scottk/chatwoot
1
0
Fork 0
mirror of https://github.com/lingble/chatwoot.git synced 2025-11-03 04:27:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: validate query conditions (#10595)

Browse Source 
Query conditions can take in arbitrary values, this can cause SQL
errors. This PR fixes it
This commit is contained in:
Shivam Mishra
2024-12-17 17:16:37 +05:30
committed by GitHub
parent e3109dbb22
commit b34dac7bbe
14 changed files with 119 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
spec/controllers/api/v1/accounts/automation_rules_controller_spec.rb
View File

@@ -76,6 +76,23 @@ RSpec.describe 'Api::V1::Accounts::AutomationRulesController', type: :request do
}
end
it 'processes invalid query operator' do
expect(account.automation_rules.count).to eq(0)
params[:conditions] << {
'attribute_key': 'browser_language',
'filter_operator': 'equal_to',
'values': ['en'],
'query_operator': 'invalid'
}
post "/api/v1/accounts/#{account.id}/automation_rules",
headers: administrator.create_new_auth_token,
params: params
expect(response).to have_http_status(:unprocessable_entity)
expect(account.automation_rules.count).to eq(0)
end
it 'throws an error for unknown attributes in condtions' do
expect(account.automation_rules.count).to eq(0)
params[:conditions] << {