chore: Add webhook URL validation (#4080)
This commit is contained in:
parent
87a6266ddc
commit
aff14b697f
2 changed files with 10 additions and 1 deletions
|
@ -20,7 +20,7 @@ class Webhook < ApplicationRecord
|
|||
belongs_to :inbox, optional: true
|
||||
|
||||
validates :account_id, presence: true
|
||||
validates :url, uniqueness: { scope: [:account_id] }, format: { with: URI::DEFAULT_PARSER.make_regexp }
|
||||
validates :url, uniqueness: { scope: [:account_id] }, format: URI::DEFAULT_PARSER.make_regexp(%w[http https])
|
||||
|
||||
enum webhook_type: { account: 0, inbox: 1 }
|
||||
end
|
||||
|
|
|
@ -48,6 +48,15 @@ RSpec.describe 'Webhooks API', type: :request do
|
|||
|
||||
expect(JSON.parse(response.body)['payload']['webhook']['url']).to eql 'https://hello.com'
|
||||
end
|
||||
|
||||
it 'throws error when invalid url provided' do
|
||||
post "/api/v1/accounts/#{account.id}/webhooks",
|
||||
params: { account_id: account.id, inbox_id: inbox.id, url: 'javascript:alert(1)' },
|
||||
headers: administrator.create_new_auth_token,
|
||||
as: :json
|
||||
expect(response).to have_http_status(:unprocessable_entity)
|
||||
expect(JSON.parse(response.body)['message']).to eql 'Url is invalid'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue