server/organization: correctly validate org/repo description length

polarsource · Apr 5, 2024 · 77cb2cf · 77cb2cf
1 parent fc6486e
commit 77cb2cf
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 23 deletions.
diff --git a/server/polar/organization/schemas.py b/server/polar/organization/schemas.py
@@ -134,7 +134,10 @@ def from_db(
 
 class OrganizationProfileSettingsUpdate(Schema):
     set_description: bool | None = None
-    description: str | None = None
+    description: str | None = Field(
+        None,
+        max_length=160,
+    )
 
     featured_projects: list[UUID4] | None = None
     featured_organizations: list[UUID4] | None = None

diff --git a/server/tests/organization/test_endpoints.py b/server/tests/organization/test_endpoints.py
@@ -615,17 +615,19 @@ async def test_update_organization_profile_settings_description(
     assert response.json()["id"] == str(organization.id)
     assert response.json()["profile_settings"]["description"] == "Hello whitespace!"
 
-    # setting a description which exceeds the maximum length should throw a validation error
-    with pytest.raises(ValidationError):
-        response = await client.patch(
-            f"/api/v1/organizations/{organization.id}",
-            json={
-                "profile_settings": {
-                    "description": "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium.",
-                    "set_description": True,
-                }
-            },
-        )
+    # setting a description which exceeds the maximum length
+    response = await client.patch(
+        f"/api/v1/organizations/{organization.id}",
+        json={
+            "profile_settings": {
+                "description": "a" * 161,
+                "set_description": True,
+            }
+        },
+    )
+
+    assert 422 == response.status_code
+    assert response.json()["detail"][0]["type"] == "string_too_long"
 
 
 @pytest.mark.asyncio

diff --git a/server/tests/repository/test_endpoints.py b/server/tests/repository/test_endpoints.py
@@ -469,17 +469,18 @@ async def test_update_repository_profile_settings_description(
     assert response.json()["id"] == str(repository.id)
     assert response.json()["profile_settings"]["description"] == "Hello whitespace!"
 
-    # setting a description which exceeds the maximum length should throw a validation error
-    with pytest.raises(ValidationError):
-        response = await client.patch(
-            f"/api/v1/repositories/{repository.id}",
-            json={
-                "profile_settings": {
-                    "description": "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium.",
-                    "set_description": True,
-                }
-            },
-        )
+    # setting a description which exceeds the maximum length
+    response = await client.patch(
+        f"/api/v1/repositories/{repository.id}",
+        json={
+            "profile_settings": {
+                "description": "a" * 270,
+                "set_description": True,
+            }
+        },
+    )
+    assert 422 == response.status_code
+    assert response.json()["detail"][0]["type"] == "string_too_long"
 
 
 @pytest.mark.asyncio