tabshift/payloadcms
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix(db-mongodb): add validation to relationship ids (#8395)

Browse Source 
fixes https://github.com/payloadcms/payload/issues/8652
This commit is contained in:
Patrik
2024-10-11 13:49:07 -04:00
committed by GitHub
parent 7a0b419c10
commit 21606ded08
2 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
packages/db-mongodb/src/utilities/sanitizeRelationshipIDs.ts
View File

@@ -1,7 +1,7 @@
import type { CollectionConfig, Field, SanitizedConfig, TraverseFieldsCallback } from 'payload' import type { CollectionConfig, Field, SanitizedConfig, TraverseFieldsCallback } from 'payload'
import mongoose from 'mongoose' import mongoose from 'mongoose'
import { traverseFields } from 'payload' import { APIError, traverseFields } from 'payload'
import { fieldAffectsData } from 'payload/shared' import { fieldAffectsData } from 'payload/shared'
type Args = { type Args = {
@@ -31,7 +31,14 @@ const convertValue = ({
) )
if (!customIDField) { if (!customIDField) {
return new mongoose.Types.ObjectId(value) try {
return new mongoose.Types.ObjectId(value)
} catch (error) {
throw new APIError(
`Failed to create ObjectId from value: ${value}. Error: ${error.message}`,
400,
)
}
} }
return value return value

21
test/database/int.spec.ts
View File

@@ -741,4 +741,25 @@ describe('database', () => {
}), }),
).rejects.toThrow(QueryError) ).rejects.toThrow(QueryError)
}) })
it('should not allow document creation with relationship data to an invalid document ID', async () => {
let invalidDoc
try {
invalidDoc = await payload.create({
collection: 'relation-b',
data: { title: 'invalid', relationship: 'not-real-id' },
})
} catch (error) {
expect(error).toBeInstanceOf(Error)
}
expect(invalidDoc).toBeUndefined()
const relationBDocs = await payload.find({
collection: 'relation-b',
})
expect(relationBDocs.docs).toHaveLength(0)
})
}) })