diff --git a/services/web/app/src/Features/Uploads/ProjectUploadController.mjs b/services/web/app/src/Features/Uploads/ProjectUploadController.mjs index 61bf91b16b..0ce933fd19 100644 --- a/services/web/app/src/Features/Uploads/ProjectUploadController.mjs +++ b/services/web/app/src/Features/Uploads/ProjectUploadController.mjs @@ -71,6 +71,7 @@ async function uploadFile(req, res, next) { const userId = SessionManager.getLoggedInUserId(req.session) let { folder_id: folderId } = req.query if (name == null || name.length === 0 || name.length > 150) { + fs.unlink(path, function () {}) return res.status(422).json({ success: false, error: 'invalid_filename', diff --git a/services/web/test/unit/src/Uploads/ProjectUploadController.test.mjs b/services/web/test/unit/src/Uploads/ProjectUploadController.test.mjs index f21383e776..b2cad85584 100644 --- a/services/web/test/unit/src/Uploads/ProjectUploadController.test.mjs +++ b/services/web/test/unit/src/Uploads/ProjectUploadController.test.mjs @@ -354,7 +354,7 @@ describe('ProjectUploadController', function () { ctx.ProjectUploadController.uploadFile(ctx.req, ctx.res) }) - it('should return a a non success response', function (ctx) { + it('should return a non success response', function (ctx) { expect(ctx.res.body).to.deep.equal( JSON.stringify({ success: false, @@ -362,6 +362,30 @@ describe('ProjectUploadController', function () { }) ) }) + + it('should remove the uploaded file', function (ctx) { + ctx.fs.unlink.calledWith(ctx.path).should.equal(true) + }) + }) + + describe('with a filename that is too long', function () { + beforeEach(function (ctx) { + ctx.req.body.name = 'a'.repeat(151) + ctx.ProjectUploadController.uploadFile(ctx.req, ctx.res) + }) + + it('should return a non success response', function (ctx) { + expect(ctx.res.body).to.deep.equal( + JSON.stringify({ + success: false, + error: 'invalid_filename', + }) + ) + }) + + it('should remove the uploaded file', function (ctx) { + ctx.fs.unlink.calledWith(ctx.path).should.equal(true) + }) }) }) })