From dd07393e755062d2d656ae7872c949ef7a9ddec7 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Mon, 19 Jun 2023 15:06:06 +0200
Subject: [PATCH] Fix user settings not getting validated (#25508)

---
 app/models/user_settings.rb       |  5 ++++-
 spec/models/user_settings_spec.rb | 10 ++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/app/models/user_settings.rb b/app/models/user_settings.rb
index 2c025d6c56..0f77f45f78 100644
--- a/app/models/user_settings.rb
+++ b/app/models/user_settings.rb
@@ -72,7 +72,10 @@ class UserSettings
 
     raise KeyError, "Undefined setting: #{key}" unless self.class.definition_for?(key)
 
-    typecast_value = self.class.definition_for(key).type_cast(value)
+    setting_definition = self.class.definition_for(key)
+    typecast_value = setting_definition.type_cast(value)
+
+    raise ArgumentError, "Invalid value for setting #{key}: #{typecast_value}" if setting_definition.in.present? && setting_definition.in.exclude?(typecast_value)
 
     if typecast_value.nil?
       @original_hash.delete(key)
diff --git a/spec/models/user_settings_spec.rb b/spec/models/user_settings_spec.rb
index f0e4272fd9..653597c90d 100644
--- a/spec/models/user_settings_spec.rb
+++ b/spec/models/user_settings_spec.rb
@@ -49,6 +49,16 @@ RSpec.describe UserSettings do
         expect(subject[:always_send_emails]).to be true
       end
     end
+
+    context 'when the setting has a closed set of values' do
+      it 'updates the attribute when given a valid value' do
+        expect { subject[:'web.display_media'] = :show_all }.to change { subject[:'web.display_media'] }.from('default').to('show_all')
+      end
+
+      it 'raises an error when given an invalid value' do
+        expect { subject[:'web.display_media'] = 'invalid value' }.to raise_error ArgumentError
+      end
+    end
   end
 
   describe '#update' do
-- 
GitLab