Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/lib/upload_security_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

344 lines
11 KiB
Ruby
Raw Normal View History

FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
# frozen_string_literal: true
RSpec.describe UploadSecurity do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
subject(:security) { described_class.new(upload, opts) }
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
fab!(:private_category) { Fabricate(:private_category, group: Fabricate(:group)) }
fab!(:post_in_secure_context) do
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
Fabricate(:post, topic: Fabricate(:topic, category: private_category))
DEV: Apply syntax_tree formatting to `spec/*`
2023-01-09 06:18:21 -05:00
end
DEV: Allow fab! without block (#24314) The most common thing that we do with fab! is: fab!(:thing) { Fabricate(:thing) } This commit adds a shorthand for this which is just simply: fab!(:thing) i.e. If you omit the block, then, by default, you'll get a `Fabricate`d object using the fabricator of the same name.
2023-11-09 17:47:59 -05:00
fab!(:upload)
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
let(:type) { nil }
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
let(:opts) { { type: type, creating: creating } }
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-28 19:24:33 -04:00
context "when secure uploads is enabled" do
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
setup_s3
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-28 19:24:33 -04:00
SiteSetting.secure_uploads = true
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
context "when creating the upload" do
let(:creating) { true }
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
context "when login_required (everything should be secure except public context items)" do
before { SiteSetting.login_required = true }
it "returns true" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
FIX: Do not mark badge image uploads as secure (#13193) * FIX: Do not mark badge image uploads as secure We do not need badge_image upload types to be marked as secure. Post migration is the same as https://github.com/discourse/discourse/pull/12081. See https://meta.discourse.org/t/secure-media-uploads/140017/122?u=martin
2021-05-27 22:35:52 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
FEATURE: Secure uploads in PMs only (#23398) This adds a new secure_uploads_pm_only site setting. When secure_uploads is true with this setting, only uploads created in PMs will be marked secure; no uploads in secure categories will be marked as secure, and the login_required site setting has no bearing on upload security either. This is meant to be a stopgap solution to prevent secure uploads in a single place (private messages) for sensitive admin data exports. Ideally we would want a more comprehensive way of saying that certain upload types get secured which is a hybrid/mixed mode secure uploads, but for now this will do the trick.
2023-09-05 19:39:09 -04:00
context "if secure_uploads_pm_only" do
before { SiteSetting.secure_uploads_pm_only = true }
it "returns false" do
expect(security.should_be_secure?).to eq(false)
end
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
context "when uploading in public context" do
describe "for a public type badge_image" do
let(:type) { "badge_image" }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Do not mark group_flair images as secure on upload (#12081) See https://meta.discourse.org/t/secure-media-uploads-breaks-group-flair-image/173671/4 Group flair image uploads definitely do not need to be secure.
2021-02-15 21:34:03 -05:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for a public type group_flair" do
let(:type) { "group_flair" }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for a public type avatar" do
let(:type) { "avatar" }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for a public type custom_emoji" do
let(:type) { "custom_emoji" }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for a public type profile_background" do
let(:type) { "profile_background" }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for a public type avatar" do
let(:type) { "avatar" }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for a public type category_logo" do
let(:type) { "category_logo" }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
FIX: Provide better API for registering custom upload public types (#10697) With secure media and the UploadSecurity class, we need a nice way for plugins to register custom upload types that should be considered public and never secure.
2020-09-17 21:54:33 -04:00
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for a public type category_background" do
let(:type) { "category_background" }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Provide better API for registering custom upload public types (#10697) With secure media and the UploadSecurity class, we need a nice way for plugins to register custom upload types that should be considered public and never secure.
2020-09-17 21:54:33 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for a custom public type" do
let(:type) { "my_custom_type" }
it "returns true if the custom type has not been added" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
it "returns false if the custom type has been added" do
UploadSecurity.register_custom_public_type(type)
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
UploadSecurity.reset_custom_public_types
end
FIX: Provide better API for registering custom upload public types (#10697) With secure media and the UploadSecurity class, we need a nice way for plugins to register custom upload types that should be considered public and never secure.
2020-09-17 21:54:33 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for_theme" do
before { upload.stubs(:for_theme).returns(true) }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for_site_setting" do
before { upload.stubs(:for_site_setting).returns(true) }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "for_gravatar" do
before { upload.stubs(:for_gravatar).returns(true) }
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "when it is based on a regular emoji" do
it "returns false" do
falafel =
Emoji.all.find do |e|
e.url == "/images/emoji/twitter/falafel.png?v=#{Emoji::EMOJI_VERSION}"
end
upload.update!(origin: "http://localhost:3000#{falafel.url}")
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
context "when the access control post has_secure_uploads?" do
before { upload.update(access_control_post_id: post_in_secure_context.id) }
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
it "returns true" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
context "when the post is deleted" do
before { post_in_secure_context.trash! }
it "still determines whether the post has secure uploads; returns true" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
FIX: Stop category logo + background being marked secure (#10513) Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693 Category backgrounds and logos are public uploads and should not be marked as secure. I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 03:12:28 -04:00
end
end
end
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
context "when uploading in the composer" do
let(:type) { "composer" }
it "returns true" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
DEV: Upload and secure media retroactive rake task improvements (#9027) * Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security * Improved uploads:disable_secure_media to be more efficient and provide better messages to the user. * Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL * Many improvements to uploads:secure_upload_analyse_and_update * Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload. * Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
2020-03-02 18:03:58 -05:00
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
context "when uploading for a group message" do
before { upload.stubs(:for_group_message).returns(true) }
it "returns true" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
DEV: Upload and secure media retroactive rake task improvements (#9027) * Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security * Improved uploads:disable_secure_media to be more efficient and provide better messages to the user. * Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL * Many improvements to uploads:secure_upload_analyse_and_update * Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload. * Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
2020-03-02 18:03:58 -05:00
end
end
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
context "when uploading for a PM" do
before { upload.stubs(:for_private_message).returns(true) }
it "returns true" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
context "when upload is already secure" do
before { upload.update(secure: true) }
it "returns true" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
context "for attachments" do
before { upload.update(original_filename: "test.pdf") }
context "when the access control post has_secure_uploads?" do
before { upload.update(access_control_post: post_in_secure_context) }
it "returns true" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
end
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
context "when checking an existing upload" do
let(:creating) { false }
before do
# this is done so the after_save callbacks for site settings to make
# UploadReference records works
@original_provider = SiteSetting.provider
SiteSetting.provider = SiteSettings::DbProvider.new(SiteSetting)
setup_s3
SiteSetting.secure_uploads = true
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
after { SiteSetting.provider = @original_provider }
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
def create_secure_post_reference
UploadReference.ensure_exist!(upload_ids: [upload.id], target: post_in_secure_context)
upload.update!(access_control_post: post_in_secure_context)
end
describe "when the upload is first used for a post in a secure context" do
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
it "returns true" do
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(true)
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
FIX: Do not count deleted post for upload ref security (#19949) When checking whether an existing upload should be secure based on upload references, do not count deleted posts, since there is still a reference attached to them. This can lead to issues where e.g. an upload is used for a post then later on a custom emoji.
2023-01-23 19:01:48 -05:00
describe "when the upload is first used for a post in a secure context that is later deleted" do
it "returns false" do
create_secure_post_reference
post_in_secure_context.trash!
CustomEmoji.create(name: "meme", upload: upload)
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Do not count deleted post for upload ref security (#19949) When checking whether an existing upload should be secure based on upload references, do not count deleted posts, since there is still a reference attached to them. This can lead to issues where e.g. an upload is used for a post then later on a custom emoji.
2023-01-23 19:01:48 -05:00
end
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
describe "when the upload is first used for a site setting" do
it "returns false" do
SiteSetting.favicon = upload
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
end
describe "when the upload is first used for a theme field" do
it "returns false" do
Fabricate(:theme_field, type_id: ThemeField.types[:theme_upload_var], upload: upload)
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
end
describe "when the upload is first used for a group flair image" do
it "returns false" do
Fabricate(:group, flair_upload: upload)
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
end
describe "when the upload is first used for a custom emoji" do
it "returns false" do
CustomEmoji.create(name: "meme", upload: upload)
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
FIX: UploadReference order by tiebreaker for UploadSecurity (#20602) Follow up to 4d2a95ffe6d63b8d2b5019654dd086f6a9bbbd44. Sometimes due to the original UploadReference migration or other issues, multiple UploadReference records can have the exact same created_at date and time. To tiebreak and correct the SQL order when this happens, we can add a secondary `id ASC` ordering when we check for the first upload reference.
2023-03-08 20:52:26 -05:00
context "when the created_at dates for upload references are identical" do
it "orders by id as well and returns false" do
now = Time.zone.now
custom_emoji = CustomEmoji.create(name: "meme", upload: upload)
create_secure_post_reference
UploadReference.find_by(target: custom_emoji).update!(created_at: now)
UploadReference.find_by(target: post_in_secure_context).update!(created_at: now)
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: UploadReference order by tiebreaker for UploadSecurity (#20602) Follow up to 4d2a95ffe6d63b8d2b5019654dd086f6a9bbbd44. Sometimes due to the original UploadReference migration or other issues, multiple UploadReference records can have the exact same created_at date and time. To tiebreak and correct the SQL order when this happens, we can add a secondary `id ASC` ordering when we check for the first upload reference.
2023-03-08 20:52:26 -05:00
end
end
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
describe "when the upload is first used for a badge" do
it "returns false" do
Fabricate(:badge, image_upload: upload)
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
end
describe "when the upload is first used for a category image (logo, dark logo, background)" do
it "returns false" do
Fabricate(:category, uploaded_logo: upload)
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
end
describe "when the upload is first used for a user profile (profile background, card background)" do
it "returns false" do
user = Fabricate(:user)
user.user_profile.update!(card_background_upload: upload)
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
end
describe "when the upload is first used for a user uploaded avatar" do
it "returns false" do
Fabricate(:user, uploaded_avatar: upload)
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
end
describe "when the upload is first used for a UserAvatar" do
it "returns false" do
Fabricate(:user_avatar, custom_upload: upload)
create_secure_post_reference
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
end
end
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
end
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-28 19:24:33 -04:00
context "when secure uploads is disabled" do
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
let(:creating) { true }
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-28 19:24:33 -04:00
before { SiteSetting.secure_uploads = false }
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
FIX: Change secure media to encompass attachments as well (#9271) If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”. This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-25 17:16:02 -04:00
context "for attachments" do
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
before { upload.update(original_filename: "test.pdf") }
FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) This fixes a longstanding issue for sites with the secure_uploads setting enabled. What would happen is a scenario like this, since we did not check all places an upload could be linked to whenever we used UploadSecurity to check whether an upload should be secure: * Upload is created and used for site setting, set to secure: false since site setting uploads should not be secure. Let's say favicon * Favicon for the site is used inside a post in a private category, e.g. via a Onebox * We changed the secure status for the upload to true, since it's been used in a private category and we don't check if it's originator was a public place * The site favicon breaks :'( This was a source of constant consternation. Now, when an upload is _not_ being created, and we are checking if an existing upload should be secure, we now check to see what the first record in the UploadReference table is for that upload. If it's something public like a site setting, then we will never change the upload to `secure`.
2023-01-19 19:24:52 -05:00
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
it "returns false" do
DEV: Update the rubocop-discourse gem This enables cops related to RSpec `subject`. See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-21 10:00:19 -04:00
expect(security.should_be_secure?).to eq(false)
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-20 18:35:16 -05:00
end
end
end
end