Merge branch 'tusooa/3119-bio-update' into 'develop'

Show more informative errors when profile exceeds char limits Closes #3119 See merge request pleroma/pleroma!3886
2023-06-27 18:49:43 +00:00 · 2023-06-27 18:49:43 +00:00 · ae0ca49451
parent 41f2ee69a8 2c66f584b5
commit ae0ca49451
3 changed files with 55 additions and 6 deletions
--- a/changelog.d/update-credentials-limit-error.fix
+++ b/changelog.d/update-credentials-limit-error.fix
@ -0,0 +1 @@
+Show more informative errors when profile exceeds char limits
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@ -263,6 +263,18 @@ def update_credentials(%{assigns: %{user: user}, body_params: params} = conn, _p
      {:error, %Ecto.Changeset{errors: [background: {"file is too large", _}]}} ->
        render_error(conn, :request_entity_too_large, "File is too large")

+      {:error, %Ecto.Changeset{errors: [{:bio, {_, _}} | _]}} ->
+        render_error(conn, :request_entity_too_large, "Bio is too long")
+
+      {:error, %Ecto.Changeset{errors: [{:name, {_, _}} | _]}} ->
+        render_error(conn, :request_entity_too_large, "Name is too long")
+
+      {:error, %Ecto.Changeset{errors: [{:fields, {"invalid", _}} | _]}} ->
+        render_error(conn, :request_entity_too_large, "One or more field entries are too long")
+
+      {:error, %Ecto.Changeset{errors: [{:fields, {_, _}} | _]}} ->
+        render_error(conn, :request_entity_too_large, "Too many field entries")
+
      _e ->
        render_error(conn, :forbidden, "Invalid request")
    end
--- a/test/pleroma/web/mastodon_api/update_credentials_test.exs
+++ b/test/pleroma/web/mastodon_api/update_credentials_test.exs
@ -97,6 +97,42 @@ test "updates the user's bio", %{conn: conn} do
      assert user.raw_bio == raw_bio
    end

+    test "updating bio honours bio limit", %{conn: conn} do
+      bio_limit = Config.get([:instance, :user_bio_length], 5000)
+
+      raw_bio = String.duplicate(".", bio_limit + 1)
+
+      conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
+
+      assert %{"error" => "Bio is too long"} = json_response_and_validate_schema(conn, 413)
+    end
+
+    test "updating name honours name limit", %{conn: conn} do
+      name_limit = Config.get([:instance, :user_name_length], 100)
+
+      name = String.duplicate(".", name_limit + 1)
+
+      conn = patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => name})
+
+      assert %{"error" => "Name is too long"} = json_response_and_validate_schema(conn, 413)
+    end
+
+    test "when both name and bio exceeds the limit, display name error", %{conn: conn} do
+      name_limit = Config.get([:instance, :user_name_length], 100)
+      bio_limit = Config.get([:instance, :user_bio_length], 5000)
+
+      name = String.duplicate(".", name_limit + 1)
+      raw_bio = String.duplicate(".", bio_limit + 1)
+
+      conn =
+        patch(conn, "/api/v1/accounts/update_credentials", %{
+          "display_name" => name,
+          "note" => raw_bio
+        })
+
+      assert %{"error" => "Name is too long"} = json_response_and_validate_schema(conn, 413)
+    end
+
    test "updates the user's locking status", %{conn: conn} do
      conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})

@ -595,17 +631,17 @@ test "update fields when invalid request", %{conn: conn} do

      fields = [%{"name" => "foo", "value" => long_value}]

-      assert %{"error" => "Invalid request"} ==
+      assert %{"error" => "One or more field entries are too long"} ==
               conn
               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-               |> json_response_and_validate_schema(403)
+               |> json_response_and_validate_schema(413)

      fields = [%{"name" => long_name, "value" => "bar"}]

-      assert %{"error" => "Invalid request"} ==
+      assert %{"error" => "One or more field entries are too long"} ==
               conn
               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-               |> json_response_and_validate_schema(403)
+               |> json_response_and_validate_schema(413)

      clear_config([:instance, :max_account_fields], 1)

@ -614,10 +650,10 @@ test "update fields when invalid request", %{conn: conn} do
        %{"name" => "link", "value" => "cofe.io"}
      ]

-      assert %{"error" => "Invalid request"} ==
+      assert %{"error" => "Too many field entries"} ==
               conn
               |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-               |> json_response_and_validate_schema(403)
+               |> json_response_and_validate_schema(413)
    end
  end
				`@ -0,0 +1 @@`
				`Show more informative errors when profile exceeds char limits`