Merge pull request #948 from gustavodemari/update-multer-profile-upload

Update profile upload with a new version of multer
Fixes #947

config/env/default.js

@@ -28,5 +28,13 @@ module.exports = {
   sessionKey: 'sessionId',
   sessionCollection: 'sessions',
   logo: 'modules/core/client/img/brand/logo.png',
-  favicon: 'modules/core/client/img/brand/favicon.ico'
+  favicon: 'modules/core/client/img/brand/favicon.ico',
+  uploads: {
+    profileUpload: {
+      dest: './modules/users/client/img/profile/uploads/', // Profile upload destination path
+      limits: {
+        fileSize: 1*1024*1024 // Max file size in bytes (1 MB)
+      }
+    }
+  }
 };

config/lib/express.js

@@ -10,7 +10,6 @@ var config = require('../config'),
   bodyParser = require('body-parser'),
   session = require('express-session'),
   MongoStore = require('connect-mongo')(session),
-  multer = require('multer'),
   favicon = require('serve-favicon'),
   compress = require('compression'),
   methodOverride = require('method-override'),
@@ -89,12 +88,6 @@ module.exports.initMiddleware = function (app) {
   // Add the cookie parser and flash middleware
   app.use(cookieParser());
   app.use(flash());
-
-  // Add multipart handling middleware
-  app.use(multer({
-    dest: './uploads/',
-    inMemory: true
-  }));
 };
 
 /**

config/lib/multer.js

@@ -0,0 +1,8 @@
+'use strict';
+
+module.exports.profileUploadFileFilter = function (req, file, cb) {
+  if (file.mimetype !== 'image/png' && file.mimetype !== 'image/jpg' && file.mimetype !== 'image/jpeg' && file.mimetype !== 'image/gif') {
+    return cb(new Error('Only image files are allowed!'), false);
+  }
+  cb(null, true);
+};

modules/users/client/controllers/settings/change-profile-picture.client.controller.js

@@ -7,7 +7,8 @@ angular.module('users').controller('ChangeProfilePictureController', ['$scope',
 
     // Create file uploader instance
     $scope.uploader = new FileUploader({
-      url: 'api/users/picture'
+      url: 'api/users/picture',
+      alias: 'newProfilePicture'
     });
 
     // Set file uploader image filter

modules/users/server/controllers/users/users.profile.server.controller.js

@@ -8,6 +8,8 @@ var _ = require('lodash'),
   path = require('path'),
   errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')),
   mongoose = require('mongoose'),
+  multer = require('multer'),
+  config = require(path.resolve('./config/config')),
   User = mongoose.model('User');
 
 /**
@@ -54,15 +56,20 @@ exports.update = function (req, res) {
 exports.changeProfilePicture = function (req, res) {
   var user = req.user;
   var message = null;
+  var upload = multer(config.uploads.profileUpload).single('newProfilePicture');
+  var profileUploadFileFilter = require(path.resolve('./config/lib/multer')).profileUploadFileFilter;
+
+  // Filtering to upload only images
+  upload.fileFilter = profileUploadFileFilter;
 
   if (user) {
-    fs.writeFile('./modules/users/client/img/profile/uploads/' + req.files.file.name, req.files.file.buffer, function (uploadError) {
-      if (uploadError) {
+    upload(req, res, function (uploadError) {
+      if(uploadError) {
         return res.status(400).send({
           message: 'Error occurred while uploading profile picture'
         });
       } else {
-        user.profileImageURL = 'modules/users/client/img/profile/uploads/' + req.files.file.name;
+        user.profileImageURL = config.uploads.profileUpload.dest + req.file.filename;
 
         user.save(function (saveError) {
           if (saveError) {

modules/users/tests/server/user.server.routes.tests.js

@@ -847,6 +847,65 @@ describe('User CRUD tests', function () {
       });
   });
 
+  it('should be able to change profile picture if signed in', function (done) {
+    agent.post('/api/auth/signin')
+      .send(credentials)
+      .expect(200)
+      .end(function (signinErr, signinRes) {
+        // Handle signin error
+        if (signinErr) {
+          return done(signinErr);
+        }
+
+        agent.post('/api/users/picture')
+          .attach('newProfilePicture', './modules/users/client/img/profile/default.png')
+          .send(credentials)
+          .expect(200)
+          .end(function (userInfoErr, userInfoRes) {
+            // Handle change profile picture error
+            if (userInfoErr) {
+              return done(userInfoErr);
+            }
+
+            userInfoRes.body.should.be.instanceof(Object);
+            userInfoRes.body.profileImageURL.should.be.a.String();
+            userInfoRes.body._id.should.be.equal(String(user._id));
+
+            return done();
+          });
+      });
+  });
+
+  it('should not be able to change profile picture if not signed in', function (done) {
+    agent.post('/api/users/picture')
+      .attach('newProfilePicture', './modules/users/client/img/profile/default.png')
+      .send(credentials)
+      .expect(400)
+      .end(function (userInfoErr, userInfoRes) {
+        done(userInfoErr);
+      });
+  });
+
+  it('should not be able to change profile picture if attach a picture with a different field name', function (done) {
+    agent.post('/api/auth/signin')
+      .send(credentials)
+      .expect(200)
+      .end(function (signinErr, signinRes) {
+        // Handle signin error
+        if (signinErr) {
+          return done(signinErr);
+        }
+
+        agent.post('/api/users/picture')
+          .attach('fieldThatDoesntWork', './modules/users/client/img/profile/default.png')
+          .send(credentials)
+          .expect(400)
+          .end(function (userInfoErr, userInfoRes) {
+            done(userInfoErr);
+          });
+      });
+  });
+
   afterEach(function (done) {
     User.remove().exec(done);
   });

package.json

@@ -47,7 +47,7 @@
     "mocha": "~1.20.0",
     "mongoose": "4.1.11",
     "morgan": "^1.6.1",
-    "multer": "0.1.8",
+    "multer": "~1.0.5",
     "nodemailer": "^1.4.0",
     "owasp-password-strength-test": "^1.3.0",
     "passport": "~0.2.2",