Do not permit to upload a GIF file via javascript

This commit is contained in:
kara Diaby 2020-02-24 11:17:52 +01:00
parent 8c3a382dae
commit 6102ba6039
9 changed files with 41 additions and 6 deletions

View file

@ -4,6 +4,7 @@ gem 'aasm'
gem 'actiontext', git: 'https://github.com/kobaltz/actiontext.git', branch: 'archive', require: 'action_text' # Port of ActionText to Rails 5
gem 'active_link_to' # Automatically set a class on active links
gem 'active_model_serializers'
gem 'active_storage_validations'
gem 'activestorage-openstack'
gem 'administrate'
gem 'after_party'

View file

@ -51,8 +51,10 @@ GEM
activemodel (>= 4.1, < 6.1)
case_transform (>= 0.2)
jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
activejob (5.2.4.1)
activesupport (= 5.2.4.1)
active_storage_validations (0.8.7)
rails (>= 5.2.0)
activejob (5.2.3)
activesupport (= 5.2.3)
globalid (>= 0.3.6)
activemodel (5.2.4.1)
activesupport (= 5.2.4.1)
@ -714,6 +716,7 @@ DEPENDENCIES
actiontext!
active_link_to
active_model_serializers
active_storage_validations
activestorage-openstack
administrate
after_party

View file

@ -40,9 +40,16 @@ class Admin::AttestationTemplatesController < AdminController
end
def preview
@attestation = (@procedure.attestation_template || AttestationTemplate.new).render_attributes_for(activated_attestation_params)
attestation = (@procedure.attestation_template || AttestationTemplate.new)
attestation.assign_attributes(activated_attestation_params)
if attestation.valid?
@attestation = attestation.render_attributes_for(activated_attestation_params)
render 'admin/attestation_templates/show', formats: [:pdf]
else
flash.alert = attestation_template.errors.full_messages.join('<br>')
end
end
def delete_logo

View file

@ -11,6 +11,9 @@ class AttestationTemplate < ApplicationRecord
validates :footer, length: { maximum: 190 }
validates :logo, content_type: [:png, :jpg, :jpeg]
validates :signature, content_type: [:png, :jpg, :jpeg]
DOSSIER_STATE = Dossier.states.fetch(:accepte)
def attestation_for(dossier)

View file

@ -87,3 +87,4 @@
- else
- save_data = @procedure.locked? ? { toggle: :tooltip, confirm: "Attention: les modifications n'affecteront pas les attestations déjà délivrées." } : nil
%button.btn.btn-success{ data: save_data } Enregistrer

View file

@ -26,11 +26,12 @@ describe Admin::AttestationTemplatesController, type: :controller do
procedure_id: procedure.id,
attestation_template: upload_params
}
procedure.reload
end
context 'with an interlaced png' do
let(:upload_params) { { logo: interlaced_logo } }
it { expect(assigns(:attestation)[:logo].read).to eq(uninterlaced_logo.read) }
it { expect(procedure.attestation_template.logo.download).to eq(uninterlaced_logo.read) }
end
context 'if an attestation template does not exist on the procedure' do

BIN
spec/fixtures/files/beta-gouv.gif vendored Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.2 MiB

BIN
spec/fixtures/files/french-flag.gif vendored Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 798 KiB

View file

@ -87,6 +87,25 @@ describe AttestationTemplate, type: :model do
end
end
describe 'invalidate attestation if images attachments are not valid' do
before do
@logo = Rack::Test::UploadedFile.new('spec/fixtures/files/french-flag.gif', 'image/gif')
@signature = Rack::Test::UploadedFile.new('spec/fixtures/files/beta-gouv.gif', 'image/gif')
end
after do
subject.destroy
end
let(:attestation_template) { AttestationTemplate.create(attributes) }
subject { attestation_template.dup }
context 'with an attestation which has gif files' do
let(:attributes) { { title: 't', body: 'b', footer: 'f', activated: true, logo: @logo, signature: @signature } }
it { is_expected.not_to be_valid }
end
end
describe 'attestation_for' do
let(:procedure) do
create(:procedure,