Do not permit to upload a GIF file via javascript

2020-02-24 11:17:52 +01:00 · 2020-02-24 11:17:52 +01:00 · 6102ba6039
commit 6102ba6039
parent 8c3a382dae
9 changed files with 41 additions and 6 deletions
--- a/1
+++ b/1
@ -4,6 +4,7 @@ gem 'aasm'
 gem 'actiontext', git: 'https://github.com/kobaltz/actiontext.git', branch: 'archive', require: 'action_text' # Port of ActionText to Rails 5
 gem 'active_link_to' # Automatically set a class on active links
 gem 'active_model_serializers'
+gem 'active_storage_validations'
 gem 'activestorage-openstack'
 gem 'administrate'
 gem 'after_party'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -51,8 +51,10 @@ GEM
      activemodel (>= 4.1, < 6.1)
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    activejob (5.2.4.1)
-      activesupport (= 5.2.4.1)
+    active_storage_validations (0.8.7)
+      rails (>= 5.2.0)
+    activejob (5.2.3)
+      activesupport (= 5.2.3)
      globalid (>= 0.3.6)
    activemodel (5.2.4.1)
      activesupport (= 5.2.4.1)
@ -714,6 +716,7 @@ DEPENDENCIES
  actiontext!
  active_link_to
  active_model_serializers
+  active_storage_validations
  activestorage-openstack
  administrate
  after_party
--- a/app/controllers/admin/attestation_templates_controller.rb
+++ b/app/controllers/admin/attestation_templates_controller.rb
@ -40,9 +40,16 @@ class Admin::AttestationTemplatesController < AdminController
  end

  def preview
-    @attestation = (@procedure.attestation_template || AttestationTemplate.new).render_attributes_for(activated_attestation_params)
+    attestation = (@procedure.attestation_template || AttestationTemplate.new)
+    attestation.assign_attributes(activated_attestation_params)
+
+    if attestation.valid?
+      @attestation = attestation.render_attributes_for(activated_attestation_params)

      render 'admin/attestation_templates/show', formats: [:pdf]
+    else
+      flash.alert = attestation_template.errors.full_messages.join('<br>')
+    end
  end

  def delete_logo
--- a/app/models/attestation_template.rb
+++ b/app/models/attestation_template.rb
@ -11,6 +11,9 @@ class AttestationTemplate < ApplicationRecord

  validates :footer, length: { maximum: 190 }

+  validates :logo, content_type: [:png, :jpg, :jpeg]
+  validates :signature, content_type: [:png, :jpg, :jpeg]
+
  DOSSIER_STATE = Dossier.states.fetch(:accepte)

  def attestation_for(dossier)
--- a/app/views/admin/attestation_templates/edit.html.haml
+++ b/app/views/admin/attestation_templates/edit.html.haml
@ -23,7 +23,7 @@
        = f.label :logo, "Logo de l'attestation"
        - if @attestation_template.logo.attached?
          = link_to 'Supprimer le logo', admin_procedure_attestation_template_logo_path(@procedure), method: :delete
-        = f.file_field :logo, accept: 'image/png, image/jpg, image/jpeg'
+        = f.file_field :logo, accept: 'image/png,image/jpg,image/jpeg'
        %p.help-block
          Fichier accepté : JPG / JPEG / PNG
          %br
@ -87,3 +87,4 @@
      - else
        - save_data = @procedure.locked? ? { toggle: :tooltip, confirm: "Attention: les modifications n'affecteront pas les attestations déjà délivrées." } : nil
        %button.btn.btn-success{ data: save_data } Enregistrer
+
--- a/spec/controllers/admin/attestation_templates_controller_spec.rb
+++ b/spec/controllers/admin/attestation_templates_controller_spec.rb
@ -26,11 +26,12 @@ describe Admin::AttestationTemplatesController, type: :controller do
          procedure_id: procedure.id,
          attestation_template: upload_params
        }
+      procedure.reload
    end

    context 'with an interlaced png' do
      let(:upload_params) { { logo: interlaced_logo } }
-      it { expect(assigns(:attestation)[:logo].read).to eq(uninterlaced_logo.read) }
+      it { expect(procedure.attestation_template.logo.download).to eq(uninterlaced_logo.read) }
    end

    context 'if an attestation template does not exist on the procedure' do
--- a/spec/fixtures/files/beta-gouv.gif
+++ b/spec/fixtures/files/beta-gouv.gif
--- a/spec/fixtures/files/french-flag.gif
+++ b/spec/fixtures/files/french-flag.gif
--- a/spec/models/attestation_template_spec.rb
+++ b/spec/models/attestation_template_spec.rb
@ -87,6 +87,25 @@ describe AttestationTemplate, type: :model do
    end
  end

+  describe 'invalidate attestation if images attachments are not valid' do
+    before do
+      @logo = Rack::Test::UploadedFile.new('spec/fixtures/files/french-flag.gif', 'image/gif')
+      @signature = Rack::Test::UploadedFile.new('spec/fixtures/files/beta-gouv.gif', 'image/gif')
+    end
+
+    after do
+      subject.destroy
+    end
+
+    let(:attestation_template) { AttestationTemplate.create(attributes) }
+    subject { attestation_template.dup }
+
+    context 'with an attestation which has gif files' do
+      let(:attributes) { { title: 't', body: 'b', footer: 'f', activated: true, logo: @logo, signature: @signature } }
+      it { is_expected.not_to be_valid }
+    end
+  end
+
  describe 'attestation_for' do
    let(:procedure) do
      create(:procedure,