Merge pull request #1847 from nextcloud/backport-1164-avatar-files-accesscontrol-fixes
[stable10] Avatar fixes for access-control app
This commit is contained in:
commit
4db595181d
|
@ -30,6 +30,7 @@ namespace OC\Core\Controller;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\Http\DataDisplayResponse;
|
||||
use OCP\Files\NotFoundException;
|
||||
use OCP\IAvatarManager;
|
||||
|
@ -147,7 +148,7 @@ class AvatarController extends Controller {
|
|||
* @NoAdminRequired
|
||||
*
|
||||
* @param string $path
|
||||
* @return DataResponse
|
||||
* @return DataResponse|JSONResponse
|
||||
*/
|
||||
public function postAvatar($path) {
|
||||
$userId = $this->userSession->getUser()->getUID();
|
||||
|
@ -172,7 +173,22 @@ class AvatarController extends Controller {
|
|||
$headers
|
||||
);
|
||||
}
|
||||
$content = $node->getContent();
|
||||
|
||||
if ($node->getMimeType() !== 'image/jpeg' && $node->getMimeType() !== 'image/png') {
|
||||
return new JSONResponse(
|
||||
['data' => ['message' => $this->l->t('The selected file is not an image.')]],
|
||||
Http::STATUS_BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
$content = $node->getContent();
|
||||
} catch (\OCP\Files\NotPermittedException $e) {
|
||||
return new JSONResponse(
|
||||
['data' => ['message' => $this->l->t('The selected file cannot be read.')]],
|
||||
Http::STATUS_BAD_REQUEST
|
||||
);
|
||||
}
|
||||
} elseif (!is_null($files)) {
|
||||
if (
|
||||
$files['error'][0] === 0 &&
|
||||
|
|
|
@ -286,8 +286,8 @@ $(document).ready(function () {
|
|||
msg = data.jqXHR.responseJSON.data.message;
|
||||
}
|
||||
avatarResponseHandler({
|
||||
data: {
|
||||
message: t('settings', 'An error occurred: {message}', { message: msg })
|
||||
data: {
|
||||
message: msg
|
||||
}
|
||||
});
|
||||
}
|
||||
|
@ -304,7 +304,7 @@ $(document).ready(function () {
|
|||
url: OC.generateUrl('/avatar/'),
|
||||
data: { path: path }
|
||||
}).done(avatarResponseHandler)
|
||||
.fail(function(jqXHR, status){
|
||||
.fail(function(jqXHR) {
|
||||
var msg = jqXHR.statusText + ' (' + jqXHR.status + ')';
|
||||
if (!_.isUndefined(jqXHR.responseJSON) &&
|
||||
!_.isUndefined(jqXHR.responseJSON.data) &&
|
||||
|
@ -314,7 +314,7 @@ $(document).ready(function () {
|
|||
}
|
||||
avatarResponseHandler({
|
||||
data: {
|
||||
message: t('settings', 'An error occurred: {message}', { message: msg })
|
||||
message: msg
|
||||
}
|
||||
});
|
||||
});
|
||||
|
|
|
@ -36,9 +36,9 @@ use OCP\AppFramework\IAppContainer;
|
|||
use OCP\AppFramework\Http;
|
||||
use OCP\Files\File;
|
||||
use OCP\Files\NotFoundException;
|
||||
use OCP\IUser;
|
||||
use OCP\Files\NotPermittedException;
|
||||
use OCP\IAvatar;
|
||||
use Punic\Exception;
|
||||
use OCP\IUser;
|
||||
use Test\Traits\UserTrait;
|
||||
|
||||
/**
|
||||
|
@ -314,7 +314,13 @@ class AvatarControllerTest extends \Test\TestCase {
|
|||
//Mock node API call
|
||||
$file = $this->getMockBuilder('OCP\Files\File')
|
||||
->disableOriginalConstructor()->getMock();
|
||||
$file->method('getContent')->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
|
||||
|
||||
$file->expects($this->once())
|
||||
->method('getContent')
|
||||
->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
|
||||
$file->expects($this->once())
|
||||
->method('getMimeType')
|
||||
->willReturn('image/jpeg');
|
||||
$this->container['UserFolder']->method('get')->willReturn($file);
|
||||
|
||||
//Create request return
|
||||
|
@ -341,6 +347,36 @@ class AvatarControllerTest extends \Test\TestCase {
|
|||
$this->assertEquals(['data' => ['message' => 'Please select a file.']], $response->getData());
|
||||
}
|
||||
|
||||
public function testPostAvatarInvalidType() {
|
||||
$file = $this->getMockBuilder('OCP\Files\File')
|
||||
->disableOriginalConstructor()->getMock();
|
||||
$file->expects($this->never())
|
||||
->method('getContent');
|
||||
$file->expects($this->exactly(2))
|
||||
->method('getMimeType')
|
||||
->willReturn('text/plain');
|
||||
$this->container['UserFolder']->method('get')->willReturn($file);
|
||||
|
||||
$expectedResponse = new Http\JSONResponse(['data' => ['message' => 'The selected file is not an image.']], Http::STATUS_BAD_REQUEST);
|
||||
$this->assertEquals($expectedResponse, $this->avatarController->postAvatar('avatar.jpg'));
|
||||
}
|
||||
|
||||
public function testPostAvatarNotPermittedException() {
|
||||
$file = $this->getMockBuilder('OCP\Files\File')
|
||||
->disableOriginalConstructor()->getMock();
|
||||
$file->expects($this->once())
|
||||
->method('getContent')
|
||||
->willThrowException(new NotPermittedException());
|
||||
$file->expects($this->once())
|
||||
->method('getMimeType')
|
||||
->willReturn('image/jpeg');
|
||||
$userFolder = $this->getMockBuilder('OCP\Files\Folder')->getMock();
|
||||
$this->container['UserFolder']->method('get')->willReturn($file);
|
||||
|
||||
$expectedResponse = new Http\JSONResponse(['data' => ['message' => 'The selected file cannot be read.']], Http::STATUS_BAD_REQUEST);
|
||||
$this->assertEquals($expectedResponse, $this->avatarController->postAvatar('avatar.jpg'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test what happens if the upload of the avatar fails
|
||||
*/
|
||||
|
@ -350,7 +386,13 @@ class AvatarControllerTest extends \Test\TestCase {
|
|||
->will($this->throwException(new \Exception("foo")));
|
||||
$file = $this->getMockBuilder('OCP\Files\File')
|
||||
->disableOriginalConstructor()->getMock();
|
||||
$file->method('getContent')->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
|
||||
|
||||
$file->expects($this->once())
|
||||
->method('getContent')
|
||||
->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
|
||||
$file->expects($this->once())
|
||||
->method('getMimeType')
|
||||
->willReturn('image/jpeg');
|
||||
$this->container['UserFolder']->method('get')->willReturn($file);
|
||||
|
||||
$this->container['Logger']->expects($this->once())
|
||||
|
|
Loading…
Reference in New Issue