From 21d0aee0092576120f8be34561fa908eb07fd5c9 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Fri, 23 May 2025 19:33:43 +0100 Subject: [PATCH] Limit user descriptions to 64Kb --- .rubocop_todo.yml | 2 +- app/models/user.rb | 1 + test/models/user_test.rb | 12 ++++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index f1aa874c3..908734509 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -66,7 +66,7 @@ Metrics/BlockNesting: # Offense count: 26 # Configuration parameters: CountComments, CountAsOne. Metrics/ClassLength: - Max: 332 + Max: 333 # Offense count: 58 # Configuration parameters: AllowedMethods, AllowedPatterns. diff --git a/app/models/user.rb b/app/models/user.rb index 5e5478fff..3dcbddf89 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -120,6 +120,7 @@ class User < ApplicationRecord :uniqueness => { :scope => :auth_provider } validates :avatar, :if => proc { |u| u.attachment_changes["avatar"] }, :image => true + validates :description, :length => 0..65536 validates_email_format_of :email, :if => proc { |u| u.email_changed? } validates_email_format_of :new_email, :allow_blank => true, :if => proc { |u| u.new_email_changed? } diff --git a/test/models/user_test.rb b/test/models/user_test.rb index b051cc731..0869415b3 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -136,6 +136,18 @@ class UserTest < ActiveSupport::TestCase assert_predicate user, :valid?, "user_0 display_name is invalid but it hasn't been changed" end + def test_description_length + user = build(:user) + user.description = "x" * 65536 + assert_predicate user, :valid?, "should allow 65536 char description" + user.description = "x" * 65537 + assert_not_predicate user, :valid?, "should not allow 65537 char description" + user.description = "" + assert_predicate user, :valid?, "should allow blank/0 char description" + user.description = nil + assert_predicate user, :valid?, "should allow nil value" + end + def test_follows alice = create(:user, :active) bob = create(:user, :active) -- 2.39.5