diff options
| author | duponin <duponin@locahlo.st> | 2022-12-11 23:15:08 +0100 |
|---|---|---|
| committer | duponin <duponin@locahlo.st> | 2022-12-11 23:15:08 +0100 |
| commit | 987674235814205344d320c0e4c21df17b1cdd15 (patch) | |
| tree | f20a6701c3b5d3051ed68576069515131fcc9d0b /test | |
| parent | 452595baeda8327b862d03e450ac004679efe86e (diff) | |
| download | pleroma-987674235814205344d320c0e4c21df17b1cdd15.tar.gz pleroma-987674235814205344d320c0e4c21df17b1cdd15.zip | |
Return 413 when an actor's banner or background exceeds the size limit
Diffstat (limited to 'test')
| -rw-r--r-- | test/pleroma/web/mastodon_api/update_credentials_test.exs | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/test/pleroma/web/mastodon_api/update_credentials_test.exs b/test/pleroma/web/mastodon_api/update_credentials_test.exs index 57bca897c..d5fac7e25 100644 --- a/test/pleroma/web/mastodon_api/update_credentials_test.exs +++ b/test/pleroma/web/mastodon_api/update_credentials_test.exs @@ -306,6 +306,32 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do assert user.banner == nil end + test "updates the user's banner, upload_limit, returns a HTTP 413", %{conn: conn, user: user} do + upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8 + + assert :ok == + File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>) + + new_header_oversized = %Plug.Upload{ + content_type: nil, + path: Path.absname("test/tmp/large_binary.data"), + filename: "large_binary.data" + } + + res = + patch(conn, "/api/v1/accounts/update_credentials", %{"header" => new_header_oversized}) + + assert user_response = json_response_and_validate_schema(res, 413) + assert user_response["header"] != User.banner_url(user) + + user = User.get_by_id(user.id) + assert user.banner == %{} + + clear_config([:instance, :upload_limit], upload_limit) + + assert :ok == File.rm(Path.absname("test/tmp/large_binary.data")) + end + test "updates the user's background", %{conn: conn, user: user} do new_header = %Plug.Upload{ content_type: "image/jpeg", @@ -329,6 +355,34 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do assert user.background == nil end + test "updates the user's background, upload_limit, returns a HTTP 413", %{ + conn: conn, + user: user + } do + upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8 + + assert :ok == + File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>) + + new_background_oversized = %Plug.Upload{ + content_type: nil, + path: Path.absname("test/tmp/large_binary.data"), + filename: "large_binary.data" + } + + res = + patch(conn, "/api/v1/accounts/update_credentials", %{ + "pleroma_background_image" => new_background_oversized + }) + + assert user_response = json_response_and_validate_schema(res, 413) + assert user.background == %{} + + clear_config([:instance, :upload_limit], upload_limit) + + assert :ok == File.rm(Path.absname("test/tmp/large_binary.data")) + end + test "requires 'write:accounts' permission" do token1 = insert(:oauth_token, scopes: ["read"]) token2 = insert(:oauth_token, scopes: ["write", "follow"]) |