diff --git a/app/controllers/contact_controller.rb b/app/controllers/contact_controller.rb index 08962de84..f003fa0a0 100644 --- a/app/controllers/contact_controller.rb +++ b/app/controllers/contact_controller.rb @@ -2,6 +2,7 @@ class ContactController < ApplicationController invisible_captcha only: [:create], on_spam: :redirect_to_root + before_action :reject_invalid_attachment, only: [:create] def index @form = ContactForm.new(tags: contact_form_params.fetch(:tags, []), dossier_id: dossier&.id) @@ -75,4 +76,14 @@ class ContactController < ApplicationController params.permit(:dossier_id, tags: []) # prefilling form end end + + def reject_invalid_attachment + piece_jointe = params.dig(:contact_form, :piece_jointe) + return if piece_jointe.nil? + return if piece_jointe.is_a?(ActionDispatch::Http::UploadedFile) + + @form = ContactForm.new(user: current_user) + flash.alert = t('invalid_piece_jointe', scope: "contact.create") + render(@form.for_admin ? :admin : :index, status: :unprocessable_entity) + end end diff --git a/config/locales/views/contact/en.yml b/config/locales/views/contact/en.yml index c0815a287..993a65256 100644 --- a/config/locales/views/contact/en.yml +++ b/config/locales/views/contact/en.yml @@ -71,3 +71,4 @@ en: create: direct_message_sent: Your message has been sent to the mailbox in your file. message_sent: Your message has been sent. + invalid_piece_jointe: 'The attachment must be a file' diff --git a/config/locales/views/contact/fr.yml b/config/locales/views/contact/fr.yml index 6d5b3d629..aca1dd861 100644 --- a/config/locales/views/contact/fr.yml +++ b/config/locales/views/contact/fr.yml @@ -72,3 +72,4 @@ fr: create: direct_message_sent: Votre message a été envoyé sur la messagerie de votre dossier. message_sent: Votre message a été envoyé. + invalid_piece_jointe: 'La pièce jointe doit être un fichier' diff --git a/spec/controllers/contact_controller_spec.rb b/spec/controllers/contact_controller_spec.rb index 6191262c5..6f3ea6def 100644 --- a/spec/controllers/contact_controller_spec.rb +++ b/spec/controllers/contact_controller_spec.rb @@ -198,6 +198,16 @@ describe ContactController, question_type: :controller do expect(response.body).to include("un message") end end + + context "with an invalid attachment type" do + let(:params) { super().merge(piece_jointe: "not_a_file") } + + it "returns unprocessable entity status" do + subject + expect(response).to have_http_status(:unprocessable_entity) + expect(response.body).to include("La pièce jointe doit être un fichier") + end + end end end