From d6b31133047188b275d6b0232abdfeea66ed8688 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 10 Sep 2016 09:43:45 +0200 Subject: [PATCH] Validates local username, max sizes for uploads. Fixes #32 --- app/models/account.rb | 6 ++++-- app/models/media_attachment.rb | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/app/models/account.rb b/app/models/account.rb index 2643454721..8792b90ea7 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -3,16 +3,18 @@ class Account < ApplicationRecord # Local users has_one :user, inverse_of: :account - validates :username, presence: true, uniqueness: { scope: :domain, case_sensitive: false }, if: 'local?' - validates :username, presence: true, uniqueness: { scope: :domain, case_sensitive: true }, unless: 'local?' + validates :username, presence: true, format: { with: /\A[a-z0-9_]+\z/i, message: 'only letters, numbers and underscores' }, uniqueness: { scope: :domain, case_sensitive: false }, if: 'local?' + validates :username, presence: true, uniqueness: { scope: :domain, case_sensitive: true }, unless: 'local?' # Avatar upload has_attached_file :avatar, styles: { large: '300x300#', medium: '96x96#', small: '48x48#' } validates_attachment_content_type :avatar, content_type: /\Aimage\/.*\Z/ + validates_attachment_size :avatar, less_than: 2.megabytes # Header upload has_attached_file :header, styles: { medium: '700x335#' } validates_attachment_content_type :header, content_type: /\Aimage\/.*\Z/ + validates_attachment_size :header, less_than: 2.megabytes # Local user profile validations validates :display_name, length: { maximum: 30 }, if: 'local?' diff --git a/app/models/media_attachment.rb b/app/models/media_attachment.rb index 1f51e3d13a..0f631af575 100644 --- a/app/models/media_attachment.rb +++ b/app/models/media_attachment.rb @@ -4,6 +4,7 @@ class MediaAttachment < ApplicationRecord has_attached_file :file, styles: { small: '510x680>' } validates_attachment_content_type :file, content_type: /\Aimage\/.*\z/ + validates_attachment_size :file, less_than: 4.megabytes validates :account, presence: true