fixes:

-only update non-null fields -check valid URL -match schema types with database table
Hanagotchi · Apr 2, 2024 · 48020fd · 48020fd
1 parent f0d4452
commit 48020fd
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/app/exceptions/UserException.py b/app/exceptions/UserException.py
@@ -6,3 +6,9 @@ def __init__(self, id: int):
         status_code = status.HTTP_404_NOT_FOUND
         detail = f"User with id {id} not found"
         super().__init__(status_code=status_code, detail=detail)
+
+class InvalidURL(HTTPException):
+    def __init__(self, id: int):
+        status_code = status.HTTP_400_BAD_REQUEST
+        detail = f"Invalid URL"
+        super().__init__(status_code=status_code, detail=detail)
diff --git a/app/schemas/Schemas.py b/app/schemas/Schemas.py
@@ -21,4 +21,4 @@ class LoginRequest(BaseModel):
 class UpdateUserSchema(BaseModel):
     name: Optional[str] = None
     gender: Optional[str] = None
-    photo: Optional[HttpUrl] = None
+    photo: str
diff --git a/app/service/Users.py b/app/service/Users.py
@@ -1,9 +1,10 @@
-from exceptions.UserException import UserNotFound
+from exceptions.UserException import UserNotFound, InvalidURL
 from exceptions.LoginException import AuthenticationError
 from models.users import User
 from repository.Users import UsersRepository
 import requests
 import os
+import re
 
 
 class UsersService:
@@ -76,4 +77,9 @@ def update_user(self, user_id: int, update_data: dict):
         # es el propio usuario editando sus datos y no permitir
         # que un usuario edite los de un tercero
         self.get_user(user_id)
-        self.user_repository.edit_user(user_id, update_data)
+        filtered_update_data = {k: v for k, v in update_data.items() if v is not None}
+        if 'photo' in filtered_update_data:
+            photo_url = filtered_update_data['photo']
+            if not re.match(r'^https?://(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}(?:/[^/#?]+)+\.(?:jpg|jpeg|png|gif)$', photo_url):
+                raise InvalidURL("Invalid photo URL")
+        self.user_repository.edit_user(user_id, filtered_update_data)