Improve URL validation to check for a valid host.

Parsing a URL with `URI` is not sufficient as the following cases are considered valid: URI.parse("http://https://google.com") => #<URI::HTTP http://https//google.com>
2025-02-25 18:55:32 -06:00 · 2017-12-21 12:27:17 +08:00
parent ba3bf9c7bb
commit 6ecf37c482
4 changed files with 52 additions and 15 deletions
--- a/spec/components/validators/url_validator_spec.rb
+++ b/spec/components/validators/url_validator_spec.rb
@@ -0,0 +1,33 @@
+require 'rails_helper'
+require 'validators/topic_title_length_validator'
+
+RSpec.describe UrlValidator do
+  let(:record) { Fabricate.build(:user_profile, user: Fabricate.build(:user)) }
+  let(:validator) { described_class.new(attributes: :website) }
+  subject(:validate) { validator.validate_each(record, :website, record.website) }
+
+  [
+    "http://https://google.com",
+    "http://google/",
+    "ftp://ftp.google.com",
+    "http:///what.is.this",
+    'http://meta.discourse.org TEST'
+  ].each do |invalid_url|
+    it "#{invalid_url} should not be valid" do
+      record.website = invalid_url
+      validate
+      expect(record.errors[:website]).to be_present
+    end
+  end
+
+  [
+    "http://discourse.productions",
+    "https://google.com",
+  ].each do |valid_url|
+    it "#{valid_url} should be valid" do
+      record.website = valid_url
+      validate
+      expect(record.errors[:website]).to_not be_present
+    end
+  end
+end
--- a/spec/models/user_profile_spec.rb
+++ b/spec/models/user_profile_spec.rb
@@ -55,18 +55,21 @@ describe UserProfile do
    end

    context "website validation" do
-      let(:user) { Fabricate(:user) }
+      let(:user_profile) { Fabricate.build(:user_profile, user: Fabricate(:user)) }

-      it "ensures website is valid" do
-        expect(Fabricate.build(:user_profile, user: user, website: "http://https://google.com")).not_to be_valid
-        expect(Fabricate.build(:user_profile, user: user, website: "http://discourse.productions")).to be_valid
-        expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).to be_valid
+      it "should not allow invalid URLs" do
+        user_profile.website = "http://https://google.com"
+        expect(user_profile).to_not be_valid
      end

      it "validates website domain if user_website_domains_whitelist setting is present" do
        SiteSetting.user_website_domains_whitelist = "discourse.org"
-        expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).not_to be_valid
-        expect(Fabricate.build(:user_profile, user: user, website: "http://discourse.org")).to be_valid
+
+        user_profile.website = "https://google.com"
+        expect(user_profile).not_to be_valid
+
+        user_profile.website = "http://discourse.org"
+        expect(user_profile).to be_valid
      end
    end