Skip to content

Fix cryptic file validation errors#9663

Merged
andreslucena merged 19 commits intodecidim:developfrom
mainio:fix/9185
Oct 4, 2022
Merged

Fix cryptic file validation errors#9663
andreslucena merged 19 commits intodecidim:developfrom
mainio:fix/9185

Conversation

@ahukkanen
Copy link
Copy Markdown
Contributor

@ahukkanen ahukkanen commented Aug 7, 2022

🎩 What? Why?

Currently the file validation messages are rather cryptic for the general user because they are showing the content type matching pattern regular expressions converted into strings.

To make it understandable for the general public, we want to show the file extensions instead of the content types.

📌 Related Issues

Testing

  • Enable attachments for proposals
  • Try to upload an attachment which is not allowed, e.g. a .zip file is not allowed by default
  • See a better error message

@ahukkanen ahukkanen added module: proposals module: core type: fix PRs that implement a fix for a bug labels Aug 7, 2022
@ahukkanen ahukkanen marked this pull request as ready for review August 7, 2022 13:18
@andreslucena
Copy link
Copy Markdown
Member

andreslucena commented Sep 15, 2022

This is a great improvement on what we have for sure!

  1. I think we can tune it a bit more. Now it says "file should be one of *.bmp, *.gif, *.jpeg, *.jpg, *.pdf, *.png, *.rtf, .txt". Even though the second part is much better, it still sounds a bit too technical. The first part ("should be one of") sounds like Set Theory, and the second part (.bmp) has regular expressions. Could you change it to something like this 🙏🏽?

Only files with the following extensions are allowed: gif jpeg jpg png bmp

  1. In the avatar file upload in the participant account, there's something that breaks this:

image

As far as I could find is the only one with mixed formats.

  1. In the file upload attachment of a participatory process, the file extensions of the error doesn't correspond with the ones from the help text.

image

  1. On the private participants census upload CSV it says text/csv

image

(Mind that the help text doesn't correspond and talks about images, but that's out of the scope of the current PR)

@ahukkanen
Merge branch 'develop' into fix/9185
2e383b7
@ahukkanen
Update the error message for invalid file content type as per review
a9275ba
@ahukkanen
Fix the obfuscated error messages also for file content type validators
c3bcaf5 
Previously this only applied to the validators run for files
attached through the uploaders. Which is problematic e.g. for CSV
files that we just upload and process without an uploader
in-between.
@ahukkanen
Add spec for the customized file content type validator
58cc9e6
@ahukkanen
Get the extension allowlist through the uploader if available
cc28b37
@ahukkanen
Fix the extension_allowlist translation
035aad8
@ahukkanen
Move the extension allowlist translation to the correct module
c421542
@ahukkanen
Fetch the extension allowlist through the correct recrod
1bb146b 
Previously it was always using the defaults instead of the
settings configured for the target organization attached to the
record.
@ahukkanen
Pass the context to the form records assigned to PassthruValidator
b32b897 
The votings census file upload broke after modifying the file
validation logic as it was missing the current participatory space
where it fetches the organization from.
@ahukkanen
Pass the correct upload context for the dynamic file validations
2c5e217 
In order to fetch the correct file extensions in each situation
for the dynamic upload errors, we need to define a proxy record
to pass the correct upload context for the validations.
@ahukkanen
Sort the file extensions at the FileValidatorHumanizer
0d57a04 
In order to show the file extensions similarly in the help texts
and the errors, sort them at the humanizer which produces the
extensions list for the help texts.
@ahukkanen
Copy link
Copy Markdown
Contributor Author

ahukkanen commented Sep 20, 2022
edited
Loading

@andreslucena All issues fixed that I could fix in this PR. The rest will be fixed by another PR #9623. See explanations below.

  1. I think we can tune it a bit more. Now it says "file should be one of *.bmp, *.gif, *.jpeg, *.jpg, *.pdf, *.png, *.rtf, .txt". Even though the second part is much better, it still sounds a bit too technical. The first part ("should be one of") sounds like Set Theory, and the second part (.bmp) has regular expressions. Could you change it to something like this 🙏🏽?

Only files with the following extensions are allowed: gif jpeg jpg png bmp

Done. Also changed the other similar error messages to match this format.

  1. In the avatar file upload in the participant account, there's something that breaks this:

As far as I could find is the only one with mixed formats.

The mixed format is because Decidim produces unknown MIME types currently. E.g. image/bmp is not known for MiniMime (instead, it knows image/x-bmp). And also image/jpg is not a valida MIME type anywhere.

This has been a persistent issue in Decidim for years but I am fixing it in another PR #9623.

In particular it is this line that will fix this issue:

decidim/decidim-core/app/uploaders/decidim/image_uploader.rb

Line 11 in 4b9d539

extension_allowlist.map { |ext| MiniMime.lookup_by_extension(ext).content_type }.uniq

Do note that this same issue will still persist in case the system administrator has configured MIME types unknown for MiniMime. But I would see that as misconfiguration rather than a bug, and it'd be good to show those "extra" unknown MIME types for the user in case that happens to make it easier to identify potential issues regarding those.

  1. In the file upload attachment of a participatory process, the file extensions of the error doesn't correspond with the ones from the help text.

This was because the file validation wasn't context aware whether the validation is happening at the admin panel or the participant side of the system which can have different allowed extensions through the system settings.

I have fixed this issue in the latest revisions.

  1. On the private participants census upload CSV it says text/csv

This was because initially I only applied these changes to the upload validations happening for files that are attached to the records through uploaders. This was not applied in case you just used validates :some_temp_file, file_content_type: { allow: ["text/csv"] } which happens e.g. for the described use case (votings census).

I had to do a bit of a "hack" to also fix the messages for such direct validations by overriding one method from ActiveModel::Validations::FileContentTypeValidator. But anyways, now it should work for both cases.

@andreslucena
Copy link
Copy Markdown
Member

andreslucena commented Sep 30, 2022

The mixed format is because Decidim produces unknown MIME types currently. E.g. image/bmp is not known for MiniMime (instead, it knows image/x-bmp). And also image/jpg is not a valida MIME type anywhere.

This has been a persistent issue in Decidim for years but I am fixing it in another PR #9623.

Great! I'll check that one after merging this one.

Do note that this same issue will still persist in case the system administrator has configured MIME types unknown for MiniMime. But I would see that as misconfiguration rather than a bug, and it'd be good to show those "extra" unknown MIME types for the user in case that happens to make it easier to identify potential issues regarding those.

Ok, I agree.

andreslucena
andreslucena approved these changes Sep 30, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@andreslucena andreslucena left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've rechecked all my comments and are all fixed 👍🏽 👍🏽
Code-wise everything is great, documented, and tested. 💯

@andreslucena andreslucena merged commit df67cd5 into decidim:develop Oct 4, 2022
@ahukkanen ahukkanen mentioned this pull request Oct 4, 2022
Merged
@ahukkanen ahukkanen deleted the fix/9185 branch October 4, 2022 13:02
entantoencuanto added a commit that referenced this pull request Oct 5, 2022
@entantoencuanto
Merge branch 'feature/redesign-turbo' into feature/redesign-staging
82ecea1 
* feature/redesign-turbo:
  Install turbo-rails
  Fix incorrect expecations after change of allowed file extensions (#9877)
  Update `@joeattardi/emoji-button` to `@picmo/popup-picker` (#9667)
  Address Crowdin feedback (#9678)
  Fix cryptic file validation errors (#9663)
  Fix disappearing sub-lists in rich text editors (#9867)
  Implement authorization data recovery for deleted users (#9463)
  Redesigned: admin bar (#9874)
eliegaboriau pushed a commit to eliegaboriau/decidim that referenced this pull request Oct 25, 2022
@ahukkanen @eliegaboriau
Fix cryptic file validation errors (decidim#9663)
ccdbab5 
* Fix cryptic file validation errors

* Improve the content type validator and add method documentation

* Add content type validator spec for denylist case

* Fix the file definition within the spec

* Fix specs broken because of the message changes

* Update the error message for invalid file content type as per review

* Fix the obfuscated error messages also for file content type validators

Previously this only applied to the validators run for files
attached through the uploaders. Which is problematic e.g. for CSV
files that we just upload and process without an uploader
in-between.

* Add spec for the customized file content type validator

* Get the extension allowlist through the uploader if available

* Fix the extension_allowlist translation

* Move the extension allowlist translation to the correct module

* Fetch the extension allowlist through the correct recrod

Previously it was always using the defaults instead of the
settings configured for the target organization attached to the
record.

* Pass the context to the form records assigned to PassthruValidator

The votings census file upload broke after modifying the file
validation logic as it was missing the current participatory space
where it fetches the organization from.

* Pass the correct upload context for the dynamic file validations

In order to fetch the correct file extensions in each situation
for the dynamic upload errors, we need to define a proxy record
to pass the correct upload context for the validations.

* Sort the file extensions at the FileValidatorHumanizer

In order to show the file extensions similarly in the help texts
and the errors, sort them at the humanizer which produces the
extensions list for the help texts.

* Fix file not attached to organization with attachment proxy

* Normalize locales

* Use delegate method instead of extending SimpleDelegator
@andreslucena andreslucena mentioned this pull request Oct 26, 2022
Merged
@alecslupu alecslupu mentioned this pull request Jul 19, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andreslucena andreslucena andreslucena approved these changes

Assignees

No one assigned

Labels

module: core module: proposals type: fix PRs that implement a fix for a bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cryptic file validation error

2 participants

@ahukkanen @andreslucena