Add configurable account field name length limit

This commit is contained in:
Egor Kislitsyn 2019-08-01 15:09:15 +07:00
parent db3c05f6b4
commit 2c35d4b0b0
4 changed files with 10 additions and 4 deletions

View File

@ -256,6 +256,7 @@
user_bio_length: 5000, user_bio_length: 5000,
user_name_length: 100, user_name_length: 100,
max_account_fields: 4, max_account_fields: 4,
account_field_name_length: 255,
account_field_value_length: 255, account_field_value_length: 255,
external_user_synchronization: true external_user_synchronization: true

View File

@ -133,6 +133,7 @@ config :pleroma, Pleroma.Emails.Mailer,
* `limit_to_local_content`: Limit unauthenticated users to search for local statutes and users only. Possible values: `:unauthenticated`, `:all` and `false`. The default is `:unauthenticated`. * `limit_to_local_content`: Limit unauthenticated users to search for local statutes and users only. Possible values: `:unauthenticated`, `:all` and `false`. The default is `:unauthenticated`.
* `dynamic_configuration`: Allow transferring configuration to DB with the subsequent customization from Admin api. * `dynamic_configuration`: Allow transferring configuration to DB with the subsequent customization from Admin api.
* `max_account_fields`: The maximum number of custom fields in the user profile (default: `4`) * `max_account_fields`: The maximum number of custom fields in the user profile (default: `4`)
* `account_field_name_length`: An account field name maximum length (default: `255`)
* `account_field_value_length`: An account field value maximum length (default: `255`) * `account_field_value_length`: An account field value maximum length (default: `255`)
* `external_user_synchronization`: Enabling following/followers counters synchronization for external users. * `external_user_synchronization`: Enabling following/followers counters synchronization for external users.

View File

@ -308,11 +308,12 @@ def validate_fields(changeset) do
end end
defp valid_field?(%{"name" => name, "value" => value}) do defp valid_field?(%{"name" => name, "value" => value}) do
name_limit = Pleroma.Config.get([:instance, :account_field_name_length], 255)
value_limit = Pleroma.Config.get([:instance, :account_field_value_length], 255) value_limit = Pleroma.Config.get([:instance, :account_field_value_length], 255)
is_binary(name) && is_binary(name) &&
is_binary(value) && is_binary(value) &&
String.length(name) <= 255 && String.length(name) <= name_limit &&
String.length(value) <= value_limit String.length(value) <= value_limit
end end

View File

@ -325,11 +325,12 @@ test "update fields", %{conn: conn} do
%{"name" => "link", "value" => "cofe.io"} %{"name" => "link", "value" => "cofe.io"}
] ]
name_limit = Pleroma.Config.get([:instance, :account_field_name_length])
value_limit = Pleroma.Config.get([:instance, :account_field_value_length]) value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
long_str = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join() long_value = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
fields = [%{"name" => "<b>foo<b>", "value" => long_str}] fields = [%{"name" => "<b>foo<b>", "value" => long_value}]
assert %{"error" => "Invalid request"} == assert %{"error" => "Invalid request"} ==
conn conn
@ -337,7 +338,9 @@ test "update fields", %{conn: conn} do
|> patch("/api/v1/accounts/update_credentials", %{"fields" => fields}) |> patch("/api/v1/accounts/update_credentials", %{"fields" => fields})
|> json_response(403) |> json_response(403)
fields = [%{"name" => long_str, "value" => "bar"}] long_name = Enum.map(0..name_limit, fn _ -> "x" end) |> Enum.join()
fields = [%{"name" => long_name, "value" => "bar"}]
assert %{"error" => "Invalid request"} == assert %{"error" => "Invalid request"} ==
conn conn