jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Validate tags in one place only and add tests

Browse Source
This commit is contained in:
Johannes Zellner
2019-04-16 16:36:11 +02:00
parent 332c860e80
commit e756a442f6
3 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/apps.js
-9
View File
@@ -119,10 +119,6 @@ function installApp(req, res, next) {
if (data.backupFormat && typeof data.backupFormat !== 'string') return next(new HttpError(400, 'backupFormat must be string or null'));
if ('label' in data && typeof data.label !== 'string') return next(new HttpError(400, 'label must be a string'));
if ('tags' in data) {
if (!Array.isArray(data.tags)) return next(new HttpError(400, 'tags must be a string array'));
if (data.tags.some(d => typeof d !== 'string')) return next(new HttpError(400, 'tags must be in array of strings'));
}
// falsy values in cert and key unset the cert
if (data.key && typeof data.cert !== 'string') return next(new HttpError(400, 'cert must be a string'));
@@ -213,11 +209,6 @@ function configureApp(req, res, next) {
}
if ('label' in data && typeof data.label !== 'string') return next(new HttpError(400, 'label must be a string'));
if ('tags' in data) {
if (!Array.isArray(data.tags)) return next(new HttpError(400, 'tags must be an array of strings'));
if (data.tags.some(d => typeof d !== 'string')) return next(new HttpError(400, 'tags must be an array of strings'));
}
if ('dataDir' in data && typeof data.dataDir !== 'string') return next(new HttpError(400, 'dataDir must be a string'));
debug('Configuring app id:%s data:%j', req.params.id, data);
src/routes/test/apps-test.js
+24
View File
@@ -1021,6 +1021,30 @@ describe('App installation', function () {
});
});
it('cannot reconfigure app with invalid tags', function (done) {
superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
.query({ access_token: token })
.send({ location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, tags: 'foobar' })
.end(function (err, res) {
expect(res.statusCode).to.equal(400);
superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
.query({ access_token: token })
.send({ location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, tags: ['hello', '', 'there' ] })
.end(function (err, res) {
expect(res.statusCode).to.equal(400);
superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
.query({ access_token: token })
.send({ location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, tags: ['hello', 1234, 'there' ] })
.end(function (err, res) {
expect(res.statusCode).to.equal(400);
done();
});
});
});
});
it('non admin cannot reconfigure app', function (done) {
superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure')
.query({ access_token: token_1 })