add max length validations for summary in challenge create and update… (#14053)

* add max length validations for summary in challenge create and update controllers

* Add validation to group APIs

* fix lint errors

* add validation to group plan

* fix imports

* add tests

* add max length validations for summary in challenge create and update controllers

* Add validation to group APIs

* fix lint errors

* add validation to group plan

* fix imports

* add tests

* lint checks

test/api/v3/integration/challenges/POST-challenges.test.js

@@ -4,6 +4,7 @@ import {
   createAndPopulateGroup,
   translate as t,
 } from '../../../../helpers/api-integration/v3';
+import { MAX_SUMMARY_SIZE_FOR_CHALLENGES } from '../../../../../website/common/script/constants';
 
 describe('POST /challenges', () => {
   it('returns error when group is empty', async () => {
@@ -60,6 +61,22 @@ describe('POST /challenges', () => {
     });
   });
 
+  it('return error when creating a challenge with summary with greater than MAX_SUMMARY_SIZE_FOR_CHALLENGES characters', async () => {
+    const user = await generateUser();
+    const summary = 'A'.repeat(MAX_SUMMARY_SIZE_FOR_CHALLENGES + 1);
+    const group = createAndPopulateGroup({
+      members: 1,
+    });
+    await expect(user.post('/challenges', {
+      group: group._id,
+      summary,
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
   context('Creating a challenge for a valid group', () => {
     let groupLeader;
     let group;

test/api/v3/integration/challenges/PUT-challenges_challengeId.test.js

@@ -4,6 +4,7 @@ import {
   createAndPopulateGroup,
   translate as t,
 } from '../../../../helpers/api-integration/v3';
+import { MAX_SUMMARY_SIZE_FOR_CHALLENGES } from '../../../../../website/common/script/constants';
 
 describe('PUT /challenges/:challengeId', () => {
   let privateGuild; let user; let nonMember; let challenge; let
@@ -91,4 +92,15 @@ describe('PUT /challenges/:challengeId', () => {
     expect(res.name).to.equal('New Challenge Name');
     expect(res.description).to.equal('New challenge description.');
   });
+
+  it('return error when challenge summary is greater than MAX_SUMMARY_SIZE_FOR_CHALLENGES characters', async () => {
+    const summary = 'A'.repeat(MAX_SUMMARY_SIZE_FOR_CHALLENGES + 1);
+    await expect(user.put(`/challenges/${challenge._id}`, {
+      summary,
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
 });

test/api/v3/integration/groups/POST-groups.test.js

@@ -3,6 +3,7 @@ import {
   translate as t,
 } from '../../../../helpers/api-integration/v3';
 import { model as Group } from '../../../../../website/server/models/group';
+import { MAX_SUMMARY_SIZE_FOR_GUILDS } from '../../../../../website/common/script/constants';
 
 describe('POST /group', () => {
   let user;
@@ -71,6 +72,20 @@ describe('POST /group', () => {
 
       expect(updatedGroup.summary).to.eql(summary);
     });
+
+    it('returns error when summary is longer than MAX_SUMMARY_SIZE_FOR_GUILDS characters', async () => {
+      const name = 'Test Group';
+      const summary = 'A'.repeat(MAX_SUMMARY_SIZE_FOR_GUILDS + 1);
+      await expect(user.post('/groups', {
+        name,
+        type: 'guild',
+        summary,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('invalidReqParams'),
+      });
+    });
   });
 
   context('Guilds', () => {

test/api/v3/integration/groups/PUT-groups.test.js

@@ -3,6 +3,7 @@ import {
   generateUser,
   translate as t,
 } from '../../../../helpers/api-integration/v3';
+import { MAX_SUMMARY_SIZE_FOR_GUILDS } from '../../../../../website/common/script/constants';
 
 describe('PUT /group', () => {
   let leader; let nonLeader; let groupToUpdate; let
@@ -130,4 +131,15 @@ describe('PUT /group', () => {
 
     expect(response.bannedWordsAllowed).to.eql(undefined);
   });
+
+  it('returns error when summary is longer than MAX_SUMMARY_SIZE_FOR_GUILDS characters', async () => {
+    const summary = 'A'.repeat(MAX_SUMMARY_SIZE_FOR_GUILDS + 1);
+    await expect(leader.put(`/groups/${groupToUpdate._id}`, {
+      summary,
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
 });

website/common/script/errors/apiErrorMessages.js

@@ -39,4 +39,5 @@ export default {
   directionUpDown: '"direction" is required and must be "up" or "down".',
   invalidTaskIdentifier: 'A task is identified by its UUID or alias.',
   invalidTaskScorings: 'This API route expects a body in the form of [{id, direction}].',
+  summaryLengthExceedsMax: 'Summary length is too high.',
 };

website/server/controllers/api-v3/challenges.js

@@ -30,6 +30,10 @@ import {
 } from '../../libs/challenges';
 import apiError from '../../libs/apiError';
 
+import common from '../../../common';
+
+const { MAX_SUMMARY_SIZE_FOR_CHALLENGES } = common.constants;
+
 const api = {};
 
 /**
@@ -200,6 +204,7 @@ api.createChallenge = {
     const { user } = res.locals;
 
     req.checkBody('group', apiError('groupIdRequired')).notEmpty();
+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_CHALLENGES });
 
     const validationErrors = req.validationErrors();
     if (validationErrors) throw validationErrors;
@@ -707,6 +712,7 @@ api.updateChallenge = {
   middlewares: [authWithHeaders()],
   async handler (req, res) {
     req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_CHALLENGES });
 
     const validationErrors = req.validationErrors();
     if (validationErrors) throw validationErrors;

website/server/controllers/api-v3/groups.js

@@ -28,6 +28,7 @@ import amzLib from '../../libs/payments/amazon';
 import apiError from '../../libs/apiError';
 import { model as UserNotification } from '../../models/userNotification';
 
+const { MAX_SUMMARY_SIZE_FOR_GUILDS } = common.constants;
 const MAX_EMAIL_INVITES_BY_USER = 200;
 const TECH_ASSISTANCE_EMAIL = nconf.get('EMAILS_TECH_ASSISTANCE_EMAIL');
 
@@ -118,6 +119,11 @@ api.createGroup = {
     const group = new Group(Group.sanitize(req.body));
     group.leader = user._id;
 
+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_GUILDS });
+
+    const validationErrors = req.validationErrors();
+    if (validationErrors) throw validationErrors;
+
     if (group.type === 'guild') {
       if (group.privacy === 'public' && user.flags.chatRevoked) throw new NotAuthorized(res.t('chatPrivilegesRevoked'));
       if (user.balance < 1) throw new NotAuthorized(res.t('messageInsufficientGems'));
@@ -191,7 +197,7 @@ api.createGroupPlan = {
     const group = new Group(Group.sanitize(req.body.groupToCreate));
 
     req.checkBody('paymentType', res.t('paymentTypeRequired')).notEmpty();
-
+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_GUILDS });
     const validationErrors = req.validationErrors();
     if (validationErrors) throw validationErrors;
 
@@ -462,6 +468,7 @@ api.updateGroup = {
     const { user } = res.locals;
 
     req.checkParams('groupId', apiError('groupIdRequired')).notEmpty();
+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_GUILDS });
 
     const validationErrors = req.validationErrors();
     if (validationErrors) throw validationErrors;