Merge pull request #34 from archtika/devel

Escape user input <ins> and <del> elements in logs

nix/deploy/prod/default.nix

@@ -59,6 +59,4 @@ in
       };
     };
   };
-
-  services.postgresql.settings.default_text_search_config = "pg_catalog.english";
 }

nix/deploy/qs/default.nix

@@ -30,6 +30,4 @@ in
       group = "nginx";
     };
   };
-
-  services.postgresql.settings.default_text_search_config = "pg_catalog.english";
 }

nix/package.nix

@@ -10,7 +10,7 @@ let
   web = buildNpmPackage {
     name = "web-app";
     src = ../web-app;
-    npmDepsHash = "sha256-ab7MJ5vl6XNaAHTyzRxj/Zpk1nEKQLzGmPGJdDrdemg=";
+    npmDepsHash = "sha256-J58LwSEQa0p6J6h/wPhpGY/60n9a7TOV5WfNm4K1NH0=";
     npmFlags = [ "--legacy-peer-deps" ];
     installPhase = ''
       mkdir -p $out/web-app

rest-api/db/migrations/20240719071602_main_tables.sql

@@ -157,3 +157,41 @@ CREATE TABLE internal.collab (
 );
 
 -- migrate:down
+DROP TABLE internal.collab;
+
+DROP TABLE internal.footer;
+
+DROP TABLE internal.article;
+
+DROP TABLE internal.docs_category;
+
+DROP TABLE internal.home;
+
+DROP TABLE internal.header;
+
+DROP TABLE internal.settings;
+
+DROP TABLE internal.media;
+
+DROP TABLE internal.website;
+
+DROP TABLE internal.user;
+
+DROP SCHEMA api;
+
+DROP FUNCTION internal.generate_slug;
+
+DROP SCHEMA internal;
+
+DROP ROLE anon;
+
+DROP ROLE authenticated_user;
+
+DROP ROLE administrator;
+
+DROP ROLE authenticator;
+
+ALTER DEFAULT PRIVILEGES GRANT EXECUTE ON FUNCTIONS TO PUBLIC;
+
+DROP EXTENSION unaccent;
+

rest-api/db/migrations/20240720073454_automatic_schema_cache_reloading.sql

@@ -13,3 +13,7 @@ CREATE EVENT TRIGGER pgrst_watch ON ddl_command_end
   EXECUTE FUNCTION internal.pgrst_watch ();
 
 -- migrate:down
+DROP EVENT TRIGGER pgrst_watch;
+
+DROP FUNCTION internal.pgrst_watch;
+

rest-api/db/migrations/20240720074103_user_management_roles_jwt.sql

@@ -170,3 +170,23 @@ GRANT EXECUTE ON FUNCTION api.login TO anon;
 GRANT EXECUTE ON FUNCTION api.delete_account TO authenticated_user;
 
 -- migrate:down
+DROP TRIGGER encrypt_pass ON internal.user;
+
+DROP TRIGGER ensure_user_role_exists ON internal.user;
+
+DROP FUNCTION api.register;
+
+DROP FUNCTION api.login;
+
+DROP FUNCTION api.delete_account;
+
+DROP FUNCTION internal.user_role;
+
+DROP FUNCTION internal.encrypt_pass;
+
+DROP FUNCTION internal.check_role_exists;
+
+DROP EXTENSION pgjwt;
+
+DROP EXTENSION pgcrypto;
+

rest-api/db/migrations/20240720132802_exposed_views_functions.sql

@@ -163,3 +163,25 @@ GRANT SELECT, INSERT (website_id, user_id, permission_level), UPDATE (permission
 GRANT SELECT, INSERT, UPDATE, DELETE ON api.collab TO authenticated_user;
 
 -- migrate:down
+DROP FUNCTION api.create_website;
+
+DROP VIEW api.collab;
+
+DROP VIEW api.footer;
+
+DROP VIEW api.home;
+
+DROP VIEW api.docs_category;
+
+DROP VIEW api.article;
+
+DROP VIEW api.header;
+
+DROP VIEW api.settings;
+
+DROP VIEW api.website;
+
+DROP VIEW api.user;
+
+DROP VIEW api.account;
+

rest-api/db/migrations/20240724191017_row_level_security.sql

@@ -170,3 +170,77 @@ CREATE POLICY delete_collaborations ON internal.collab
     USING (internal.user_has_website_access (website_id, 30, collaborator_permission_level => permission_level, collaborator_user_id => user_id));
 
 -- migrate:down
+DROP POLICY view_user ON internal.user;
+
+DROP POLICY update_user ON internal.user;
+
+DROP POLICY delete_user ON internal.user;
+
+DROP POLICY view_websites ON internal.website;
+
+DROP POLICY delete_website ON internal.website;
+
+DROP POLICY update_website ON internal.website;
+
+DROP POLICY view_settings ON internal.settings;
+
+DROP POLICY update_settings ON internal.settings;
+
+DROP POLICY view_header ON internal.header;
+
+DROP POLICY update_header ON internal.header;
+
+DROP POLICY view_home ON internal.home;
+
+DROP POLICY update_home ON internal.home;
+
+DROP POLICY view_articles ON internal.article;
+
+DROP POLICY update_article ON internal.article;
+
+DROP POLICY delete_article ON internal.article;
+
+DROP POLICY insert_article ON internal.article;
+
+DROP POLICY view_categories ON internal.docs_category;
+
+DROP POLICY update_category ON internal.docs_category;
+
+DROP POLICY delete_category ON internal.docs_category;
+
+DROP POLICY insert_category ON internal.docs_category;
+
+DROP POLICY view_footer ON internal.footer;
+
+DROP POLICY update_footer ON internal.footer;
+
+DROP POLICY view_collaborations ON internal.collab;
+
+DROP POLICY insert_collaborations ON internal.collab;
+
+DROP POLICY update_collaborations ON internal.collab;
+
+DROP POLICY delete_collaborations ON internal.collab;
+
+DROP FUNCTION internal.user_has_website_access;
+
+ALTER TABLE internal.user DISABLE ROW LEVEL SECURITY;
+
+ALTER TABLE internal.website DISABLE ROW LEVEL SECURITY;
+
+ALTER TABLE internal.media DISABLE ROW LEVEL SECURITY;
+
+ALTER TABLE internal.settings DISABLE ROW LEVEL SECURITY;
+
+ALTER TABLE internal.header DISABLE ROW LEVEL SECURITY;
+
+ALTER TABLE internal.home DISABLE ROW LEVEL SECURITY;
+
+ALTER TABLE internal.article DISABLE ROW LEVEL SECURITY;
+
+ALTER TABLE internal.docs_category DISABLE ROW LEVEL SECURITY;
+
+ALTER TABLE internal.footer DISABLE ROW LEVEL SECURITY;
+
+ALTER TABLE internal.collab DISABLE ROW LEVEL SECURITY;
+

rest-api/db/migrations/20240805132306_last_modified_triggers.sql

@@ -74,3 +74,21 @@ CREATE TRIGGER update_collab_last_modified
   EXECUTE FUNCTION internal.update_last_modified ();
 
 -- migrate:down
+DROP TRIGGER update_website_last_modified ON internal.website;
+
+DROP TRIGGER update_settings_last_modified ON internal.settings;
+
+DROP TRIGGER update_header_last_modified ON internal.header;
+
+DROP TRIGGER update_home_last_modified ON internal.home;
+
+DROP TRIGGER update_article_last_modified ON internal.article;
+
+DROP TRIGGER update_docs_category_modified ON internal.docs_category;
+
+DROP TRIGGER update_footer_last_modified ON internal.footer;
+
+DROP TRIGGER update_collab_last_modified ON internal.collab;
+
+DROP FUNCTION internal.update_last_modified;
+

rest-api/db/migrations/20240808141708_collaborator_not_owner.sql

@@ -24,3 +24,7 @@ CREATE CONSTRAINT TRIGGER check_user_not_website_owner
   EXECUTE FUNCTION internal.check_user_not_website_owner ();
 
 -- migrate:down
+DROP TRIGGER check_user_not_website_owner ON internal.collab;
+
+DROP FUNCTION internal.check_user_not_website_owner;
+

rest-api/db/migrations/20240810115846_image_upload_function.sql

@@ -95,3 +95,9 @@ GRANT EXECUTE ON FUNCTION api.retrieve_file TO anon;
 GRANT EXECUTE ON FUNCTION api.retrieve_file TO authenticated_user;
 
 -- migrate:down
+DROP FUNCTION api.upload_file;
+
+DROP FUNCTION api.retrieve_file;
+
+DROP DOMAIN "*/*";
+

rest-api/db/migrations/20240911070907_change_log.sql

@@ -133,3 +133,29 @@ CREATE TRIGGER track_changes_collab
   EXECUTE FUNCTION internal.track_changes ();
 
 -- migrate:down
+DROP TRIGGER track_changes_website ON internal.website;
+
+DROP TRIGGER track_changes_media ON internal.media;
+
+DROP TRIGGER track_changes_settings ON internal.settings;
+
+DROP TRIGGER track_changes_header ON internal.header;
+
+DROP TRIGGER track_changes_home ON internal.home;
+
+DROP TRIGGER track_changes_article ON internal.article;
+
+DROP TRIGGER track_changes_docs_category ON internal.docs_category;
+
+DROP TRIGGER track_changes_footer ON internal.footer;
+
+DROP TRIGGER track_changes_collab ON internal.collab;
+
+DROP FUNCTION internal.track_changes;
+
+DROP VIEW api.change_log;
+
+DROP TABLE internal.change_log;
+
+DROP EXTENSION hstore;
+

rest-api/db/migrations/20241006165029_administrator.sql

@@ -141,3 +141,29 @@ GRANT UPDATE, DELETE ON internal.user TO administrator;
 GRANT UPDATE, DELETE ON api.user TO administrator;
 
 -- migrate:down
+DROP FUNCTION api.user_websites_storage_size;
+
+DROP TRIGGER _prevent_storage_excess_article ON internal.article;
+
+DROP TRIGGER _prevent_storage_excess_collab ON internal.collab;
+
+DROP TRIGGER _prevent_storage_excess_docs_category ON internal.docs_category;
+
+DROP TRIGGER _prevent_storage_excess_footer ON internal.footer;
+
+DROP TRIGGER _prevent_storage_excess_header ON internal.header;
+
+DROP TRIGGER _prevent_storage_excess_home ON internal.home;
+
+DROP TRIGGER _prevent_storage_excess_media ON internal.media;
+
+DROP TRIGGER _prevent_storage_excess_settings ON internal.settings;
+
+DROP FUNCTION internal.prevent_website_storage_size_excess;
+
+REVOKE UPDATE (max_storage_size) ON internal.website FROM administrator;
+
+REVOKE UPDATE, DELETE ON internal.user FROM administrator;
+
+REVOKE UPDATE, DELETE ON api.user FROM administrator;
+

rest-api/db/migrations/20241011092744_filesystem_triggers.sql

@@ -56,3 +56,9 @@ CREATE TRIGGER _cleanup_filesystem_article
   EXECUTE FUNCTION internal.cleanup_filesystem ();
 
 -- migrate:down
+DROP TRIGGER _cleanup_filesystem_website ON internal.website;
+
+DROP TRIGGER _cleanup_filesystem_article ON internal.article;
+
+DROP FUNCTION internal.cleanup_filesystem;
+

rest-api/db/migrations/20241029160539_export_articles.sql

@@ -39,3 +39,5 @@ SECURITY DEFINER;
 GRANT EXECUTE ON FUNCTION api.export_articles_zip TO authenticated_user;
 
 -- migrate:down
+DROP FUNCTION api.export_articles_zip;
+

rest-api/db/migrations/20241206191942_username_blocklist.sql

@@ -3,3 +3,6 @@ ALTER TABLE internal.user
   ADD CONSTRAINT username_not_blocked CHECK (LOWER(username) NOT IN ('admin', 'administrator', 'api', 'auth', 'blog', 'cdn', 'docs', 'help', 'login', 'logout', 'profile', 'register', 'settings', 'setup', 'signin', 'signup', 'support', 'test', 'www'));
 
 -- migrate:down
+ALTER TABLE internal.user
+  DROP CONSTRAINT username_not_blocked;
+

rest-api/db/migrations/20250323134405_username_blocklist.sql

@@ -6,3 +6,8 @@ ALTER TABLE internal.user
   ADD CONSTRAINT username_not_blocked CHECK (LOWER(username) NOT IN ('admin', 'administrator', 'api', 'auth', 'blog', 'cdn', 'docs', 'help', 'login', 'logout', 'profile', 'preview', 'previews', 'register', 'settings', 'setup', 'signin', 'signup', 'support', 'test', 'www'));
 
 -- migrate:down
+ALTER TABLE internal.user
+  DROP CONSTRAINT username_not_blocked;
+
+ALTER TABLE internal.user
+  ADD CONSTRAINT username_not_blocked CHECK (LOWER(username) NOT IN ('admin', 'administrator', 'api', 'auth', 'blog', 'cdn', 'docs', 'help', 'login', 'logout', 'profile', 'register', 'settings', 'setup', 'signin', 'signup', 'support', 'test', 'www'));

rest-api/db/migrations/20250410150518_filesystem_triggers.sql

@@ -1,88 +0,0 @@
--- migrate:up
-DROP TRIGGER _cleanup_filesystem_website ON internal.website;
-
-DROP TRIGGER _cleanup_filesystem_article ON internal.article;
-
-DROP FUNCTION internal.cleanup_filesystem;
-
-CREATE FUNCTION internal.cleanup_filesystem ()
-  RETURNS TRIGGER
-  AS $$
-DECLARE
-  _website_id UUID;
-  _website_user_id UUID;
-  _website_slug TEXT;
-  _username TEXT;
-  _base_path CONSTANT TEXT := '/var/www/archtika-websites';
-  _preview_path TEXT;
-  _prod_path TEXT;
-  _article_slug TEXT;
-BEGIN
-  IF TG_TABLE_NAME = 'website' THEN
-    _website_id := OLD.id;
-    _website_user_id = OLD.user_id;
-    _website_slug := OLD.slug;
-  ELSE
-    _website_id := OLD.website_id;
-  END IF;
-  SELECT
-    u.username INTO _username
-  FROM
-    internal.user AS u
-  WHERE
-    u.id = _website_user_id;
-  _preview_path := _base_path || '/previews/' || _website_id;
-  IF TG_TABLE_NAME = 'website' THEN
-    EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -rf %s''', _preview_path);
-    IF _username IS NOT NULL THEN
-      _prod_path := _base_path || '/' || _username || '/' || _website_slug;
-      EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -rf %s''', _prod_path);
-    END IF;
-  ELSIF TG_TABLE_NAME = 'article' THEN
-    SELECT
-      a.slug INTO _article_slug
-    FROM
-      internal.article AS a
-    WHERE
-      a.id = OLD.id;
-    EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -f %s/articles/%s.html''', _preview_path, _article_slug);
-  END IF;
-  RETURN COALESCE(NEW, OLD);
-END;
-$$
-LANGUAGE plpgsql
-SECURITY DEFINER;
-
-CREATE FUNCTION internal.cleanup_user_directory ()
-  RETURNS TRIGGER
-  AS $$
-DECLARE
-  _username TEXT;
-  _base_path CONSTANT TEXT := '/var/www/archtika-websites';
-  _user_path TEXT;
-BEGIN
-  _username := OLD.username;
-  _user_path := _base_path || '/' || _username;
-  EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -rf %s''', _user_path);
-  RETURN OLD;
-END;
-$$
-LANGUAGE plpgsql
-SECURITY DEFINER;
-
-CREATE TRIGGER _cleanup_filesystem_website
-  BEFORE UPDATE OF title OR DELETE ON internal.website
-  FOR EACH ROW
-  EXECUTE FUNCTION internal.cleanup_filesystem ();
-
-CREATE TRIGGER _cleanup_filesystem_article
-  BEFORE UPDATE OF title OR DELETE ON internal.article
-  FOR EACH ROW
-  EXECUTE FUNCTION internal.cleanup_filesystem ();
-
-CREATE TRIGGER _cleanup_user_directory
-  BEFORE DELETE ON internal.user
-  FOR EACH ROW
-  EXECUTE FUNCTION internal.cleanup_user_directory ();
-
--- migrate:down

web-app/package-lock.json

@@ -8,7 +8,7 @@
       "name": "web-app",
       "version": "0.0.1",
       "dependencies": {
-        "diff": "7.0.0",
+        "diff-match-patch": "1.0.5",
         "highlight.js": "11.11.1",
         "isomorphic-dompurify": "2.22.0",
         "marked": "15.0.7",
@@ -20,7 +20,7 @@
         "@sveltejs/adapter-node": "5.2.12",
         "@sveltejs/kit": "2.20.2",
         "@sveltejs/vite-plugin-svelte": "5.0.3",
-        "@types/diff": "7.0.2",
+        "@types/diff-match-patch": "1.0.36",
         "@types/eslint": "9.6.1",
         "@types/eslint__js": "9.14.0",
         "@types/eslint-config-prettier": "6.11.3",
@@ -1425,10 +1425,10 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/@types/diff": {
-      "version": "7.0.2",
-      "resolved": "https://registry.npmjs.org/@types/diff/-/diff-7.0.2.tgz",
-      "integrity": "sha512-JSWRMozjFKsGlEjiiKajUjIJVKuKdE3oVy2DNtK+fUo8q82nhFZ2CPQwicAIkXrofahDXrWJ7mjelvZphMS98Q==",
+    "node_modules/@types/diff-match-patch": {
+      "version": "1.0.36",
+      "resolved": "https://registry.npmjs.org/@types/diff-match-patch/-/diff-match-patch-1.0.36.tgz",
+      "integrity": "sha512-xFdR6tkm0MWvBfO8xXCSsinYxHcqkQUlcHeSpMC2ukzOb6lwQAfDmW+Qt0AvlGd8HpsS28qKsB+oPeJn9I39jg==",
       "dev": true,
       "license": "MIT"
     },
@@ -2125,14 +2125,11 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/diff": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/diff/-/diff-7.0.0.tgz",
-      "integrity": "sha512-PJWHUb1RFevKCwaFA9RlG5tCd+FO5iRh9A8HEtkmBH2Li03iJriB6m6JIN4rGz3K3JLawI7/veA1xzRKP6ISBw==",
-      "license": "BSD-3-Clause",
-      "engines": {
-        "node": ">=0.3.1"
-      }
+    "node_modules/diff-match-patch": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/diff-match-patch/-/diff-match-patch-1.0.5.tgz",
+      "integrity": "sha512-IayShXAgj/QMXgB0IWmKx+rOPuGMhqm5w6jvFxmVenXKIzRqTAAsbBPT3kWQeGANj3jGgvcvv4yK6SxqYmikgw==",
+      "license": "Apache-2.0"
     },
     "node_modules/dompurify": {
       "version": "3.2.4",

web-app/package.json

@@ -19,7 +19,7 @@
     "@sveltejs/adapter-node": "5.2.12",
     "@sveltejs/kit": "2.20.2",
     "@sveltejs/vite-plugin-svelte": "5.0.3",
-    "@types/diff": "7.0.2",
+    "@types/diff-match-patch": "1.0.36",
     "@types/eslint": "9.6.1",
     "@types/eslint__js": "9.14.0",
     "@types/eslint-config-prettier": "6.11.3",
@@ -38,7 +38,7 @@
     "vite": "6.2.5"
   },
   "dependencies": {
-    "diff": "7.0.0",
+    "diff-match-patch": "1.0.5",
     "highlight.js": "11.11.1",
     "isomorphic-dompurify": "2.22.0",
     "marked": "15.0.7",

web-app/src/routes/(authenticated)/website/[websiteId]/+page.svelte

@@ -136,7 +136,7 @@
       </label>
       <div class="file-field">
         <label>
-          Logo image (height should be &lt;= 32px):
+          Logo image:
           <input type="file" name="logo-image" accept={ALLOWED_MIME_TYPES.join(", ")} />
         </label>
         {#if data.header.logo_image}

web-app/src/routes/(authenticated)/website/[websiteId]/logs/+page.server.ts

@@ -1,8 +1,8 @@
 import type { PageServerLoad, Actions } from "./$types";
 import { API_BASE_PREFIX, apiRequest } from "$lib/server/utils";
 import type { ChangeLog, User, Collab } from "$lib/db-schema";
+import DiffMatchPatch from "diff-match-patch";
 import { PAGINATION_MAX_ITEMS } from "$lib/utils";
-import * as Diff from "diff";
 
 export const load: PageServerLoad = async ({ parent, fetch, params, url }) => {
   const userFilter = url.searchParams.get("user");
@@ -76,19 +76,22 @@ export const actions: Actions = {
   computeDiff: async ({ request, fetch }) => {
     const data = await request.formData();
 
+    const dmp = new DiffMatchPatch();
+
     const htmlDiff = (oldValue: string, newValue: string) => {
-      const diff = Diff.diffWordsWithSpace(oldValue, newValue);
+      const diff = dmp.diff_main(oldValue, newValue);
 
       return diff
-        .map((part) => {
-          const escapedText = part.value.replace(/</g, "&lt;").replace(/>/g, "&gt;");
+        .map(([op, text]) => {
+          const escapedText = text.replace(/</g, "&lt;").replace(/>/g, "&gt;");
 
-          if (part.added) {
-            return `<ins>${escapedText}</ins>`;
-          } else if (part.removed) {
-            return `<del>${escapedText}</del>`;
-          } else {
-            return escapedText;
+          switch (op) {
+            case 1:
+              return `<ins>${escapedText}</ins>`;
+            case -1:
+              return `<del>${escapedText}</del>`;
+            default:
+              return escapedText;
           }
         })
         .join("");
@@ -109,12 +112,8 @@ export const actions: Actions = {
     return {
       logId: data.get("id"),
       currentDiff: htmlDiff(
-        JSON.stringify(log.old_value, null, 2)
-          .replace(/\\r\\n|\\n|\\r/g, "\n")
-          .replace(/\\\"/g, '"'),
+        JSON.stringify(log.old_value, null, 2),
         JSON.stringify(log.new_value, null, 2)
-          .replace(/\\r\\n|\\n|\\r/g, "\n")
-          .replace(/\\\"/g, '"')
       )
     };
   }

web-app/src/routes/(authenticated)/website/[websiteId]/logs/+page.svelte

@@ -141,7 +141,9 @@
                       <button type="submit">Compute diff</button>
                     </form>
                     {#if form?.logId === id && form?.currentDiff}
-                      <pre>{@html form.currentDiff}</pre>
+                      <pre>{@html form.currentDiff
+                          .replace(/\\\"/g, '"')
+                          .replace(/\\r\\n|\\n|\\r/g, "\n")}</pre>
                     {/if}
                   {/if}
 

web-app/template-styles/blog-styles.css

@@ -33,6 +33,7 @@ header img {
   object-position: center;
 }
 
+nav,
 header,
 main {
   padding-block: var(--space-s);
@@ -70,6 +71,11 @@ section {
   scroll-margin-block-start: var(--space-xl);
 }
 
+.top-nav-logo {
+  max-block-size: var(--space-xl);
+  padding-block: var(--space-xs);
+}
+
 @media (min-width: 1525px) {
   #table-of-contents {
     position: fixed;

web-app/template-styles/docs-styles.css

@@ -26,6 +26,7 @@ header > .container {
   gap: var(--space-s);
 }
 
+nav,
 header,
 main {
   padding-block: var(--space-s);
@@ -48,6 +49,11 @@ section {
   scroll-margin-block-start: var(--space-xl);
 }
 
+.top-nav-logo {
+  max-block-size: var(--space-xl);
+  padding-block: var(--space-xs);
+}
+
 .docs-navigation {
   display: none;
   position: fixed;

web-app/tests/settings.spec.ts

@@ -50,9 +50,9 @@ test.describe("Website owner", () => {
     await page.getByLabel("Logo text:").click();
     await page.getByLabel("Logo text:").press("ControlOrMeta+a");
     await page.getByLabel("Logo text:").fill("Logo text");
-    await page.getByLabel(/Logo image/).click();
+    await page.getByLabel("Logo image:").click();
     await page
-      .getByLabel(/Logo image/)
+      .getByLabel("Logo image")
       .setInputFiles(join(__dirname, "sample-files", "archtika-logo-512x512.png"));
     await page.getByRole("button", { name: "Update header" }).click();
     await expect(page.getByText("Successfully updated header")).toBeVisible();
@@ -122,9 +122,9 @@ for (const permissionLevel of permissionLevels) {
       await page.getByLabel("Logo text:").click();
       await page.getByLabel("Logo text:").press("ControlOrMeta+a");
       await page.getByLabel("Logo text:").fill("Logo text");
-      await page.getByLabel(/Logo image/).click();
+      await page.getByLabel("Logo image:").click();
       await page
-        .getByLabel(/Logo image/)
+        .getByLabel("Logo image")
         .setInputFiles(join(__dirname, "sample-files", "archtika-logo-512x512.png"));
       await page
         .getByRole("button", { name: "Update header" })