190. Only allow image files (#28)

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/exception/ExceptionHandling.java

@@ -3,10 +3,7 @@ package net.shyshkin.study.fullstack.supportportal.backend.exception;
 import com.auth0.jwt.exceptions.TokenExpiredException;
 import lombok.extern.slf4j.Slf4j;
 import net.shyshkin.study.fullstack.supportportal.backend.domain.HttpResponse;
-import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.EmailExistsException;
+import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.*;
-import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.EmailNotFoundException;
-import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.UserNotFoundException;
-import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.UsernameExistsException;
 import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.ResponseEntity;
@@ -67,7 +64,7 @@ public class ExceptionHandling {
     @ExceptionHandler({
             EmailExistsException.class, UsernameExistsException.class,
             EmailNotFoundException.class, UserNotFoundException.class,
-            MaxUploadSizeExceededException.class
+            MaxUploadSizeExceededException.class, NotAnImageFileException.class
     })
     public ResponseEntity<HttpResponse> badRequestExceptionHandler(Exception exception) {
         return createHttpResponse(BAD_REQUEST, exception.getMessage());

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/exception/domain/NotAnImageFileException.java

@@ -0,0 +1,7 @@
+package net.shyshkin.study.fullstack.supportportal.backend.exception.domain;
+
+public class NotAnImageFileException extends RuntimeException {
+    public NotAnImageFileException(String message) {
+        super(message);
+    }
+}

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/service/UserServiceImpl.java

@@ -6,10 +6,7 @@ import net.shyshkin.study.fullstack.supportportal.backend.domain.Role;
 import net.shyshkin.study.fullstack.supportportal.backend.domain.User;
 import net.shyshkin.study.fullstack.supportportal.backend.domain.UserPrincipal;
 import net.shyshkin.study.fullstack.supportportal.backend.domain.dto.UserDto;
-import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.EmailExistsException;
+import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.*;
-import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.EmailNotFoundException;
-import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.UserNotFoundException;
-import net.shyshkin.study.fullstack.supportportal.backend.exception.domain.UsernameExistsException;
 import net.shyshkin.study.fullstack.supportportal.backend.mapper.UserMapper;
 import net.shyshkin.study.fullstack.supportportal.backend.repository.UserRepository;
 import org.apache.commons.lang3.RandomStringUtils;
@@ -17,7 +14,6 @@ import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
-import org.springframework.http.MediaType;
 import org.springframework.http.RequestEntity;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -35,10 +31,12 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.time.LocalDateTime;
+import java.util.List;
 import java.util.Objects;
 import java.util.UUID;
 
 import static net.shyshkin.study.fullstack.supportportal.backend.constant.FileConstant.*;
+import static org.springframework.http.MediaType.*;
 
 @Slf4j
 @Service
@@ -179,6 +177,10 @@ public class UserServiceImpl implements UserService {
     private void saveProfileImage(User user, MultipartFile profileImage) {
         if (profileImage == null) return;
 
+        if (!List.of(IMAGE_JPEG_VALUE, IMAGE_GIF_VALUE, IMAGE_PNG_VALUE).contains(profileImage.getContentType())){
+            throw new NotAnImageFileException(profileImage.getOriginalFilename()+ " is not an image file. Please upload an image");
+        }
+
         Path userFolder = Paths.get(USER_FOLDER, user.getUserId());
         try {
             if (Files.notExists(userFolder)) {
@@ -278,7 +280,7 @@ public class UserServiceImpl implements UserService {
 //        "https://robohash.org/11951691-d373-4126-bef2-84d157a6546b"
         RequestEntity<Void> requestEntity = RequestEntity
                 .get("/{userId}", userId)
-                .accept(MediaType.IMAGE_JPEG)
+                .accept(IMAGE_JPEG)
                 .build();
         var responseEntity = restTemplate.exchange(requestEntity, new ParameterizedTypeReference<byte[]>() {
         });

support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java

@@ -535,8 +535,8 @@ class UserResourceTest extends BaseUserTest {
         //given
         UserDto userDto = createRandomUserDto();
 
-        MultipartFile profileImage = new MockMultipartFile("profileImage", "test.txt",
+        MultipartFile profileImage = new MockMultipartFile("profileImage", "test.gif",
-                "text/plain", ("Spring Framework" + UUID.randomUUID()).getBytes());
+                "image/gif", ("Spring Framework" + UUID.randomUUID()).getBytes());
 
         MultiValueMap<String, Object> body
                 = new LinkedMultiValueMap<>();
@@ -593,8 +593,8 @@ class UserResourceTest extends BaseUserTest {
 
         UserDto userDto = createRandomUserDto();
 
-        MultipartFile profileImage = new MockMultipartFile("profileImage", "test.txt",
+        MultipartFile profileImage = new MockMultipartFile("profileImage", "test.jpeg",
-                "text/plain", ("Spring Framework" + UUID.randomUUID()).getBytes());
+                "image/jpeg", ("Spring Framework" + UUID.randomUUID()).getBytes());
 
         MultiValueMap<String, Object> body
                 = new LinkedMultiValueMap<>();

support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceUnSecureTest.java

@@ -565,8 +565,8 @@ class UserResourceUnSecureTest extends BaseUserTest {
             //given
             String username = user.getUsername();
 
-            MultipartFile profileImage = new MockMultipartFile("profileImage", "test.txt",
+            MultipartFile profileImage = new MockMultipartFile("profileImage", "test.png",
-                    "text/plain", ("Spring Framework" + UUID.randomUUID()).getBytes());
+                    "image/png", ("Spring Framework" + UUID.randomUUID()).getBytes());
 
             MultiValueMap<String, Object> body
                     = new LinkedMultiValueMap<>();
@@ -756,8 +756,8 @@ class UserResourceUnSecureTest extends BaseUserTest {
 
         private void uploadProfileImage(String username) throws IOException {
 
-            MultipartFile profileImage = new MockMultipartFile("profileImage", "test.txt",
+            MultipartFile profileImage = new MockMultipartFile("profileImage", "test.jpg",
-                    "text/plain", ("Spring Framework" + UUID.randomUUID()).getBytes());
+                    MediaType.IMAGE_JPEG_VALUE, ("Spring Framework" + UUID.randomUUID()).getBytes());
 
             MultiValueMap<String, Object> body
                     = new LinkedMultiValueMap<>();

support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/service/UserServiceTest.java

@@ -120,8 +120,8 @@ class UserServiceTest extends BaseUserTest {
         String username = user.getUsername();
 
         //when
-        MockMultipartFile multipartFile = new MockMultipartFile("file", "test.txt",
+        MockMultipartFile multipartFile = new MockMultipartFile("file", "test.jpg",
-                "text/plain", ("Spring Framework" + UUID.randomUUID()).getBytes());
+                "image/jpeg", ("Spring Framework" + UUID.randomUUID()).getBytes());
         userService.updateProfileImage(username, multipartFile);
 
         //then