From 552d69ad96fec7ebfca46a97c50355678e114223 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 14 Nov 2022 08:07:14 +0100 Subject: [PATCH] Fix error when invalid domain name is submitted (#19474) Fix #19175 --- app/models/concerns/domain_normalizable.rb | 2 + .../v1/admin/domain_allows_controller_spec.rb | 44 ++++++++++++------- 2 files changed, 30 insertions(+), 16 deletions(-) diff --git a/app/models/concerns/domain_normalizable.rb b/app/models/concerns/domain_normalizable.rb index fb84058fc..8e244c1d8 100644 --- a/app/models/concerns/domain_normalizable.rb +++ b/app/models/concerns/domain_normalizable.rb @@ -11,5 +11,7 @@ module DomainNormalizable def normalize_domain self.domain = TagManager.instance.normalize_domain(domain&.strip) + rescue Addressable::URI::InvalidURIError + errors.add(:domain, :invalid) end end diff --git a/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb b/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb index 26a391a60..8100363f6 100644 --- a/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb +++ b/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb @@ -94,25 +94,37 @@ RSpec.describe Api::V1::Admin::DomainAllowsController, type: :controller do describe 'POST #create' do let!(:domain_allow) { Fabricate(:domain_allow, domain: 'example.com') } - before do - post :create, params: { domain: 'foo.bar.com' } + context do + before do + post :create, params: { domain: 'foo.bar.com' } + end + + it_behaves_like 'forbidden for wrong scope', 'write:statuses' + it_behaves_like 'forbidden for wrong role', '' + it_behaves_like 'forbidden for wrong role', 'Moderator' + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'returns expected domain name' do + json = body_as_json + expect(json[:domain]).to eq 'foo.bar.com' + end + + it 'creates a domain block' do + expect(DomainAllow.find_by(domain: 'foo.bar.com')).to_not be_nil + end end - it_behaves_like 'forbidden for wrong scope', 'write:statuses' - it_behaves_like 'forbidden for wrong role', '' - it_behaves_like 'forbidden for wrong role', 'Moderator' + context 'with invalid domain name' do + before do + post :create, params: { domain: 'foo bar' } + end - it 'returns http success' do - expect(response).to have_http_status(200) - end - - it 'returns expected domain name' do - json = body_as_json - expect(json[:domain]).to eq 'foo.bar.com' - end - - it 'creates a domain block' do - expect(DomainAllow.find_by(domain: 'foo.bar.com')).to_not be_nil + it 'returns http unprocessable entity' do + expect(response).to have_http_status(422) + end end end end