chore: Add webhook URL validation (#4080)

This commit is contained in:
Muhsin Keloth 2022-02-28 15:44:02 +05:30 committed by GitHub
parent 87a6266ddc
commit aff14b697f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 1 deletions

View file

@ -20,7 +20,7 @@ class Webhook < ApplicationRecord
belongs_to :inbox, optional: true
validates :account_id, presence: true
validates :url, uniqueness: { scope: [:account_id] }, format: { with: URI::DEFAULT_PARSER.make_regexp }
validates :url, uniqueness: { scope: [:account_id] }, format: URI::DEFAULT_PARSER.make_regexp(%w[http https])
enum webhook_type: { account: 0, inbox: 1 }
end

View file

@ -48,6 +48,15 @@ RSpec.describe 'Webhooks API', type: :request do
expect(JSON.parse(response.body)['payload']['webhook']['url']).to eql 'https://hello.com'
end
it 'throws error when invalid url provided' do
post "/api/v1/accounts/#{account.id}/webhooks",
params: { account_id: account.id, inbox_id: inbox.id, url: 'javascript:alert(1)' },
headers: administrator.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
expect(JSON.parse(response.body)['message']).to eql 'Url is invalid'
end
end
end