Merge pull request #178 from codeRIT/issue_164

fix: Validate asset config values are URLs

Author: dquach217

app/controllers/manage/configs_controller.rb

@@ -17,7 +17,10 @@ def update
     value = params[:hackathon_config][key]
     value = true if value == "true"
     value = false if value == "false"
-    if @config.value != value
+    if @config.var.end_with?("_asset") && !value.start_with?('http://', 'https://')
+      flash[:alert] = "Config \"#{key}\" must start with http:// or https://"
+      render :edit
+    elsif @config.value != value
       @config.value = value
       @config.save
       redirect_to manage_configs_path, notice: "Config \"#{key}\" has been updated."

test/controllers/manage/configs_controller_test.rb

@@ -115,6 +115,20 @@ class Manage::ConfigsControllerTest < ActionController::TestCase
       assert_redirected_to manage_configs_path
     end
 
+    should "update logo_asset with a url" do
+      HackathonConfig["logo_asset"] = ''
+      patch :update, params: { id: "logo_asset", hackathon_config: { logo_asset: "https://picsum.photos/200" } }
+      assert_equal "https://picsum.photos/200", HackathonConfig["logo_asset"]
+      assert_redirected_to manage_configs_path
+    end
+
+    should "not update logo_asset with an asset that is not URL based" do
+      HackathonConfig["logo_asset"] = ''
+      patch :update, params: { id: "logo_asset", hackathon_config: { logo_asset: "test" } }
+      assert_equal '', HackathonConfig["logo_asset"]
+      assert_redirected_to edit_manage_config_path("logo_asset")
+    end
+
     should "update config CSS variables when custom_css is blank" do
       HackathonConfig["custom_css"] = ""
       patch :update, params: { id: "custom_css", hackathon_config: { custom_css: ":root {\n  --foo: #fff;\n}" } }