Fix error when invalid domain name is submitted (#19474)

Fix #19175
2022-11-14 08:07:14 +01:00 · 2022-11-14 08:07:14 +01:00 · 552d69ad96
commit 552d69ad96
parent 523e106cbf
2 changed files with 30 additions and 16 deletions
--- a/app/models/concerns/domain_normalizable.rb
+++ b/app/models/concerns/domain_normalizable.rb
@ -11,5 +11,7 @@ module DomainNormalizable

  def normalize_domain
    self.domain = TagManager.instance.normalize_domain(domain&.strip)
+  rescue Addressable::URI::InvalidURIError
+    errors.add(:domain, :invalid)
  end
 end
--- a/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb
+++ b/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb
@ -94,25 +94,37 @@ RSpec.describe Api::V1::Admin::DomainAllowsController, type: :controller do
  describe 'POST #create' do
    let!(:domain_allow) { Fabricate(:domain_allow, domain: 'example.com') }

-    before do
-      post :create, params: { domain: 'foo.bar.com' }
+    context do
+      before do
+        post :create, params: { domain: 'foo.bar.com' }
+      end
+
+      it_behaves_like 'forbidden for wrong scope', 'write:statuses'
+      it_behaves_like 'forbidden for wrong role', ''
+      it_behaves_like 'forbidden for wrong role', 'Moderator'
+
+      it 'returns http success' do
+        expect(response).to have_http_status(200)
+      end
+
+      it 'returns expected domain name' do
+        json = body_as_json
+        expect(json[:domain]).to eq 'foo.bar.com'
+      end
+
+      it 'creates a domain block' do
+        expect(DomainAllow.find_by(domain: 'foo.bar.com')).to_not be_nil
+      end
    end

-    it_behaves_like 'forbidden for wrong scope', 'write:statuses'
-    it_behaves_like 'forbidden for wrong role', ''
-    it_behaves_like 'forbidden for wrong role', 'Moderator'
+    context 'with invalid domain name' do
+      before do
+        post :create, params: { domain: 'foo bar' }
+      end

-    it 'returns http success' do
-      expect(response).to have_http_status(200)
-    end
-
-    it 'returns expected domain name' do
-      json = body_as_json
-      expect(json[:domain]).to eq 'foo.bar.com'
-    end
-
-    it 'creates a domain block' do
-      expect(DomainAllow.find_by(domain: 'foo.bar.com')).to_not be_nil
+      it 'returns http unprocessable entity' do
+        expect(response).to have_http_status(422)
+      end
    end
  end
 end