diff --git a/app/Http/Requests/UpdateVolume.php b/app/Http/Requests/UpdateVolume.php index c9be93624..91a1a1668 100644 --- a/app/Http/Requests/UpdateVolume.php +++ b/app/Http/Requests/UpdateVolume.php @@ -37,7 +37,7 @@ public function rules() { return [ 'name' => 'filled|max:512', - 'url' => ['filled', new VolumeUrl], + 'url' => ['filled', 'max:256', new VolumeUrl], 'handle' => ['nullable', 'max:256', new Handle], ]; } diff --git a/tests/php/Http/Controllers/Api/VolumeControllerTest.php b/tests/php/Http/Controllers/Api/VolumeControllerTest.php index e3c59b237..44c8cdc43 100644 --- a/tests/php/Http/Controllers/Api/VolumeControllerTest.php +++ b/tests/php/Http/Controllers/Api/VolumeControllerTest.php @@ -186,6 +186,25 @@ public function testUpdateUrl() Queue::assertPushed(ProcessNewVolumeFiles::class); } + public function testUpdateInvalidUrl() + { + $volume = $this->volume(); + + config(['volumes.admin_storage_disks' => ['admin-test']]); + $disk = Storage::fake('admin-test'); + $disk->put('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file.txt', 'abc'); + + $this->beGlobalAdmin(); + + // invalid url (>256 characters) + $response = $this->json('PUT', '/api/v1/volumes/'.$volume->id, [ + 'url' => 'admin-test://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', + ])->assertStatus(422); + + $this->assertEquals('The url must not be greater than 256 characters.', $response->exception->getMessage()); + Queue::assertNothingPushed(); + } + public function testUpdateUrlProviderDenylist() { $this->beAdmin();