From: INOPIAE <m.maengel@inopiae.de>
Date: Wed, 16 Jan 2019 13:35:50 +0000 (+0100)
Subject: upd: ensure that no blank information is stored in motion title and
X-Git-Url: https://code.wpia.club/?p=motion.git;a=commitdiff_plain;h=a96ee100bf39a3c04a500707084222fec45a8b06;ds=sidebyside

upd: ensure that no blank information is stored in motion title and
content
---

diff --git a/motion.py b/motion.py
index 06cde68..05b555a 100644
--- a/motion.py
+++ b/motion.py
@@ -187,7 +187,16 @@ def put_motion():
         return "Forbidden", 403
     time = int(request.form.get("days", "3"));
     if time not in times.per_host:
-        return "Error, invalid length", 500
+        return "Error, invalid length", 400
+    title=request.form.get("title", "")
+    title=title.strip()
+    if title =='':
+        return "Error, missing title", 400
+    content=request.form.get("content", "")
+    content=content.strip()
+    if content =='':
+        return "Error, missing content", 400
+
     db = get_db()
     with db.xact():
         t = db.prepare("SELECT CURRENT_TIMESTAMP")()[0][0];
@@ -199,7 +208,7 @@ def put_motion():
         else:
             ident=prefix.per_host[cat]+"."+t.strftime("%Y%m%d")+"."+("%03d" % (int(sr[0][0].split(".")[2])+1))
         p = db.prepare("INSERT INTO motion(\"name\", \"content\", \"deadline\", \"posed_by\", \"type\", \"identifier\", \"host\") VALUES($1, $2, CURRENT_TIMESTAMP + $3 * interval '1 days', $4, $5, $6, $7)")
-        p(request.form.get("title", ""), request.form.get("content",""), time, g.voter, cat, ident, request.host)
+        p(title, content, time, g.voter, cat, ident, request.host)
     return rel_redirect("/")
 
 def motion_edited(motion):
diff --git a/templates/index.html b/templates/index.html
index 04bbabe..8f2fb2c 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -10,7 +10,7 @@ User: {{g.user}}
 <form action="/motion" method="POST" class="form-inline">
 <div class="motion card">
   <div class="motion-title card-heading alert-light from-group">
-    <input class="form-control motion-title-input" placeholder="Motion title" type="text" name="title" id="title">
+    <input class="form-control motion-title-input" placeholder="Motion title" type="text" name="title" id="title" required="yes">
     {%- if categories|length == 1 %}
     <input type="text" class="float form-control" maxwidth="10" disabled value="{{categories[0]}}">
     <input type="hidden" name="category" value="{{categories[0]}}">
diff --git a/tests/test_motion.py b/tests/test_motion.py
index b6622a2..86d69fe 100644
--- a/tests/test_motion.py
+++ b/tests/test_motion.py
@@ -416,9 +416,25 @@ class CreateMotionTests(BasicTest):
         title='My Motion'
         content='My body'
         response = self.createMotion(user, title, content, '21', 'group1')
-        self.assertEqual(response.status_code, 500)
+        self.assertEqual(response.status_code, 400)
         self.assertIn(str.encode('Error, invalid length'), response.data)
 
+    def test_createMotionMissingData(self):
+        title=''
+        content=''
+        response = self.createMotion(user, title, content, '3', 'group1')
+        self.assertEqual(response.status_code, 400)
+        self.assertIn(str.encode('Error, missing title'), response.data)
+        title='New Motion'
+        response = self.createMotion(user, title, content, '3', 'group1')
+        self.assertEqual(response.status_code, 400)
+        self.assertIn(str.encode('Error, missing content'), response.data)
+        title=''
+        content='New Content'
+        response = self.createMotion(user, title, content, '3', 'group1')
+        self.assertEqual(response.status_code, 400)
+        self.assertIn(str.encode('Error, missing title'), response.data)
+
     def test_createMotionWrongGroup(self):
         title='My Motion'
         content='My body'