Discource-C/discourse-ai
1
0
Fork 0
mirror of https://github.com/discourse/discourse-ai.git synced 2025-02-05 19:18:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
discourse-ai/spec/jobs/shared_conversation_adjust_upload_security_spec.rb
Martin Brennan bab5e52e38
FIX: Secure/unsecure uploads when sharing AI conversations (#554) 
This commit uses a new plugin modifier introduced in https://github.com/discourse/discourse/pull/26508
to mark all uploads as _not_ secure in shared PM AI conversations.
This is so images created by the AI bot (or uploaded by the user)
do not end up as broken URLs because of the security requirements
around them.

This relies on the UpdateTopicUploadSecurity job in core as well,
which is fired when an AI conversation is shared or deleted.
2024-04-11 10:00:41 +10:00

68 lines
2.3 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
RSpec.describe Jobs::SharedConversationAdjustUploadSecurity do
let(:params) { {} }
fab!(:bot_user) do
SiteSetting.discourse_ai_enabled = true
SiteSetting.ai_bot_enabled_chat_bots = "claude-2"
SiteSetting.ai_bot_enabled = true
SiteSetting.ai_bot_allowed_groups = "10"
SiteSetting.ai_bot_public_sharing_allowed_groups = "10"
User.find(DiscourseAi::AiBot::EntryPoint::CLAUDE_V2_ID)
end
fab!(:user)
fab!(:topic) { Fabricate(:private_message_topic, user: user, recipient: bot_user) }
fab!(:post_1) { Fabricate(:post, topic: topic, user: bot_user) }
fab!(:post_2) { Fabricate(:post, topic: topic, user: user) }
fab!(:conversation) { SharedAiConversation.share_conversation(user, topic) }
def run_job
described_class.new.execute(params)
end
context "when conversation is created" do
let(:params) { { conversation_id: conversation.id } }
it "does nothing for a conversation that has been deleted before the job ran" do
conversation.destroy
SharedAiConversation.any_instance.expects(:update).never
run_job
end
it "does nothing if there weren't any posts with secure uploads in the topic" do
original_context = conversation.context
run_job
expect(conversation.reload.context).to eq(original_context)
end
context "when topic posts were rebaked because they had secure uploads" do
it "updates the conversation cooked post content after rebaking" do
post_2.update!(raw: "some new rebaked content")
TopicUploadSecurityManager.any_instance.expects(:run).returns([post_2])
original_context = conversation.context
run_job
expect(conversation.reload.context).not_to eq(original_context)
end
end
end
context "when conversation has been deleted" do
let(:params) { { target_id: topic.id, target_type: "Topic" } }
before { conversation.destroy! }
it "runs the topic upload security manager but doesn't attempt to update a conversation" do
SharedAiConversation.any_instance.expects(:update).never
TopicUploadSecurityManager.any_instance.expects(:run).once
run_job
end
it "doesn't attempt to run the topic upload security manager if the topic has been deleted" do
TopicUploadSecurityManager.any_instance.expects(:run).never
topic.trash!
run_job
end
end
end
Reference in New Issue View Git Blame Copy Permalink