32 @@ test "updates the user's banner", %{user: user, conn: conn} do
assert user.banner == nil assert user.banner == nil
end end
test "updates the user's banner, upload_limit, returns a HTTP 413", %{conn: conn, user: user} do
upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
assert :ok ==
File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
new_header_oversized = %Plug.Upload{
content_type: nil,
path: Path.absname("test/tmp/large_binary.data"),
filename: "large_binary.data"
}
res =
patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header_oversized})
assert user_response = json_response_and_validate_schema(res, 413)
assert user_response["header"] != User.banner_url(user)
user = User.get_by_id(user.id)
assert user.banner == %{}
clear_config([:instance, :upload_limit], upload_limit)
assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
end
test "updates the user's background", %{conn: conn, user: user} do test "updates the user's background", %{conn: conn, user: user} do
new_header = %Plug.Upload{ new_header = %Plug.Upload{
content_type: "image/jpeg", content_type: "image/jpeg",
@ -342,6 +368,34 @@ test "updates the user's background", %{conn: conn, user: user} do
assert user.background == nil assert user.background == nil
end end
test "updates the user's background, upload_limit, returns a HTTP 413", %{
conn: conn,
user: user
} do
upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
assert :ok ==
File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
new_background_oversized = %Plug.Upload{
content_type: nil,
path: Path.absname("test/tmp/large_binary.data"),
filename: "large_binary.data"
}
res =
patch(conn, "/api/v1/accounts/update_credentials", %{
"pleroma_background_image" => new_background_oversized
})
assert user_response = json_response_and_validate_schema(res, 413)
assert user.background == %{}
clear_config([:instance, :upload_limit], upload_limit)
assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
end
test "requires 'write:accounts' permission" do test "requires 'write:accounts' permission" do
token1 = insert(:oauth_token, scopes: ["read"]) token1 = insert(:oauth_token, scopes: ["read"])
token2 = insert(:oauth_token, scopes: ["write", "follow"]) token2 = insert(:oauth_token, scopes: ["write", "follow"])