Throw 400s for invalid input

This commit is contained in:
swag 2022-04-09 15:35:24 -04:00
parent cc622dbdf1
commit a6b170eca3
2 changed files with 17 additions and 5 deletions

View File

@ -64,7 +64,7 @@ get '/' => sub ($c) { $c->redirect_to(page => {page => 'view'}) };
any [qw{GET POST}], '/sign' => sub ($c) {
my $v = $c->validation() if $c->req->method eq 'POST';
if ($c->req->method eq 'POST' && $v->has_data) {
if ($v && $v->has_data) {
my $name = $c->param('name') || 'Anonymous';
my $url = $c->param('url');
my $message = $c->param('message');
@ -78,7 +78,10 @@ any [qw{GET POST}], '/sign' => sub ($c) {
$v->optional('url', 'not_empty')->size(1, 255)
->like(qr/$RE{URI}{HTTP}{-scheme => qr<https?>}/);
unless ($v->has_error) {
if ($v->has_error) {
$c->stash(status => 400)
}
else {
$c->message->create_post($name, $message, $url, $spam);
$c->flash(error => 'This message was flagged as spam') if $spam;
@ -86,6 +89,10 @@ any [qw{GET POST}], '/sign' => sub ($c) {
return $c->redirect_to(page => {page => 'view'});
}
}
# Throw a 400 for POST with null body too
elsif ($v) {
$c->stash(status => 400)
}
# Try to randomize things for the CAPTCHA challenge. The
# string 'false' actually evaluates to true so this is an

View File

@ -26,18 +26,23 @@ my %valid_form = (
message => 'Ayy... lmao',
answer => 'false'
);
# Null POST body
my %null_form;
$t->ua->max_redirects(1);
# Valid requests
$t->get_ok('/sign')->status_is(200)->text_is(h2 => 'Sign the Guestbook');
$t->post_ok('/sign', form => \%valid_form)->status_is(200);
$t->post_ok('/sign', form => \%valid_form)->status_is(200)
->text_is(h2 => 'Messages from the World Wide Web');
# Invalid input
$t->post_ok('/sign', form => \%invalid_form)->status_is(200)
$t->post_ok('/sign', form => \%invalid_form)->status_is(400)
->content_like(qr/cannot be blank/);
$t->post_ok('/sign', form => \%invalid_form)->status_is(200)
$t->post_ok('/sign', form => \%invalid_form)->status_is(400)
->content_like(qr/URL does not appear to be/);
$t->post_ok('/sign', form => \%null_form)->status_is(400)
->text_is(h2 => 'Sign the Guestbook');
# Spam test
$t->post_ok('/sign', form => \%spam_form)->status_is(403)