finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Catch and handle unallowed file type errors in issue attachment API (#30791)

Browse source 
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
This commit is contained in:
Kemal Zebari 2024-05-02 09:33:31 -07:00 committed by Earl Warren
parent 396f16e7b2
commit 9cd0441cd3
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
5 changed files with 78 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
routers/api/v1/repo/issue_attachment.go
View file

@ -15,6 +15,7 @@ import (
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/services/attachment"
"code.gitea.io/gitea/services/context"
"code.gitea.io/gitea/services/context/upload"
"code.gitea.io/gitea/services/convert"
issue_service "code.gitea.io/gitea/services/issue"
)
@ -159,6 +160,8 @@ func CreateIssueAttachment(ctx *context.APIContext) {
// "$ref": "#/responses/error"
// "404":
// "$ref": "#/responses/error"
// "422":
// "$ref": "#/responses/validationError"
// "423":
// "$ref": "#/responses/repoArchivedError"
@ -207,7 +210,11 @@ func CreateIssueAttachment(ctx *context.APIContext) {
CreatedUnix: issue.UpdatedUnix,
})
if err != nil {
ctx.Error(http.StatusInternalServerError, "UploadAttachment", err)
if upload.IsErrFileTypeForbidden(err) {
ctx.Error(http.StatusUnprocessableEntity, "", err)
} else {
ctx.Error(http.StatusInternalServerError, "UploadAttachment", err)
}
return
}

10
routers/api/v1/repo/issue_comment_attachment.go
View file

@ -15,6 +15,7 @@ import (
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/services/attachment"
"code.gitea.io/gitea/services/context"
"code.gitea.io/gitea/services/context/upload"
"code.gitea.io/gitea/services/convert"
issue_service "code.gitea.io/gitea/services/issue"
)
@ -156,6 +157,8 @@ func CreateIssueCommentAttachment(ctx *context.APIContext) {
// "$ref": "#/responses/error"
// "404":
// "$ref": "#/responses/error"
// "422":
// "$ref": "#/responses/validationError"
// "423":
// "$ref": "#/responses/repoArchivedError"
@ -209,9 +212,14 @@ func CreateIssueCommentAttachment(ctx *context.APIContext) {
CreatedUnix: comment.Issue.UpdatedUnix,
})
if err != nil {
ctx.Error(http.StatusInternalServerError, "UploadAttachment", err)
if upload.IsErrFileTypeForbidden(err) {
ctx.Error(http.StatusUnprocessableEntity, "", err)
} else {
ctx.Error(http.StatusInternalServerError, "UploadAttachment", err)
}
return
}
if err := comment.LoadAttachments(ctx); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadAttachments", err)
return