Fix: Added the backend validation for name (#3878)

- Added the backend validation for name - Add message size constraint
2022-02-03 03:51:17 +05:30 · 2022-02-03 03:51:17 +05:30 · 8821106da9
commit 8821106da9
parent e99ea0b582
10 changed files with 83 additions and 1 deletions
--- a/app/models/account.rb
+++ b/app/models/account.rb
@ -33,6 +33,7 @@ class Account < ApplicationRecord

  validates :name, presence: true
  validates :auto_resolve_duration, numericality: { greater_than_or_equal_to: 1, less_than_or_equal_to: 999, allow_nil: true }
+  validates :name, length: { maximum: 255 }

  has_many :account_users, dependent: :destroy_async
  has_many :agent_bot_inboxes, dependent: :destroy_async
--- a/app/models/contact.rb
+++ b/app/models/contact.rb
@ -36,6 +36,7 @@ class Contact < ApplicationRecord
  validates :phone_number,
            allow_blank: true, uniqueness: { scope: [:account_id] },
            format: { with: /\+[1-9]\d{1,14}\z/, message: 'should be in e164 format' }
+  validates :name, length: { maximum: 255 }

  belongs_to :account
  has_many :conversations, dependent: :destroy_async
--- a/app/models/message.rb
+++ b/app/models/message.rb
@ -39,6 +39,7 @@ class Message < ApplicationRecord
  validates :conversation_id, presence: true
  validates_with ContentAttributeValidator
  validates :content_type, presence: true
+  validates :content, length: { maximum: 150_000 }

  # when you have a temperory id in your frontend and want it echoed back via action cable
  attr_accessor :echo_id
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -68,7 +68,7 @@ class User < ApplicationRecord
  # validates_uniqueness_of :email, scope: :account_id

  validates :email, :name, presence: true
-  validates_length_of :name, minimum: 1
+  validates_length_of :name, minimum: 1, maximum: 255

  has_many :account_users, dependent: :destroy_async
  has_many :accounts, through: :account_users
--- a/spec/controllers/api/v1/accounts/contacts_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/contacts_controller_spec.rb
@ -387,6 +387,18 @@ RSpec.describe 'Contacts API', type: :request do
        expect(json_response['payload']['contact']['custom_attributes']).to eq({ 'test' => 'test', 'test1' => 'test1' })
      end

+      it 'does not create the contact' do
+        valid_params[:contact][:name] = 'test' * 999
+
+        post "/api/v1/accounts/#{account.id}/contacts", headers: admin.create_new_auth_token,
+                                                        params: valid_params
+
+        expect(response).to have_http_status(:unprocessable_entity)
+
+        json_response = JSON.parse(response.body)
+        expect(json_response['message']).to eq('Name is too long (maximum is 255 characters)')
+      end
+
      it 'creates the contact inbox when inbox id is passed' do
        expect do
          post "/api/v1/accounts/#{account.id}/contacts", headers: admin.create_new_auth_token,
--- a/spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb
@ -35,6 +35,21 @@ RSpec.describe 'Conversation Messages API', type: :request do
        expect(conversation.messages.first.content).to eq(params[:content])
      end

+      it 'does not create the message' do
+        params = { content: "#{'h' * 150 * 1000}a", private: true }
+
+        post api_v1_account_conversation_messages_url(account_id: account.id, conversation_id: conversation.display_id),
+             params: params,
+             headers: agent.create_new_auth_token,
+             as: :json
+
+        expect(response).to have_http_status(:unprocessable_entity)
+
+        json_response = JSON.parse(response.body)
+
+        expect(json_response['error']).to eq('Validation failed: Content is too long (maximum is 150000 characters)')
+      end
+
      it 'creates an outgoing text message with a specific bot sender' do
        agent_bot = create(:agent_bot)
        time_stamp = Time.now.utc.to_s
--- a/spec/controllers/api/v1/accounts_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts_controller_spec.rb
@ -158,6 +158,19 @@ RSpec.describe 'Accounts API', type: :request do
        expect(account.reload.support_email).to eq(params[:support_email])
        expect(account.reload.auto_resolve_duration).to eq(params[:auto_resolve_duration])
      end
+
+      it 'Throws error 422' do
+        params[:name] = 'test' * 999
+
+        put "/api/v1/accounts/#{account.id}",
+            params: params,
+            headers: admin.create_new_auth_token,
+            as: :json
+
+        expect(response).to have_http_status(:unprocessable_entity)
+        json_response = JSON.parse(response.body)
+        expect(json_response['message']).to eq('Name is too long (maximum is 255 characters)')
+      end
    end
  end

--- a/spec/controllers/api/v1/profiles_controller_spec.rb
+++ b/spec/controllers/api/v1/profiles_controller_spec.rb
@ -93,6 +93,18 @@ RSpec.describe 'Profile API', type: :request do
        expect(response).to have_http_status(:unprocessable_entity)
      end

+      it 'validate name' do
+        user_name = 'test' * 999
+        put '/api/v1/profile',
+            params: { profile: { name: user_name } },
+            headers: agent.create_new_auth_token,
+            as: :json
+
+        expect(response).to have_http_status(:unprocessable_entity)
+        json_response = JSON.parse(response.body)
+        expect(json_response['message']).to eq('Name is too long (maximum is 255 characters)')
+      end
+
      it 'updates avatar' do
        # no avatar before upload
        expect(agent.avatar.attached?).to eq(false)
--- a/spec/controllers/api/v1/widget/messages_controller_spec.rb
+++ b/spec/controllers/api/v1/widget/messages_controller_spec.rb
@ -45,6 +45,21 @@ RSpec.describe '/api/v1/widget/messages', type: :request do
        expect(json_response['content']).to eq(message_params[:content])
      end

+      it 'does not create the message' do
+        conversation.destroy # Test all params
+        message_params = { content: "#{'h' * 150 * 1000}a", timestamp: Time.current }
+        post api_v1_widget_messages_url,
+             params: { website_token: web_widget.website_token, message: message_params },
+             headers: { 'X-Auth-Token' => token },
+             as: :json
+
+        expect(response).to have_http_status(:unprocessable_entity)
+
+        json_response = JSON.parse(response.body)
+
+        expect(json_response['message']).to eq('Content is too long (maximum is 150000 characters)')
+      end
+
      it 'creates attachment message in conversation' do
        file = fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png')
        message_params = { content: 'hello world', timestamp: Time.current, attachments: [file] }
--- a/spec/controllers/public/api/v1/inbox/messages_controller_spec.rb
+++ b/spec/controllers/public/api/v1/inbox/messages_controller_spec.rb
@ -28,6 +28,18 @@ RSpec.describe 'Public Inbox Contact Conversation Messages API', type: :request
      expect(data['content']).to eq('hello')
    end

+    it 'does not create the message' do
+      content = "#{'h' * 150 * 1000}a"
+      post "/public/api/v1/inboxes/#{api_channel.identifier}/contacts/#{contact_inbox.source_id}/conversations/#{conversation.display_id}/messages",
+           params: { content: content }
+
+      expect(response).to have_http_status(:unprocessable_entity)
+
+      json_response = JSON.parse(response.body)
+
+      expect(json_response['message']).to eq('Content is too long (maximum is 150000 characters)')
+    end
+
    it 'creates attachment message in conversation' do
      file = fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png')
      post "/public/api/v1/inboxes/#{api_channel.identifier}/contacts/#{contact_inbox.source_id}/conversations/#{conversation.display_id}/messages",