Fix SQL error in admin measures API (#30753)

main-rebase-security-fix
Claire 2024-06-18 18:04:58 +02:00 committed by GitHub
parent d97fcd0cbb
commit 58ace2e45e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 20 additions and 3 deletions

View File

@ -18,7 +18,7 @@ module Admin::Metrics::Measure::QueryHelper
def generated_series_days
Arel.sql(
<<~SQL.squish
SELECT generate_series(timestamp :start_at, :end_at, '1 day')::date AS period
SELECT generate_series(:start_at::timestamp, :end_at::timestamp, '1 day')::date AS period
SQL
)
end

View File

@ -7,11 +7,28 @@ describe 'Admin Measures' do
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
let(:account) { Fabricate(:account) }
let(:params) do
{
keys: %w(instance_accounts instance_follows instance_followers),
instance_accounts: {
domain: 'mastodon.social',
include_subdomains: true,
},
instance_follows: {
domain: 'mastodon.social',
include_subdomains: true,
},
instance_followers: {
domain: 'mastodon.social',
include_subdomains: true,
},
}
end
describe 'GET /api/v1/admin/measures' do
context 'when not authorized' do
it 'returns http forbidden' do
post '/api/v1/admin/measures', params: { account_id: account.id, limit: 2 }
post '/api/v1/admin/measures', params: params
expect(response)
.to have_http_status(403)
@ -22,7 +39,7 @@ describe 'Admin Measures' do
let(:scopes) { 'admin:read' }
it 'returns http success and status json' do
post '/api/v1/admin/measures', params: { account_id: account.id, limit: 2 }, headers: headers
post '/api/v1/admin/measures', params: params, headers: headers
expect(response)
.to have_http_status(200)