From db3c05f6b4c226733633a409cb1f1a290db4c48b Mon Sep 17 00:00:00 2001
From: Egor Kislitsyn <egor@kislitsyn.com>
Date: Tue, 30 Jul 2019 17:22:52 +0700
Subject: Add configurable account field value length limit

---
 .../update_credentials_test.exs                    | 31 +++++++++++++++++-----
 1 file changed, 25 insertions(+), 6 deletions(-)

(limited to 'test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs')

diff --git a/test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs b/test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs
index a3eadde16..992a692f0 100644
--- a/test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs
@@ -325,6 +325,26 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
                %{"name" => "link", "value" => "cofe.io"}
              ]
 
+      value_limit = Pleroma.Config.get([:instance, :account_field_value_length])
+
+      long_str = Enum.map(0..value_limit, fn _ -> "x" end) |> Enum.join()
+
+      fields = [%{"name" => "<b>foo<b>", "value" => long_str}]
+
+      assert %{"error" => "Invalid request"} ==
+               conn
+               |> assign(:user, user)
+               |> patch("/api/v1/accounts/update_credentials", %{"fields" => fields})
+               |> json_response(403)
+
+      fields = [%{"name" => long_str, "value" => "bar"}]
+
+      assert %{"error" => "Invalid request"} ==
+               conn
+               |> assign(:user, user)
+               |> patch("/api/v1/accounts/update_credentials", %{"fields" => fields})
+               |> json_response(403)
+
       Pleroma.Config.put([:instance, :max_account_fields], 1)
 
       fields = [
@@ -332,12 +352,11 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
         %{"name" => "link", "value" => "cofe.io"}
       ]
 
-      conn =
-        conn
-        |> assign(:user, user)
-        |> patch("/api/v1/accounts/update_credentials", %{"fields" => fields})
-
-      assert %{"error" => "Invalid request"} == json_response(conn, 403)
+      assert %{"error" => "Invalid request"} ==
+               conn
+               |> assign(:user, user)
+               |> patch("/api/v1/accounts/update_credentials", %{"fields" => fields})
+               |> json_response(403)
     end
   end
 end
-- 
cgit v1.2.3