Fix bug where OAuth signups were not pulling in OAuth provider's prof…

…ile image (forem#14711) * Use regex to replace with https * Refactor a bit * Update logic to handle edge cases * url being nil * url not a valid URL (weak validation, checks for starting string of http) * Add new test case for http to https conversion
GeauxWeisbeck4 · Sep 15, 2021 · 84d9311 · 84d9311
1 parent 3f83d7e
commit 84d9311
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/app/services/users/safe_remote_profile_image_url.rb b/app/services/users/safe_remote_profile_image_url.rb
@@ -2,9 +2,12 @@ module Users
   module SafeRemoteProfileImageUrl
     # Basic check for nil and blank URLs, alongside likely incomplete URLs, such as just "image.jpg".
     def self.call(url)
-      return url if url.to_s.start_with?("https")
-
-      Users::ProfileImageGenerator.call
+      if url&.start_with?("http")
+        url.sub!("http://", "https://")
+        url
+      else
+        Users::ProfileImageGenerator.call
+      end
     end
   end
 end
diff --git a/spec/services/users/safe_remote_profile_image_url_spec.rb b/spec/services/users/safe_remote_profile_image_url_spec.rb
@@ -17,4 +17,9 @@
   it "returns fallback image if passed non-URL" do
     expect(described_class.call("image")).to start_with("https://emojipedia-us.s3")
   end
+
+  it "returns a secure HTTPS image link if pass a regular HTTP link" do
+    url = "http://image.com/image.jpg"
+    expect(described_class.call(url)).to eq "https://image.com/image.jpg"
+  end
 end