aboutsummaryrefslogtreecommitdiff
path: root/juick-www
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2017-11-01 01:57:08 +0300
committerGravatar Vitaly Takmazov2017-11-01 01:57:08 +0300
commit3e87cc6a73fbfc165f81d5f7a3d7d1f76e7feb9a (patch)
tree68023133cec4261e38fa9ed56d26626553847e21 /juick-www
parent20e19b4242f888aafe3c55f9dabe3af46728cbab (diff)
www: /post should not throw if img or attach is present
Diffstat (limited to 'juick-www')
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java2
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/Messages.java15
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/NewMessage.java16
-rw-r--r--juick-www/src/main/static/scripts.js4
-rw-r--r--juick-www/src/test/java/com/juick/www/WebAppTests.java62
5 files changed, 77 insertions, 22 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 3dc7bc76..231c6e2e 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -72,7 +72,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
- .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter").authenticated()
+ .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/comment").authenticated()
.anyRequest().permitAll()
.and()
.anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Messages.java b/juick-www/src/main/java/com/juick/www/controllers/Messages.java
index 7c96705f..75e81b94 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Messages.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Messages.java
@@ -542,8 +542,16 @@ public class Messages {
headers += "<meta name=\"robots\" content=\"noindex\"/>";
}
String cardType = StringUtils.isNotEmpty(msg.getAttachmentType()) ? "summary_large_image" : "summary";
- String msgImage = StringUtils.isNotEmpty(msg.getAttachmentType()) ? msg.getAttachment().getMedium().getUrl()
- : "https://i.juick.com/a/" + msg.getUser().getUid() + ".png";
+ if (StringUtils.isNotEmpty(msg.getAttachmentType())) {
+ // additional check in case of broken images
+ if (msg.getAttachment() != null) {
+ String msgImage = msg.getAttachment().getMedium().getUrl();
+ headers += "<meta property=\"og:image\" content=\"" + msgImage + "\" />";
+ }
+ } else {
+ String msgImage ="https://i.juick.com/a/" + msg.getUser().getUid() + ".png";
+ headers += "<meta property=\"og:image\" content=\"" + msgImage + "\" />";
+ }
model.addAttribute("ogtype", "article");
String cardDescription = StringEscapeUtils.escapeHtml4(PlainTextFormatter.formatTwitterCard(msg));
headers += "<meta name=\"twitter:card\" content=\"" + cardType + "\" />\n" +
@@ -551,8 +559,7 @@ public class Messages {
"<meta property=\"og:url\" content=\"" + pageUrl + "\" />\n" +
"<meta property=\"og:title\" content=\"" + msg.getUser().getName() + " at Juick\" />\n" +
"<meta property=\"og:description\" content=\"" + cardDescription + "\" />\n" +
- "<meta name=\"Description\" content=\"" + cardDescription + "\" />\n" +
- "<meta property=\"og:image\" content=\"" + msgImage + "\" />";
+ "<meta name=\"Description\" content=\"" + cardDescription + "\" />\n";
String twitterName = crosspostService.getTwitterName(msg.getUser().getUid());
if (StringUtils.isNotEmpty(twitterName)) {
headers += "<meta name=\"twitter:creator\" content=\"@" + twitterName + "\" />\n";
diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
index 2de6a2ad..2b411523 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
@@ -91,14 +91,11 @@ public class NewMessage {
@PostMapping("/post")
public String postResult(@RequestParam(required = false) String img,
- @RequestParam String body,
+ @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
@RequestParam(required = false, name = "tags") String tagsStr,
@RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
- if (visitor.getUid() == 0) {
- throw new HttpForbiddenException();
- }
- if (body == null || body.length() < 1 || body.length() > 4096) {
+ if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) {
throw new HttpBadRequestException();
}
body = body.replace("\r", StringUtils.EMPTY);
@@ -107,7 +104,7 @@ public class NewMessage {
String attachmentFName = HttpUtils.receiveMultiPartFile(attach, webApp.getTmpDir());
- if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) {
+ if (StringUtils.isBlank(attachmentFName) && StringUtils.isNotBlank(img)) {
try {
URL imgUrl = new URL(img);
attachmentFName = HttpUtils.downloadImage(imgUrl, webApp.getTmpDir());
@@ -200,13 +197,10 @@ public class NewMessage {
public String doPostComment(
@RequestParam(required = false, defaultValue = "0") Integer mid,
@RequestParam(required = false, defaultValue = "0") Integer rid,
- @RequestParam String body,
+ @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
@RequestParam(required = false) String img,
@RequestParam(required = false) MultipartFile attach) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
- if (visitor.getUid() == 0) {
- throw new HttpForbiddenException();
- }
if (mid == 0) {
throw new HttpBadRequestException();
}
@@ -223,7 +217,7 @@ public class NewMessage {
}
}
- if (body.length() < 1 || body.length() > 4096) {
+ if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img)) {
throw new HttpBadRequestException();
}
body = body.replace("\r", StringUtils.EMPTY);
diff --git a/juick-www/src/main/static/scripts.js b/juick-www/src/main/static/scripts.js
index 7dc24dd2..e33d1929 100644
--- a/juick-www/src/main/static/scripts.js
+++ b/juick-www/src/main/static/scripts.js
@@ -292,7 +292,9 @@ function newMessage(evt) {
document.querySelectorAll('#newmessage .dialogtxt').forEach(t => {
t.remove();
});
- if (document.querySelector('#newmessage textarea').value.length == 0) {
+ if (document.querySelector('#newmessage textarea').value.length == 0
+ && document.querySelector('#newmessage .img').value.length == 0
+ && !document.querySelector('#newmessage input[type="file"]')) {
document.querySelector('#newmessage').insertAdjacentHTML('afterbegin', `<p class="dialogtxt">${i18n('postForm.pleaseInputMessageText')}</p>`);
evt.preventDefault();
}
diff --git a/juick-www/src/test/java/com/juick/www/WebAppTests.java b/juick-www/src/test/java/com/juick/www/WebAppTests.java
index 73750cb7..48f465aa 100644
--- a/juick-www/src/test/java/com/juick/www/WebAppTests.java
+++ b/juick-www/src/test/java/com/juick/www/WebAppTests.java
@@ -32,6 +32,7 @@ import com.juick.service.MockImagesService;
import com.juick.service.UserService;
import com.juick.util.MessageUtils;
import com.juick.www.configuration.SapeConfiguration;
+import com.juick.www.configuration.WebSecurityConfig;
import com.juick.www.configuration.WwwAppConfiguration;
import com.juick.www.configuration.WwwServletConfiguration;
import com.mitchellbosecke.pebble.PebbleEngine;
@@ -44,15 +45,20 @@ import org.junit.runner.RunWith;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.ClassPathResource;
import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.mock.web.MockMultipartFile;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.htmlunit.MockMvcWebClientBuilder;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import javax.inject.Inject;
+import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.io.Writer;
@@ -63,6 +69,11 @@ import java.util.stream.StreamSupport;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.startsWith;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.multipart;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
/**
* Created by vitalyster on 12.01.2017.
@@ -71,11 +82,10 @@ import static org.hamcrest.Matchers.startsWith;
@WebAppConfiguration
@ContextConfiguration(classes = {
WwwServletConfiguration.class, WwwAppConfiguration.class, SapeConfiguration.class,
- RepositoryConfiguration.class
+ RepositoryConfiguration.class, WebSecurityConfig.class
})
public class WebAppTests {
@Configuration
- @EnableWebMvc
@ComponentScan(basePackages = "com.juick.www.controllers")
static class Config {
@Bean
@@ -89,6 +99,7 @@ public class WebAppTests {
@Inject
private WebApp webApp;
+ private static MockMvc mockMvc;
private static WebClient webClient;
@Inject
@@ -109,7 +120,10 @@ public class WebAppTests {
@Before
public void setup() {
if (!isSetUp) {
- webClient = MockMvcWebClientBuilder.webAppContextSetup(this.wac).build();
+ mockMvc = MockMvcBuilders.webAppContextSetup(wac)
+ .apply(springSecurity())
+ .build();
+ webClient = MockMvcWebClientBuilder.mockMvcSetup(mockMvc).build();
webClient.getOptions().setJavaScriptEnabled(false);
webClient.getOptions().setCssEnabled(false);
webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
@@ -196,6 +210,44 @@ public class WebAppTests {
assertThat(fetchMeta(String.format("http://localhost:8080/ugnich/%d", mid2), "og:description")
.getAttribute("content"),
startsWith(StringEscapeUtils.escapeHtml4(MessageUtils.getMessageHashTags(message))));
-
+ }
+ @Test
+ public void postMessageTests() throws Exception {
+ mockMvc.perform(post("/post").param("body", "yo")).andExpect(redirectedUrl("http://localhost/login"));
+ MvcResult loginResult = mockMvc.perform(post("/login")
+ .param("username", ugnichName)
+ .param("password", ugnichPassword)).andReturn();
+ mockMvc.perform(post("/post")
+ .cookie(loginResult.getResponse().getCookies())
+ .param("wrong_param", "yo")).andExpect(status().isBadRequest());
+ mockMvc.perform(post("/post")
+ .cookie(loginResult.getResponse().getCookies())
+ .param("body", "yo")).andExpect(status().isOk());
+ mockMvc.perform(post("/post")
+ .cookie(loginResult.getResponse().getCookies())
+ .param("img", "http://static.juick.com/settings/facebook.png")).andExpect(status().isOk());
+ mockMvc.perform(post("/post")
+ .cookie(loginResult.getResponse().getCookies())
+ .param("img", "bad_url")).andExpect(status().isBadRequest());
+ FileInputStream fi = new FileInputStream(new ClassPathResource("tagscloud.png").getFile());
+ MockMultipartFile file = new MockMultipartFile("attach", fi);
+ mockMvc.perform(multipart("/post")
+ .file(file)
+ .cookie(loginResult.getResponse().getCookies())).andExpect(status().isOk());
+ int mid = messagesService.createMessage(ugnich.getUid(), "dummy message", null, null);
+ mockMvc.perform(post("/comment")
+ .param("mid", String.valueOf(mid))
+ .param("body", "yo")).andExpect(redirectedUrl("http://localhost/login"));
+ mockMvc.perform(post("/comment")
+ .cookie(loginResult.getResponse().getCookies())
+ .param("wrong_param", "yo")).andExpect(status().isBadRequest());
+ mockMvc.perform(post("/comment")
+ .cookie(loginResult.getResponse().getCookies())
+ .param("mid", String.valueOf(mid))
+ .param("wrong_param", "yo")).andExpect(status().isBadRequest());
+ mockMvc.perform(post("/comment")
+ .cookie(loginResult.getResponse().getCookies())
+ .param("mid", String.valueOf(mid))
+ .param("body", "yo")).andExpect(redirectedUrl(String.format("/%s/%d#%d", ugnichName, mid, 1)));
}
}