From 7ecf9337ce8669cb9bd918c5e3dd0b35b4ca89a6 Mon Sep 17 00:00:00 2001
From: gustavodemari <guhdemari@gmail.com>
Date: Thu, 15 Oct 2015 22:01:06 -0300
Subject: [PATCH] updating profile upload with a new version of multer

---
 config/env/default.js                         | 10 +++-
 config/lib/express.js                         |  7 ---
 config/lib/multer.js                          |  8 +++
 ...hange-profile-picture.client.controller.js |  3 +-
 .../users/users.profile.server.controller.js  | 13 +++-
 .../tests/server/user.server.routes.tests.js  | 59 +++++++++++++++++++
 package.json                                  |  2 +-
 7 files changed, 89 insertions(+), 13 deletions(-)
 create mode 100644 config/lib/multer.js

diff --git a/config/env/default.js b/config/env/default.js
index a3dfbdf11b..5f57447c87 100644
--- a/config/env/default.js
+++ b/config/env/default.js
@@ -28,5 +28,13 @@ module.exports = {
   sessionKey: 'sessionId',
   sessionCollection: 'sessions',
   logo: 'modules/core/client/img/brand/logo.png',
-  favicon: 'modules/core/client/img/brand/favicon.ico'
+  favicon: 'modules/core/client/img/brand/favicon.ico',
+  uploads: {
+    profileUpload: {
+      dest: './modules/users/client/img/profile/uploads/', // Profile upload destination path
+      limits: {
+        fileSize: 1*1024*1024 // Max file size in bytes (1 MB)
+      }
+    }
+  }
 };
diff --git a/config/lib/express.js b/config/lib/express.js
index 59f3cc4c46..8e917ed2ab 100644
--- a/config/lib/express.js
+++ b/config/lib/express.js
@@ -9,7 +9,6 @@ var config = require('../config'),
   bodyParser = require('body-parser'),
   session = require('express-session'),
   MongoStore = require('connect-mongo')(session),
-  multer = require('multer'),
   favicon = require('serve-favicon'),
   compress = require('compression'),
   methodOverride = require('method-override'),
@@ -88,12 +87,6 @@ module.exports.initMiddleware = function (app) {
   // Add the cookie parser and flash middleware
   app.use(cookieParser());
   app.use(flash());
-
-  // Add multipart handling middleware
-  app.use(multer({
-    dest: './uploads/',
-    inMemory: true
-  }));
 };
 
 /**
diff --git a/config/lib/multer.js b/config/lib/multer.js
new file mode 100644
index 0000000000..960ffcb443
--- /dev/null
+++ b/config/lib/multer.js
@@ -0,0 +1,8 @@
+'use strict';
+
+module.exports.profileUploadFileFilter = function (req, file, cb) {
+  if (file.mimetype !== 'image/png' && file.mimetype !== 'image/jpg' && file.mimetype !== 'image/jpeg' && file.mimetype !== 'image/gif') {
+    return cb(new Error('Only image files are allowed!'), false);
+  }
+  cb(null, true);
+};
diff --git a/modules/users/client/controllers/settings/change-profile-picture.client.controller.js b/modules/users/client/controllers/settings/change-profile-picture.client.controller.js
index 36f5bb10b3..545186dca9 100644
--- a/modules/users/client/controllers/settings/change-profile-picture.client.controller.js
+++ b/modules/users/client/controllers/settings/change-profile-picture.client.controller.js
@@ -7,7 +7,8 @@ angular.module('users').controller('ChangeProfilePictureController', ['$scope',
 
     // Create file uploader instance
     $scope.uploader = new FileUploader({
-      url: 'api/users/picture'
+      url: 'api/users/picture',
+      alias: 'newProfilePicture'
     });
 
     // Set file uploader image filter
diff --git a/modules/users/server/controllers/users/users.profile.server.controller.js b/modules/users/server/controllers/users/users.profile.server.controller.js
index da0a708d03..254b1804ed 100644
--- a/modules/users/server/controllers/users/users.profile.server.controller.js
+++ b/modules/users/server/controllers/users/users.profile.server.controller.js
@@ -8,6 +8,8 @@ var _ = require('lodash'),
   path = require('path'),
   errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')),
   mongoose = require('mongoose'),
+  multer = require('multer'),
+  config = require(path.resolve('./config/config')),
   User = mongoose.model('User');
 
 /**
@@ -54,15 +56,20 @@ exports.update = function (req, res) {
 exports.changeProfilePicture = function (req, res) {
   var user = req.user;
   var message = null;
+  var upload = multer(config.uploads.profileUpload).single('newProfilePicture');
+  var profileUploadFileFilter = require(path.resolve('./config/lib/multer')).profileUploadFileFilter;
+  
+  // Filtering to upload only images
+  upload.fileFilter = profileUploadFileFilter;
 
   if (user) {
-    fs.writeFile('./modules/users/client/img/profile/uploads/' + req.files.file.name, req.files.file.buffer, function (uploadError) {
-      if (uploadError) {
+    upload(req, res, function (uploadError) {
+      if(uploadError) {
         return res.status(400).send({
           message: 'Error occurred while uploading profile picture'
         });
       } else {
-        user.profileImageURL = 'modules/users/client/img/profile/uploads/' + req.files.file.name;
+        user.profileImageURL = config.uploads.profileUpload.dest + req.file.filename;
 
         user.save(function (saveError) {
           if (saveError) {
diff --git a/modules/users/tests/server/user.server.routes.tests.js b/modules/users/tests/server/user.server.routes.tests.js
index f84802159c..f7a6c500e1 100644
--- a/modules/users/tests/server/user.server.routes.tests.js
+++ b/modules/users/tests/server/user.server.routes.tests.js
@@ -847,6 +847,65 @@ describe('User CRUD tests', function () {
       });
   });
 
+  it('should be able to change profile picture if signed in', function (done) {
+    agent.post('/api/auth/signin')
+      .send(credentials)
+      .expect(200)
+      .end(function (signinErr, signinRes) {
+        // Handle signin error
+        if (signinErr) {
+          return done(signinErr);
+        }
+
+        agent.post('/api/users/picture')
+          .attach('newProfilePicture', './modules/users/client/img/profile/default.png')
+          .send(credentials)
+          .expect(200)
+          .end(function (userInfoErr, userInfoRes) {
+            // Handle change profile picture error
+            if (userInfoErr) {
+              return done(userInfoErr);
+            }
+
+            userInfoRes.body.should.be.instanceof(Object);
+            userInfoRes.body.profileImageURL.should.be.a.String();
+            userInfoRes.body._id.should.be.equal(String(user._id));
+
+            return done();
+          });
+      });
+  });
+
+  it('should not be able to change profile picture if not signed in', function (done) {
+    agent.post('/api/users/picture')
+      .attach('newProfilePicture', './modules/users/client/img/profile/default.png')
+      .send(credentials)
+      .expect(400)
+      .end(function (userInfoErr, userInfoRes) {
+        done(userInfoErr);
+      });
+  });
+
+  it('should not be able to change profile picture if attach a picture with a different field name', function (done) {
+    agent.post('/api/auth/signin')
+      .send(credentials)
+      .expect(200)
+      .end(function (signinErr, signinRes) {
+        // Handle signin error
+        if (signinErr) {
+          return done(signinErr);
+        }
+
+        agent.post('/api/users/picture')
+          .attach('fieldThatDoesntWork', './modules/users/client/img/profile/default.png')
+          .send(credentials)
+          .expect(400)
+          .end(function (userInfoErr, userInfoRes) {
+            done(userInfoErr);
+          });
+      });
+  });
+
   afterEach(function (done) {
     User.remove().exec(done);
   });
diff --git a/package.json b/package.json
index e978286bc6..9c1ac12fa3 100644
--- a/package.json
+++ b/package.json
@@ -46,7 +46,7 @@
     "mocha": "~1.20.0",
     "mongoose": "^4.0.6",
     "morgan": "^1.6.1",
-    "multer": "0.1.8",
+    "multer": "~1.0.5",
     "nodemailer": "^1.4.0",
     "owasp-password-strength-test": "^1.3.0",
     "passport": "~0.2.2",