adds file validation for organization logo to avoids crash

nflorentin · nflorentin · commit 854027ce3a93 · 2023-11-24T09:26:17.000+01:00
diff --git a/Gemfile b/Gemfile
@@ -25,6 +25,7 @@ gem 'sidekiq', '~> 6.5'
 gem 'sidekiq-cron', '~> 1.9.1'
 gem 'aws-sdk-s3', '~> 1.94', require: false
 gem 'image_processing', '~> 1.12'
+gem 'active_storage_validations', '~> 1.1.3'
 
 # Assets
 gem 'jquery-rails', '~> 4.4.0'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -39,6 +39,11 @@ GEM
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    active_storage_validations (1.1.3)
+      activejob (>= 5.2.0)
+      activemodel (>= 5.2.0)
+      activestorage (>= 5.2.0)
+      activesupport (>= 5.2.0)
     activeadmin (2.9.0)
       arbre (~> 1.2, >= 1.2.1)
       formtastic (>= 3.1, < 5.0)
@@ -447,6 +452,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  active_storage_validations (~> 1.1.3)
   activeadmin (~> 2.9.0)
   aws-sdk-s3 (~> 1.94)
   bootsnap (~> 1.12.0)
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -27,7 +27,7 @@ def gravatar_url(user, size = 32)
   def organization_logo
     org = @organization || @current_organization
 
-    return unless org && org.logo.attached?
+    return unless org && org.logo.attached? && org.errors.details[:logo].blank?
     return if "#{controller_name}##{action_name}".in? %w(organizations#index pages#show)
 
     content_tag(:div, class: "row organization-logo") do
diff --git a/app/models/organization.rb b/app/models/organization.rb
@@ -26,6 +26,7 @@ class Organization < ApplicationRecord
   has_many :petitions, dependent: :delete_all
 
   validates :name, presence: true, uniqueness: true
+  validates :logo, content_type: /\Aimage\/.*\z/
 
   before_validation :ensure_url
   after_create :create_account
diff --git a/app/views/organizations/_form.html.erb b/app/views/organizations/_form.html.erb
@@ -9,6 +9,6 @@
   <%= f.input :address %>
   <%= f.input :neighborhood %>
   <%= f.input :city %>
-  <%= f.input :logo %>
+  <%= f.input :logo, input_html: { accept: "image/*" } %>
   <%= f.button :submit %>
 <% end %>
diff --git a/config/database.yml b/config/database.yml
@@ -1,8 +1,10 @@
 defaults: &defaults
   adapter: postgresql
-  username: <%= ENV['DATABASE_USER'] || ENV["POSTGRES_USER"] %>
+  username: postgres
   template: 'template0'
   encoding: 'UTF8'
+  host: localhost
+  port: 5441
 
 development:
   <<: *defaults
diff --git a/spec/models/organization_spec.rb b/spec/models/organization_spec.rb
@@ -1,6 +1,20 @@
 RSpec.describe Organization do
   let(:organization) { Fabricate(:organization) }
 
+  describe "logo validation" do
+    it "validates content_type" do
+      temp_file = Tempfile.new('test.txt')
+      organization.logo.attach(io: File.open(temp_file.path), filename: 'test.txt')
+
+      expect(organization).to be_invalid
+
+      temp_file = Tempfile.new('test.png')
+      organization.logo.attach(io: File.open(temp_file.path), filename: 'test.png')
+
+      expect(organization).to be_valid
+    end
+  end
+
   describe '#display_id' do
     subject { organization.display_id }
 
