fix(contact): drop piece jointe not file

2024-11-19 16:29:19 +01:00 · 2024-11-19 16:29:19 +01:00 · e52aae420a
commit e52aae420a
parent 5a2ab37049
4 changed files with 23 additions and 0 deletions
--- a/app/controllers/contact_controller.rb
+++ b/app/controllers/contact_controller.rb
@ -2,6 +2,7 @@

 class ContactController < ApplicationController
  invisible_captcha only: [:create], on_spam: :redirect_to_root
+  before_action :reject_invalid_attachment, only: [:create]

  def index
    @form = ContactForm.new(tags: contact_form_params.fetch(:tags, []), dossier_id: dossier&.id)
@ -75,4 +76,14 @@ class ContactController < ApplicationController
      params.permit(:dossier_id, tags: []) # prefilling form
    end
  end
+
+  def reject_invalid_attachment
+    piece_jointe = params.dig(:contact_form, :piece_jointe)
+    return if piece_jointe.nil?
+    return if piece_jointe.is_a?(ActionDispatch::Http::UploadedFile)
+
+    @form = ContactForm.new(user: current_user)
+    flash.alert = t('invalid_piece_jointe', scope: "contact.create")
+    render(@form.for_admin ? :admin : :index, status: :unprocessable_entity)
+  end
 end
--- a/config/locales/views/contact/en.yml
+++ b/config/locales/views/contact/en.yml
@ -71,3 +71,4 @@ en:
    create:
      direct_message_sent: Your message has been sent to the mailbox in your file.
      message_sent: Your message has been sent.
+      invalid_piece_jointe: 'The attachment must be a file'
--- a/config/locales/views/contact/fr.yml
+++ b/config/locales/views/contact/fr.yml
@ -72,3 +72,4 @@ fr:
    create:
      direct_message_sent: Votre message a été envoyé sur la messagerie de votre dossier.
      message_sent: Votre message a été envoyé.
+      invalid_piece_jointe: 'La pièce jointe doit être un fichier'
--- a/spec/controllers/contact_controller_spec.rb
+++ b/spec/controllers/contact_controller_spec.rb
@ -198,6 +198,16 @@ describe ContactController, question_type: :controller do
          expect(response.body).to include("un message")
        end
      end
+
+      context "with an invalid attachment type" do
+        let(:params) { super().merge(piece_jointe: "not_a_file") }
+
+        it "returns unprocessable entity status" do
+          subject
+          expect(response).to have_http_status(:unprocessable_entity)
+          expect(response.body).to include("La pièce jointe doit être un fichier")
+        end
+      end
    end
  end