Disallow funny business on timezone entry (#3662)

* Disallow funny business on timezone entry

* Add external API test
This commit is contained in:
hq1 2024-01-02 14:38:02 +01:00 committed by GitHub
parent 7efa253e3f
commit 21bbd3835a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 0 deletions

View File

@ -68,6 +68,7 @@ defmodule Plausible.Site do
|> cast(attrs, [:domain, :timezone])
|> clean_domain()
|> validate_required([:domain, :timezone])
|> validate_timezone()
|> validate_domain_format()
|> validate_domain_reserved_characters()
|> unique_constraint(:domain,
@ -265,4 +266,14 @@ defmodule Plausible.Site do
changeset
end
end
defp validate_timezone(changeset) do
tz = get_field(changeset, :timezone)
if Timex.is_valid_timezone?(tz) do
changeset
else
add_error(changeset, :timezone, "is invalid")
end
end
end

View File

@ -12,6 +12,15 @@ defmodule Plausible.SitesTest do
assert {:ok, %{site: %{domain: "example.com", timezone: "Europe/London"}}} =
Sites.create(user, params)
end
test "fails on invalid timezone" do
user = insert(:user)
params = %{"domain" => "example.com", "timezone" => "blah"}
assert {:error, :site, %{errors: [timezone: {"is invalid", []}]}, %{}} =
Sites.create(user, params)
end
end
describe "is_member?" do

View File

@ -26,6 +26,18 @@ defmodule PlausibleWeb.Api.ExternalSitesControllerTest do
}
end
test "timezone is validated", %{conn: conn} do
conn =
post(conn, "/api/v1/sites", %{
"domain" => "some-site.domain",
"timezone" => "d"
})
assert json_response(conn, 400) == %{
"error" => "timezone: is invalid"
}
end
test "timezone defaults to Etc/UTC", %{conn: conn} do
conn =
post(conn, "/api/v1/sites", %{