Fix: now applying the same verifications when creating or editing com…

…ments (#1038)
isso-comments · Sep 30, 2024 · 4672872 · 4672872
1 parent 6f3874c
commit 4672872
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/isso/tests/test_comments.py b/isso/tests/test_comments.py
@@ -391,6 +391,22 @@ def testUpdate(self):
         self.assertEqual(rv['website'], 'http://example.com/')
         self.assertIn('modified', rv)
 
+    def testUpdateForbidden(self):
+
+        self.post('/new?uri=test', data=json.dumps({'text': 'Hello world!'}))
+
+        resp = self.put('/id/1', data=json.dumps({}))
+        self.assertEqual(resp.status, '400 BAD REQUEST')
+        self.assertIn('text is missing', resp.text)
+
+        resp = self.put('/id/1', data=json.dumps({'text': ''}))
+        self.assertEqual(resp.status, '400 BAD REQUEST')
+        self.assertIn('text is too short', resp.text)
+
+        resp = self.put('/id/1', data=json.dumps({'text': 'Hello again!', 'website': '[email protected]'}))
+        self.assertEqual(resp.status, '400 BAD REQUEST')
+        self.assertIn('Website not Django-conform', resp.text)
+
     def testDelete(self):
 
         self.post('/new?uri=%2Fpath%2F',

diff --git a/isso/views/comments.py b/isso/views/comments.py
@@ -539,12 +539,13 @@ def edit(self, environ, request, id):
 
         data = request.json
 
-        if data.get("text") is None or len(data["text"]) < 3:
-            raise BadRequest("no text given")
-
         for key in set(data.keys()) - set(["text", "author", "website"]):
             data.pop(key)
 
+        valid, reason = API.verify(data)
+        if not valid:
+            return BadRequest(reason)
+
         data['modified'] = time.time()
 
         with self.isso.lock: