From b444ea2471520f0d0d9512f8890d4f3bd9801fa6 Mon Sep 17 00:00:00 2001 From: Douglas Hall Date: Tue, 26 Mar 2019 09:47:47 -0400 Subject: [PATCH] Validate UserProfile.bio field. --- openedx/core/djangoapps/user_api/accounts/__init__.py | 3 +++ .../core/djangoapps/user_api/accounts/serializers.py | 10 +++++++++- .../djangoapps/user_api/accounts/tests/test_views.py | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/openedx/core/djangoapps/user_api/accounts/__init__.py b/openedx/core/djangoapps/user_api/accounts/__init__.py index e8dceff472..15cf2eebeb 100644 --- a/openedx/core/djangoapps/user_api/accounts/__init__.py +++ b/openedx/core/djangoapps/user_api/accounts/__init__.py @@ -6,6 +6,9 @@ from django.utils.text import format_lazy from django.utils.translation import ugettext_lazy as _ +# The maximum length for the bio ("about me") account field +BIO_MAX_LENGTH = 300 + # The minimum and maximum length for the name ("full name") account field NAME_MIN_LENGTH = 2 NAME_MAX_LENGTH = 255 diff --git a/openedx/core/djangoapps/user_api/accounts/serializers.py b/openedx/core/djangoapps/user_api/accounts/serializers.py index 975d9c0c69..37e0321459 100644 --- a/openedx/core/djangoapps/user_api/accounts/serializers.py +++ b/openedx/core/djangoapps/user_api/accounts/serializers.py @@ -24,7 +24,7 @@ from openedx.core.djangoapps.user_api.serializers import ReadOnlyFieldsSerialize from student.models import UserProfile, LanguageProficiency, SocialLink from . import ( - NAME_MIN_LENGTH, ACCOUNT_VISIBILITY_PREF_KEY, PRIVATE_VISIBILITY, CUSTOM_VISIBILITY, + BIO_MAX_LENGTH, NAME_MIN_LENGTH, ACCOUNT_VISIBILITY_PREF_KEY, PRIVATE_VISIBILITY, CUSTOM_VISIBILITY, ALL_USERS_VISIBILITY, VISIBILITY_PREFIX ) from .image_helpers import get_profile_image_urls_for_user @@ -218,6 +218,14 @@ class AccountLegacyProfileSerializer(serializers.HyperlinkedModelSerializer, Rea read_only_fields = () explicit_read_only_fields = ("profile_image", "requires_parental_consent") + def validate_bio(self, new_bio): + """ Enforce maximum length for bio. """ + if len(new_bio) > BIO_MAX_LENGTH: + raise serializers.ValidationError( + u"The about me field must be at most {} characters long.".format(BIO_MAX_LENGTH) + ) + return new_bio + def validate_name(self, new_name): """ Enforce minimum length for name. """ if len(new_name) < NAME_MIN_LENGTH: diff --git a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py index 0f34200031..59b534e172 100644 --- a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py +++ b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py @@ -557,7 +557,7 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase): # Note that we store the raw data, so it is up to client to escape the HTML. ( "bio", u"Lacrosse-playing superhero 壓是進界推日不復女", - "z" * 3001, u"Ensure this value has at most 3000 characters (it has 3001)." + "z" * 301, u"The about me field must be at most 300 characters long." ), ("account_privacy", ALL_USERS_VISIBILITY), ("account_privacy", PRIVATE_VISIBILITY),