From 60b9fa235bc7b49132245637aa88858bd9aadd6e Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Fri, 18 Oct 2019 11:21:31 +0200 Subject: [PATCH 1/2] Add some backend changes and validation for field length Closes #225 and #226 Signed-off-by: Thomas Citharel --- lib/mobilizon/events/event.ex | 13 +++ lib/mobilizon/events/tag.ex | 2 + lib/mobilizon/users/user.ex | 12 +-- ...move_sql_columns_from_var_char_to_text.exs | 81 +++++++++++++++++++ 4 files changed, 103 insertions(+), 5 deletions(-) create mode 100644 priv/repo/migrations/20191018075904_move_sql_columns_from_var_char_to_text.exs diff --git a/lib/mobilizon/events/event.ex b/lib/mobilizon/events/event.ex index 8ca0f501c..42c358074 100644 --- a/lib/mobilizon/events/event.ex +++ b/lib/mobilizon/events/event.ex @@ -125,6 +125,7 @@ defmodule Mobilizon.Events.Event do |> cast(attrs, @attrs) |> cast_embed(:options) |> validate_required(@required_attrs) + |> validate_lengths() end @doc false @@ -135,6 +136,18 @@ defmodule Mobilizon.Events.Event do |> cast_embed(:options) |> put_tags(attrs) |> validate_required(@update_required_attrs) + |> validate_lengths() + end + + @spec validate_lengths(Ecto.Changeset.t()) :: Ecto.Changeset.t() + defp validate_lengths(%Ecto.Changeset{} = changeset) do + changeset + |> validate_length(:title, min: 3, max: 200) + |> validate_length(:online_address, min: 3, max: 2000) + |> validate_length(:phone_address, min: 3, max: 200) + |> validate_length(:category, min: 2, max: 100) + # |> validate_length(:category, min: 2, max: 100) + |> validate_length(:slug, min: 3, max: 200) end @doc """ diff --git a/lib/mobilizon/events/tag.ex b/lib/mobilizon/events/tag.ex index 8ea6981f0..3a2488e1e 100644 --- a/lib/mobilizon/events/tag.ex +++ b/lib/mobilizon/events/tag.ex @@ -36,5 +36,7 @@ defmodule Mobilizon.Events.Tag do |> TitleSlug.maybe_generate_slug() |> validate_required(@required_attrs) |> TitleSlug.unique_constraint() + |> validate_length(:title, min: 2, max: 20) + |> validate_length(:slug, min: 2, max: 20) end end diff --git a/lib/mobilizon/users/user.ex b/lib/mobilizon/users/user.ex index be77498ab..84617f1fe 100644 --- a/lib/mobilizon/users/user.ex +++ b/lib/mobilizon/users/user.ex @@ -79,7 +79,7 @@ defmodule Mobilizon.Users.User do |> validate_required(@required_attrs) |> unique_constraint(:email, message: "This email is already used.") |> validate_email() - |> validate_length(:password, min: 6, max: 100, message: "The chosen password is too short.") + |> validate_length(:password, min: 6, max: 200, message: "The chosen password is too short.") if Map.has_key?(attrs, :default_actor) do put_assoc(changeset, :default_actor, attrs.default_actor) @@ -130,7 +130,7 @@ defmodule Mobilizon.Users.User do |> cast(attrs, required_attrs) |> validate_length(:password, min: 6, - max: 100, + max: 200, message: "registration.error.password_too_short" ) |> hash_password() @@ -154,7 +154,7 @@ defmodule Mobilizon.Users.User do end @spec save_confirmation_token(Ecto.Changeset.t()) :: Ecto.Changeset.t() - defp save_confirmation_token(changeset) do + defp save_confirmation_token(%Ecto.Changeset{} = changeset) do case changeset do %Ecto.Changeset{valid?: true, changes: %{email: _email}} -> now = DateTime.utc_now() @@ -169,7 +169,9 @@ defmodule Mobilizon.Users.User do end @spec validate_email(Ecto.Changeset.t()) :: Ecto.Changeset.t() - defp validate_email(changeset) do + defp validate_email(%Ecto.Changeset{} = changeset) do + changeset = validate_length(changeset, :email, min: 3, max: 250) + case changeset do %Ecto.Changeset{valid?: true, changes: %{email: email}} -> case EmailChecker.valid?(email) do @@ -186,7 +188,7 @@ defmodule Mobilizon.Users.User do end @spec hash_password(Ecto.Changeset.t()) :: Ecto.Changeset.t() - defp hash_password(changeset) do + defp hash_password(%Ecto.Changeset{} = changeset) do case changeset do %Ecto.Changeset{valid?: true, changes: %{password: password}} -> put_change(changeset, :password_hash, Argon2.hash_pwd_salt(password)) diff --git a/priv/repo/migrations/20191018075904_move_sql_columns_from_var_char_to_text.exs b/priv/repo/migrations/20191018075904_move_sql_columns_from_var_char_to_text.exs new file mode 100644 index 000000000..3ea8b99a8 --- /dev/null +++ b/priv/repo/migrations/20191018075904_move_sql_columns_from_var_char_to_text.exs @@ -0,0 +1,81 @@ +defmodule Mobilizon.Storage.Repo.Migrations.MoveSQLColumnsFromVarCharToText do + use Ecto.Migration + + def up do + alter table(:events) do + modify(:title, :text, null: false) + modify(:online_address, :text, null: true) + modify(:phone_address, :text, null: true) + modify(:category, :text, null: true) + modify(:slug, :text, null: true) + end + + alter table(:addresses) do + modify(:description, :text, null: true) + modify(:street, :text, null: true) + end + + alter table(:bots) do + modify(:source, :text, null: false) + end + + alter table(:report_notes) do + modify(:content, :text, null: false) + end + + alter table(:reports) do + modify(:content, :text, null: true) + end + + alter table(:sessions) do + modify(:title, :text, null: false) + modify(:subtitle, :text, null: true) + modify(:slides_url, :text, null: true) + modify(:videos_urls, :text, null: true) + modify(:audios_urls, :text, null: true) + end + + alter table(:tracks) do + modify(:name, :text, null: false) + end + end + + def down do + alter table(:events) do + modify(:title, :string, null: false) + modify(:online_address, :string, null: true) + modify(:phone_address, :string, null: true) + modify(:category, :string, null: true) + modify(:slug, :string, null: true) + end + + alter table(:addresses) do + modify(:description, :string, null: true) + modify(:street, :string, null: true) + end + + alter table(:bots) do + modify(:source, :string, null: false) + end + + alter table(:report_notes) do + modify(:content, :string, null: false) + end + + alter table(:reports) do + modify(:content, :string, null: true) + end + + alter table(:sessions) do + modify(:title, :string, null: false) + modify(:subtitle, :string, null: true) + modify(:slides_url, :string, null: true) + modify(:videos_urls, :string, null: true) + modify(:audios_urls, :string, null: true) + end + + alter table(:tracks) do + modify(:name, :string, null: false) + end + end +end From 477f885e04db7df6bdcb995b0cc67e5a3f7462c7 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Fri, 18 Oct 2019 11:29:40 +0200 Subject: [PATCH 2/2] Limite size and number of tags in input Closes #239 Signed-off-by: Thomas Citharel --- js/src/components/Event/TagInput.vue | 2 ++ 1 file changed, 2 insertions(+) diff --git a/js/src/components/Event/TagInput.vue b/js/src/components/Event/TagInput.vue index bf63f2272..076ac3066 100644 --- a/js/src/components/Event/TagInput.vue +++ b/js/src/components/Event/TagInput.vue @@ -39,6 +39,8 @@ export default { :allow-new="true" :field="path" icon="label" + maxlength="20" + maxtags="10" :placeholder="$t('Eg: Stockholm, Dance, Chess…')" @typing="getFilteredTags" >