Skip to content

Commit

Permalink
fix: Prevent Bad Cookbook Names (#4364)
Browse files Browse the repository at this point in the history
  • Loading branch information
michael-genson authored Oct 15, 2024
1 parent 1af2473 commit 6d89fe3
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 0 deletions.
13 changes: 13 additions & 0 deletions mealie/schema/cookbook/cookbook.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from typing import Annotated

from pydantic import UUID4, ConfigDict, Field, field_validator
from slugify import slugify
from sqlalchemy.orm import joinedload
from sqlalchemy.orm.interfaces import LoaderOption

Expand Down Expand Up @@ -29,6 +30,18 @@ class CreateCookBook(MealieModel):
def validate_public(public: bool | None) -> bool:
return False if public is None else public

@field_validator("name")
def validate_name(name: str) -> str:
name = name.strip()

# we calculate the slug later leveraging the database,
# but we still need to validate the name can be slugified
possible_slug = slugify(name)
if not (name and possible_slug):
raise ValueError("Name cannot be empty")

return name


class SaveCookBook(CreateCookBook):
group_id: UUID4
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,22 @@ def test_create_cookbook(api_client: TestClient, unique_user: TestUser):
assert response.status_code == 201


@pytest.mark.parametrize("name_input", ["", " ", "@"])
def test_create_cookbook_bad_name(api_client: TestClient, unique_user: TestUser, name_input: str):
data = {
"name": name_input,
"slug": name_input,
"description": "",
"position": 0,
"categories": [],
"group_id": str(unique_user.group_id),
"household_id": str(unique_user.household_id),
}

response = api_client.post(api_routes.households_cookbooks, json=data, headers=unique_user.token)
assert response.status_code == 422


def test_read_cookbook(api_client: TestClient, unique_user: TestUser, cookbooks: list[TestCookbook]):
sample = random.choice(cookbooks)
response = api_client.get(api_routes.households_cookbooks_item_id(sample.id), headers=unique_user.token)
Expand Down

0 comments on commit 6d89fe3

Please sign in to comment.