discourse/plugins/chat/spec/models/chat_draft_spec.rb
Joffrey JAFFEUX a02af9e6db SECURITY: Limit chat drafts length and preloaded count
Only allow maximum of `50_000` characters for chat drafts. A hidden `max_chat_draft_length` setting can control this limit. A migration is also provided to delete any abusive draft in the database.

The number of drafts loaded on current user has also been limited and ordered by most recent update.

Note that spec files moved are not directly related to the fix.
2023-01-25 13:52:49 +02:00

19 lines
565 B
Ruby

# frozen_string_literal: true
RSpec.describe ChatDraft do
before { SiteSetting.max_chat_draft_length = 100 }
it "errors when data.value is greater than `max_chat_draft_length`" do
draft =
described_class.create(
user_id: Fabricate(:user).id,
chat_channel_id: Fabricate(:chat_channel).id,
data: { value: "A" * (SiteSetting.max_chat_draft_length + 1) }.to_json,
)
expect(draft.errors.full_messages).to eq(
[I18n.t("chat.errors.draft_too_long", { maximum: SiteSetting.max_chat_draft_length })],
)
end
end