Commit d06b38b2 authored by Markus Koller's avatar Markus Koller

Merge branch '352747-fix-date-error-exception-for-audit-logs' into 'master'

Fix Date::Error exception when viewing audit logs for an invalid date

See merge request gitlab-org/gitlab!80634
parents 6fd16ebc 2d306450
# frozen_string_literal: true
class Admin::AuditLogReportsController < Admin::ApplicationController
include AuditEvents::EnforcesValidDateParams
include AuditEvents::DateRange
before_action :validate_audit_log_reports_available!
......
......@@ -12,12 +12,24 @@ module AuditEvents
def validate_date_params
unless valid_utc_date?(params[:created_before]) && valid_utc_date?(params[:created_after])
respond_to do |format|
format.html do
flash[:alert] = _('Invalid date format. Please use UTC format as YYYY-MM-DD')
render status: :bad_request
end
format.any { head :bad_request }
end
end
end
def valid_utc_date?(date)
date.blank? || date =~ Gitlab::Regex.utc_date_regex
return true if date.blank?
return false unless date =~ Gitlab::Regex.utc_date_regex
return true if Date.parse(date)
rescue Date::Error
false
end
end
end
......@@ -3,6 +3,8 @@
require 'spec_helper'
RSpec.describe Admin::AuditLogReportsController do
using RSpec::Parameterized::TableSyntax
describe 'GET index' do
let(:csv_data) do
<<~CSV
......@@ -105,6 +107,32 @@ RSpec.describe Admin::AuditLogReportsController do
end
end
end
context 'when invalid date params are provided' do
let(:params) do
{
created_before: created_before,
created_after: created_after
}
end
where(:created_before, :created_after) do
'invalid-date' | nil
nil | true
'2021-13-10' | nil
nil | '2021-02-31'
'2021-03-31' | '2021-02-31'
end
with_them do
it 'returns an error' do
subject
expect(response).to have_gitlab_http_status(:bad_request)
expect(flash[:alert]).to eq nil
end
end
end
end
context 'when unlicensed' do
......
......@@ -3,6 +3,8 @@
require 'spec_helper'
RSpec.describe Admin::AuditLogsController do
using RSpec::Parameterized::TableSyntax
let_it_be(:admin) { create(:admin) }
describe 'GET #index' do
......@@ -42,6 +44,25 @@ RSpec.describe Admin::AuditLogsController do
user: admin
)
end
context 'when invalid date' do
where(:created_before, :created_after) do
'invalid-date' | nil
nil | true
'2021-13-10' | nil
nil | '2021-02-31'
'2021-03-31' | '2021-02-31'
end
with_them do
it 'returns an error' do
get :index, params: { 'created_before': created_before, 'created_after': created_after }
expect(response).to have_gitlab_http_status(:bad_request)
expect(flash[:alert]).to eq 'Invalid date format. Please use UTC format as YYYY-MM-DD'
end
end
end
end
context 'by user' do
......
......@@ -3,6 +3,8 @@
require 'spec_helper'
RSpec.describe Groups::AuditEventsController do
using RSpec::Parameterized::TableSyntax
let_it_be(:user) { create(:user) }
let_it_be(:owner) { create(:user) }
let_it_be(:group) { create(:group, :private) }
......@@ -139,6 +141,25 @@ RSpec.describe Groups::AuditEventsController do
namespace: group
)
end
context 'when invalid date' do
where(:created_before, :created_after) do
'invalid-date' | nil
nil | true
'2021-13-10' | nil
nil | '2021-02-31'
'2021-03-31' | '2021-02-31'
end
with_them do
it 'returns an error' do
get :index, params: { group_id: group.to_param, 'created_before': created_before, 'created_after': created_after }
expect(response).to have_gitlab_http_status(:bad_request)
expect(flash[:alert]).to eq 'Invalid date format. Please use UTC format as YYYY-MM-DD'
end
end
end
end
end
......
......@@ -3,6 +3,8 @@
require 'spec_helper'
RSpec.describe Projects::AuditEventsController do
using RSpec::Parameterized::TableSyntax
let_it_be(:user) { create(:user) }
let_it_be(:maintainer) { create(:user) }
let_it_be(:project) { create(:project, :private) }
......@@ -110,6 +112,25 @@ RSpec.describe Projects::AuditEventsController do
it_behaves_like 'orders by id descending'
end
end
context 'when invalid date' do
where(:created_before, :created_after) do
'invalid-date' | nil
nil | true
'2021-13-10' | nil
nil | '2021-02-31'
'2021-03-31' | '2021-02-31'
end
with_them do
it 'returns an error' do
get :index, params: { project_id: project.to_param, namespace_id: project.namespace.to_param, 'created_before': created_before, 'created_after': created_after }
expect(response).to have_gitlab_http_status(:bad_request)
expect(flash[:alert]).to eq 'Invalid date format. Please use UTC format as YYYY-MM-DD'
end
end
end
end
context 'pagination' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment