From 03c4d82b7dff5fe9fe510ce619eaab5a04600fe9 Mon Sep 17 00:00:00 2001
From: Travis <thusman13@gmail.com>
Date: Tue, 3 Jan 2017 08:15:31 -0600
Subject: [PATCH] fix: prevents blank messages from being posted to chat
 (#8257)

* fix: throws an error when the server receives a post chat request with a message containing only whitespace.

* Adding a test confirming behavior around messages that only contain newlines.

* Removing accidental only that was left on a test
---
 test/api/v3/integration/chat/POST-chat.test.js | 18 ++++++++++++++++++
 website/server/controllers/api-v3/chat.js      |  1 +
 2 files changed, 19 insertions(+)

diff --git a/test/api/v3/integration/chat/POST-chat.test.js b/test/api/v3/integration/chat/POST-chat.test.js
index 4a980cc662..927d54bd94 100644
--- a/test/api/v3/integration/chat/POST-chat.test.js
+++ b/test/api/v3/integration/chat/POST-chat.test.js
@@ -35,6 +35,24 @@ describe('POST /chat', () => {
       });
   });
 
+  it('Returns an error when an empty message is provided', async () => {
+    await expect(user.post(`/groups/${groupWithChat._id}/chat`, { message: '    '}))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('invalidReqParams'),
+      });
+  });
+
+  it('Returns an error when an message containing only newlines is provided', async () => {
+    await expect(user.post(`/groups/${groupWithChat._id}/chat`, { message: '\n\n'}))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('invalidReqParams'),
+      });
+  });
+
   it('Returns an error when group is not found', async () => {
     await expect(user.post('/groups/invalidID/chat', { message: testMessage})).to.eventually.be.rejected.and.eql({
       code: 404,
diff --git a/website/server/controllers/api-v3/chat.js b/website/server/controllers/api-v3/chat.js
index 6825850776..48d58a2b15 100644
--- a/website/server/controllers/api-v3/chat.js
+++ b/website/server/controllers/api-v3/chat.js
@@ -93,6 +93,7 @@ api.postChat = {
     let chatUpdated;
 
     req.checkParams('groupId', res.t('groupIdRequired')).notEmpty();
+    req.sanitize('message').trim();
     req.checkBody('message', res.t('messageGroupChatBlankMessage')).notEmpty();
 
     let validationErrors = req.validationErrors();