Merge pull request #20054 from edx/douglashall/ARCH-494

ARCH-494 Validate UserProfile.bio field.

openedx/core/djangoapps/user_api/accounts/__init__.py

@@ -6,6 +6,9 @@ from django.utils.text import format_lazy
 from django.utils.translation import ugettext_lazy as _
 
 
+# The maximum length for the bio ("about me") account field
+BIO_MAX_LENGTH = 300
+
 # The minimum and maximum length for the name ("full name") account field
 NAME_MIN_LENGTH = 2
 NAME_MAX_LENGTH = 255

openedx/core/djangoapps/user_api/accounts/serializers.py

@@ -24,7 +24,7 @@ from openedx.core.djangoapps.user_api.serializers import ReadOnlyFieldsSerialize
 from student.models import UserProfile, LanguageProficiency, SocialLink
 
 from . import (
-    NAME_MIN_LENGTH, ACCOUNT_VISIBILITY_PREF_KEY, PRIVATE_VISIBILITY, CUSTOM_VISIBILITY,
+    BIO_MAX_LENGTH, NAME_MIN_LENGTH, ACCOUNT_VISIBILITY_PREF_KEY, PRIVATE_VISIBILITY, CUSTOM_VISIBILITY,
     ALL_USERS_VISIBILITY, VISIBILITY_PREFIX
 )
 from .image_helpers import get_profile_image_urls_for_user
@@ -218,6 +218,14 @@ class AccountLegacyProfileSerializer(serializers.HyperlinkedModelSerializer, Rea
         read_only_fields = ()
         explicit_read_only_fields = ("profile_image", "requires_parental_consent")
 
+    def validate_bio(self, new_bio):
+        """ Enforce maximum length for bio. """
+        if len(new_bio) > BIO_MAX_LENGTH:
+            raise serializers.ValidationError(
+                u"The about me field must be at most {} characters long.".format(BIO_MAX_LENGTH)
+            )
+        return new_bio
+
     def validate_name(self, new_name):
         """ Enforce minimum length for name. """
         if len(new_name) < NAME_MIN_LENGTH:

openedx/core/djangoapps/user_api/accounts/tests/test_views.py

@@ -557,7 +557,7 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase):
         # Note that we store the raw data, so it is up to client to escape the HTML.
         (
             "bio", u"<html>Lacrosse-playing superhero 壓是進界推日不復女</html>",
-            "z" * 3001, u"Ensure this value has at most 3000 characters (it has 3001)."
+            "z" * 301, u"The about me field must be at most 300 characters long."
         ),
         ("account_privacy", ALL_USERS_VISIBILITY),
         ("account_privacy", PRIVATE_VISIBILITY),