diff --git a/config/env/default.js b/config/env/default.js index a3dfbdf11b..5f57447c87 100644 --- a/config/env/default.js +++ b/config/env/default.js @@ -28,5 +28,13 @@ module.exports = { sessionKey: 'sessionId', sessionCollection: 'sessions', logo: 'modules/core/client/img/brand/logo.png', - favicon: 'modules/core/client/img/brand/favicon.ico' + favicon: 'modules/core/client/img/brand/favicon.ico', + uploads: { + profileUpload: { + dest: './modules/users/client/img/profile/uploads/', // Profile upload destination path + limits: { + fileSize: 1*1024*1024 // Max file size in bytes (1 MB) + } + } + } }; diff --git a/config/lib/express.js b/config/lib/express.js index 59f3cc4c46..8e917ed2ab 100644 --- a/config/lib/express.js +++ b/config/lib/express.js @@ -9,7 +9,6 @@ var config = require('../config'), bodyParser = require('body-parser'), session = require('express-session'), MongoStore = require('connect-mongo')(session), - multer = require('multer'), favicon = require('serve-favicon'), compress = require('compression'), methodOverride = require('method-override'), @@ -88,12 +87,6 @@ module.exports.initMiddleware = function (app) { // Add the cookie parser and flash middleware app.use(cookieParser()); app.use(flash()); - - // Add multipart handling middleware - app.use(multer({ - dest: './uploads/', - inMemory: true - })); }; /** diff --git a/config/lib/multer.js b/config/lib/multer.js new file mode 100644 index 0000000000..960ffcb443 --- /dev/null +++ b/config/lib/multer.js @@ -0,0 +1,8 @@ +'use strict'; + +module.exports.profileUploadFileFilter = function (req, file, cb) { + if (file.mimetype !== 'image/png' && file.mimetype !== 'image/jpg' && file.mimetype !== 'image/jpeg' && file.mimetype !== 'image/gif') { + return cb(new Error('Only image files are allowed!'), false); + } + cb(null, true); +}; diff --git a/modules/users/client/controllers/settings/change-profile-picture.client.controller.js b/modules/users/client/controllers/settings/change-profile-picture.client.controller.js index 36f5bb10b3..545186dca9 100644 --- a/modules/users/client/controllers/settings/change-profile-picture.client.controller.js +++ b/modules/users/client/controllers/settings/change-profile-picture.client.controller.js @@ -7,7 +7,8 @@ angular.module('users').controller('ChangeProfilePictureController', ['$scope', // Create file uploader instance $scope.uploader = new FileUploader({ - url: 'api/users/picture' + url: 'api/users/picture', + alias: 'newProfilePicture' }); // Set file uploader image filter diff --git a/modules/users/server/controllers/users/users.profile.server.controller.js b/modules/users/server/controllers/users/users.profile.server.controller.js index da0a708d03..254b1804ed 100644 --- a/modules/users/server/controllers/users/users.profile.server.controller.js +++ b/modules/users/server/controllers/users/users.profile.server.controller.js @@ -8,6 +8,8 @@ var _ = require('lodash'), path = require('path'), errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')), mongoose = require('mongoose'), + multer = require('multer'), + config = require(path.resolve('./config/config')), User = mongoose.model('User'); /** @@ -54,15 +56,20 @@ exports.update = function (req, res) { exports.changeProfilePicture = function (req, res) { var user = req.user; var message = null; + var upload = multer(config.uploads.profileUpload).single('newProfilePicture'); + var profileUploadFileFilter = require(path.resolve('./config/lib/multer')).profileUploadFileFilter; + + // Filtering to upload only images + upload.fileFilter = profileUploadFileFilter; if (user) { - fs.writeFile('./modules/users/client/img/profile/uploads/' + req.files.file.name, req.files.file.buffer, function (uploadError) { - if (uploadError) { + upload(req, res, function (uploadError) { + if(uploadError) { return res.status(400).send({ message: 'Error occurred while uploading profile picture' }); } else { - user.profileImageURL = 'modules/users/client/img/profile/uploads/' + req.files.file.name; + user.profileImageURL = config.uploads.profileUpload.dest + req.file.filename; user.save(function (saveError) { if (saveError) { diff --git a/modules/users/tests/server/user.server.routes.tests.js b/modules/users/tests/server/user.server.routes.tests.js index f84802159c..f7a6c500e1 100644 --- a/modules/users/tests/server/user.server.routes.tests.js +++ b/modules/users/tests/server/user.server.routes.tests.js @@ -847,6 +847,65 @@ describe('User CRUD tests', function () { }); }); + it('should be able to change profile picture if signed in', function (done) { + agent.post('/api/auth/signin') + .send(credentials) + .expect(200) + .end(function (signinErr, signinRes) { + // Handle signin error + if (signinErr) { + return done(signinErr); + } + + agent.post('/api/users/picture') + .attach('newProfilePicture', './modules/users/client/img/profile/default.png') + .send(credentials) + .expect(200) + .end(function (userInfoErr, userInfoRes) { + // Handle change profile picture error + if (userInfoErr) { + return done(userInfoErr); + } + + userInfoRes.body.should.be.instanceof(Object); + userInfoRes.body.profileImageURL.should.be.a.String(); + userInfoRes.body._id.should.be.equal(String(user._id)); + + return done(); + }); + }); + }); + + it('should not be able to change profile picture if not signed in', function (done) { + agent.post('/api/users/picture') + .attach('newProfilePicture', './modules/users/client/img/profile/default.png') + .send(credentials) + .expect(400) + .end(function (userInfoErr, userInfoRes) { + done(userInfoErr); + }); + }); + + it('should not be able to change profile picture if attach a picture with a different field name', function (done) { + agent.post('/api/auth/signin') + .send(credentials) + .expect(200) + .end(function (signinErr, signinRes) { + // Handle signin error + if (signinErr) { + return done(signinErr); + } + + agent.post('/api/users/picture') + .attach('fieldThatDoesntWork', './modules/users/client/img/profile/default.png') + .send(credentials) + .expect(400) + .end(function (userInfoErr, userInfoRes) { + done(userInfoErr); + }); + }); + }); + afterEach(function (done) { User.remove().exec(done); }); diff --git a/package.json b/package.json index e978286bc6..9c1ac12fa3 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "mocha": "~1.20.0", "mongoose": "^4.0.6", "morgan": "^1.6.1", - "multer": "0.1.8", + "multer": "~1.0.5", "nodemailer": "^1.4.0", "owasp-password-strength-test": "^1.3.0", "passport": "~0.2.2",