chore: Security Improvements to the API (#2893)

- Devise auth tokens are reset on password update - Avatar attachment file type is limited to jpeg,gif and png - Avatar attachment file size is limited to 15 mb - Widget Message attachments are limited to types ['image/png', 'image/jpeg', 'image/gif', 'image/bmp', 'image/tiff', 'application/pdf', 'audio/mpeg', 'video/mp4', 'audio/ogg', 'text/csv'] - Widget Message attachments are limited to 40Mb size limit.
2021-09-01 15:08:05 +05:30 · 2021-09-01 15:08:05 +05:30 · 6fdd4a2996
commit 6fdd4a2996
parent 06d8916341
9 changed files with 60 additions and 23 deletions
--- a/app/javascript/dashboard/components/widgets/WootWriter/ReplyBottomPanel.vue
+++ b/app/javascript/dashboard/components/widgets/WootWriter/ReplyBottomPanel.vue
@ -11,10 +11,11 @@
        @click="toggleEmojiPicker"
      />

+      <!-- ensure the same validations for attachment types are implemented in  backend models as well -->
      <file-upload
        ref="upload"
        :size="4096 * 4096"
-        accept="image/*, application/pdf, audio/mpeg, video/mp4, audio/ogg, text/csv"
+        accept="image/png, image/jpeg, image/gif, image/bmp, image/tiff, application/pdf, audio/mpeg, video/mp4, audio/ogg, text/csv"
        :drop="true"
        :drop-directory="false"
        @input-file="onFileUpload"
--- a/app/javascript/dashboard/components/widgets/forms/AvatarUploader.vue
+++ b/app/javascript/dashboard/components/widgets/forms/AvatarUploader.vue
@ -20,12 +20,13 @@
        id="file"
        ref="file"
        type="file"
-        accept="image/*"
+        accept="image/png, image/jpeg, image/gif"
        @change="handleImageUpload"
      />
      <slot></slot>
    </label>
  </div>
+
 </template>

 <script>