FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side

2025-05-22 18:01:25 +08:00 · 2015-11-12 10:26:45 +01:00
parent 069516f4b4
commit 16f509afb9
4 changed files with 40 additions and 0 deletions
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -1363,6 +1363,18 @@ describe UsersController do
        expect(response).to be_forbidden
      end

+      it "raises an error when sso_overrides_avatar is disabled" do
+        SiteSetting.stubs(:sso_overrides_avatar).returns(true)
+        xhr :put, :pick_avatar, username: user.username, upload_id: upload.id, type: "custom"
+        expect(response).to_not be_success
+      end
+
+      it "raises an error when selecting the custom/uploaded avatar and allow_uploaded_avatars is disabled" do
+        SiteSetting.stubs(:allow_uploaded_avatars).returns(false)
+        xhr :put, :pick_avatar, username: user.username, upload_id: upload.id, type: "custom"
+        expect(response).to_not be_success
+      end
+
      it 'can successfully pick the system avatar' do
        xhr :put, :pick_avatar, username: user.username
        expect(response).to be_success