From c9dc367bf0eb58d6240f545a7d28ae7c24208372 Mon Sep 17 00:00:00 2001
From: Katharina Irrgang <katharina.irrgang@googlemail.com>
Date: Tue, 26 Jul 2016 11:23:20 +0200
Subject: [PATCH] improvement: validate timezones (#7143)

no issue
- add isTimezone to schema validation
---
 core/server/data/schema/default-settings.json |  1 +
 core/server/data/validation/index.js          |  5 +++
 .../test/integration/api/api_settings_spec.js | 31 +++++++++++++++++++
 3 files changed, 37 insertions(+)

diff --git a/core/server/data/schema/default-settings.json b/core/server/data/schema/default-settings.json
index 06d33f518e..a2e967ce5a 100644
--- a/core/server/data/schema/default-settings.json
+++ b/core/server/data/schema/default-settings.json
@@ -49,6 +49,7 @@
         "activeTimezone": {
             "defaultValue": "Etc/UTC",
             "validations": {
+                "isTimezone": true,
                 "isNull": false
             }
         },
diff --git a/core/server/data/validation/index.js b/core/server/data/validation/index.js
index 176f9b095e..e397be1651 100644
--- a/core/server/data/validation/index.js
+++ b/core/server/data/validation/index.js
@@ -1,6 +1,7 @@
 var schema    = require('../schema').tables,
     _         = require('lodash'),
     validator = require('validator'),
+    moment    = require('moment'),
     assert    = require('assert'),
     Promise   = require('bluebird'),
     errors    = require('../../errors'),
@@ -37,6 +38,10 @@ validator.extend('notContains', function notContains(str, badString) {
     return !_.includes(str, badString);
 });
 
+validator.extend('isTimezone', function isTimezone(str) {
+    return moment.tz.zone(str) ? true : false;
+});
+
 validator.extend('isEmptyOrURL', function isEmptyOrURL(str) {
     return (_.isEmpty(str) || validator.isURL(str, {require_protocol: false}));
 });
diff --git a/core/test/integration/api/api_settings_spec.js b/core/test/integration/api/api_settings_spec.js
index 1d22c28161..11e73cf4ce 100644
--- a/core/test/integration/api/api_settings_spec.js
+++ b/core/test/integration/api/api_settings_spec.js
@@ -194,4 +194,35 @@ describe('Settings API', function () {
             done();
         }).catch(done);
     });
+
+    it('set activeTimezone: unknown timezone', function (done) {
+        return callApiWithContext(defaultContext, 'edit', {settings: [{key: 'activeTimezone', value: 'MFG'}]}, {})
+            .then(function () {
+                done(new Error('We expect that the activeTimezone cannot be stored'));
+            }).catch(function (errors) {
+                should.exist(errors);
+                errors.length.should.eql(1);
+                errors[0].errorType.should.eql('ValidationError');
+                done();
+            }).catch(done);
+    });
+
+    it('set activeTimezone: unknown timezone', function (done) {
+        return callApiWithContext(defaultContext, 'edit', {settings: [{key: 'activeTimezone', value: 'MFG'}]}, {})
+            .then(function () {
+                done(new Error('We expect that the activeTimezone cannot be stored'));
+            }).catch(function (errors) {
+                should.exist(errors);
+                errors.length.should.eql(1);
+                errors[0].errorType.should.eql('ValidationError');
+                done();
+            }).catch(done);
+    });
+
+    it('set activeTimezone: known timezone', function (done) {
+        return callApiWithContext(defaultContext, 'edit', {settings: [{key: 'activeTimezone', value: 'Etc/UTC'}]}, {})
+            .then(function () {
+                done();
+            }).catch(done);
+    });
 });