Merge pull request #1847 from nextcloud/backport-1164-avatar-files-accesscontrol-fixes

[stable10] Avatar fixes for access-control app
This commit is contained in:
Roeland Jago Douma 2016-10-21 21:32:10 +02:00 committed by GitHub
commit 4db595181d
3 changed files with 68 additions and 10 deletions

View File

@ -30,6 +30,7 @@ namespace OC\Core\Controller;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\DataDisplayResponse;
use OCP\Files\NotFoundException;
use OCP\IAvatarManager;
@ -147,7 +148,7 @@ class AvatarController extends Controller {
* @NoAdminRequired
*
* @param string $path
* @return DataResponse
* @return DataResponse|JSONResponse
*/
public function postAvatar($path) {
$userId = $this->userSession->getUser()->getUID();
@ -172,7 +173,22 @@ class AvatarController extends Controller {
$headers
);
}
$content = $node->getContent();
if ($node->getMimeType() !== 'image/jpeg' && $node->getMimeType() !== 'image/png') {
return new JSONResponse(
['data' => ['message' => $this->l->t('The selected file is not an image.')]],
Http::STATUS_BAD_REQUEST
);
}
try {
$content = $node->getContent();
} catch (\OCP\Files\NotPermittedException $e) {
return new JSONResponse(
['data' => ['message' => $this->l->t('The selected file cannot be read.')]],
Http::STATUS_BAD_REQUEST
);
}
} elseif (!is_null($files)) {
if (
$files['error'][0] === 0 &&

View File

@ -286,8 +286,8 @@ $(document).ready(function () {
msg = data.jqXHR.responseJSON.data.message;
}
avatarResponseHandler({
data: {
message: t('settings', 'An error occurred: {message}', { message: msg })
data: {
message: msg
}
});
}
@ -304,7 +304,7 @@ $(document).ready(function () {
url: OC.generateUrl('/avatar/'),
data: { path: path }
}).done(avatarResponseHandler)
.fail(function(jqXHR, status){
.fail(function(jqXHR) {
var msg = jqXHR.statusText + ' (' + jqXHR.status + ')';
if (!_.isUndefined(jqXHR.responseJSON) &&
!_.isUndefined(jqXHR.responseJSON.data) &&
@ -314,7 +314,7 @@ $(document).ready(function () {
}
avatarResponseHandler({
data: {
message: t('settings', 'An error occurred: {message}', { message: msg })
message: msg
}
});
});

View File

@ -36,9 +36,9 @@ use OCP\AppFramework\IAppContainer;
use OCP\AppFramework\Http;
use OCP\Files\File;
use OCP\Files\NotFoundException;
use OCP\IUser;
use OCP\Files\NotPermittedException;
use OCP\IAvatar;
use Punic\Exception;
use OCP\IUser;
use Test\Traits\UserTrait;
/**
@ -314,7 +314,13 @@ class AvatarControllerTest extends \Test\TestCase {
//Mock node API call
$file = $this->getMockBuilder('OCP\Files\File')
->disableOriginalConstructor()->getMock();
$file->method('getContent')->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
$file->expects($this->once())
->method('getContent')
->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
$file->expects($this->once())
->method('getMimeType')
->willReturn('image/jpeg');
$this->container['UserFolder']->method('get')->willReturn($file);
//Create request return
@ -341,6 +347,36 @@ class AvatarControllerTest extends \Test\TestCase {
$this->assertEquals(['data' => ['message' => 'Please select a file.']], $response->getData());
}
public function testPostAvatarInvalidType() {
$file = $this->getMockBuilder('OCP\Files\File')
->disableOriginalConstructor()->getMock();
$file->expects($this->never())
->method('getContent');
$file->expects($this->exactly(2))
->method('getMimeType')
->willReturn('text/plain');
$this->container['UserFolder']->method('get')->willReturn($file);
$expectedResponse = new Http\JSONResponse(['data' => ['message' => 'The selected file is not an image.']], Http::STATUS_BAD_REQUEST);
$this->assertEquals($expectedResponse, $this->avatarController->postAvatar('avatar.jpg'));
}
public function testPostAvatarNotPermittedException() {
$file = $this->getMockBuilder('OCP\Files\File')
->disableOriginalConstructor()->getMock();
$file->expects($this->once())
->method('getContent')
->willThrowException(new NotPermittedException());
$file->expects($this->once())
->method('getMimeType')
->willReturn('image/jpeg');
$userFolder = $this->getMockBuilder('OCP\Files\Folder')->getMock();
$this->container['UserFolder']->method('get')->willReturn($file);
$expectedResponse = new Http\JSONResponse(['data' => ['message' => 'The selected file cannot be read.']], Http::STATUS_BAD_REQUEST);
$this->assertEquals($expectedResponse, $this->avatarController->postAvatar('avatar.jpg'));
}
/**
* Test what happens if the upload of the avatar fails
*/
@ -350,7 +386,13 @@ class AvatarControllerTest extends \Test\TestCase {
->will($this->throwException(new \Exception("foo")));
$file = $this->getMockBuilder('OCP\Files\File')
->disableOriginalConstructor()->getMock();
$file->method('getContent')->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
$file->expects($this->once())
->method('getContent')
->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
$file->expects($this->once())
->method('getMimeType')
->willReturn('image/jpeg');
$this->container['UserFolder']->method('get')->willReturn($file);
$this->container['Logger']->expects($this->once())