discourse/spec/serializers/upload_serializer_spec.rb

# frozen_string_literal: true

require 'rails_helper'

RSpec.describe UploadSerializer do
  fab!(:upload) { Fabricate(:upload) }
  let(:subject) { UploadSerializer.new(upload, root: false) }

  it 'should render without errors' do
    json_data = JSON.load(subject.to_json)

    expect(json_data['id']).to eql upload.id
    expect(json_data['width']).to eql upload.width
    expect(json_data['height']).to eql upload.height
    expect(json_data['thumbnail_width']).to eql upload.thumbnail_width
    expect(json_data['thumbnail_height']).to eql upload.thumbnail_height
    expect(json_data['short_path']).to eql upload.short_path
  end

  context "when the upload is secure" do
    fab!(:upload) { Fabricate(:secure_upload) }

    context "when secure media is disabled" do
      it "just returns the normal URL, otherwise S3 errors are encountered" do
        json_data = JSON.load(subject.to_json)
        expect(json_data['url']).to eq(upload.url)
      end
    end

    context "when secure media is enabled" do
      before do
        enable_s3_uploads
        SiteSetting.secure_media = true
      end

      it "returns the cooked URL based on the upload URL" do
        UrlHelper.expects(:cook_url).with(upload.url, secure: true)
        subject.to_json
      end
    end
  end

  def enable_s3_uploads
    SiteSetting.s3_upload_bucket = "s3-upload-bucket"
    SiteSetting.s3_access_key_id = "s3-access-key-id"
    SiteSetting.s3_secret_access_key = "s3-secret-access-key"
    SiteSetting.s3_region = 'us-west-1'
    SiteSetting.enable_s3_uploads = true

    store = FileStore::S3Store.new
    s3_helper = store.instance_variable_get(:@s3_helper)
    client = Aws::S3::Client.new(stub_responses: true)
    s3_helper.stubs(:s3_client).returns(client)
    Discourse.stubs(:store).returns(store)
  end
end
DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction 2019-04-29 20:27:42 -04:00			`# frozen_string_literal: true`

Add missing fields to Upload Fabricator (#6448) 2018-10-04 10:00:07 -04:00			`require 'rails_helper'`

			`RSpec.describe UploadSerializer do`
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0 2019-05-06 23:12:20 -04:00			`fab!(:upload) { Fabricate(:upload) }`
Add missing fields to Upload Fabricator (#6448) 2018-10-04 10:00:07 -04:00			`let(:subject) { UploadSerializer.new(upload, root: false) }`

			`it 'should render without errors' do`
			`json_data = JSON.load(subject.to_json)`

			`expect(json_data['id']).to eql upload.id`
			`expect(json_data['width']).to eql upload.width`
			`expect(json_data['height']).to eql upload.height`
			`expect(json_data['thumbnail_width']).to eql upload.thumbnail_width`
			`expect(json_data['thumbnail_height']).to eql upload.thumbnail_height`
FIX: add short_path to upload_serializer (#9417) What problem I am trying to solve? When an encrypted message is crafted and the image is added - discourse needs a hard refresh to display that image. What is happening? Everything starts here - when the upload is finished we add serialized object to the cache https://github.com/discourse/discourse/blob/master/app/assets/javascripts/discourse/components/composer-editor.js#L748:L757 Then, `discourse-encrypt` is trying to get an image from the cache and use `short_path` property https://github.com/discourse/discourse-encrypt/blob/master/assets/javascripts/discourse/initializers/hook-decrypt-post.js.es6#L142:L143 Why is it working after a hard refresh? After refresh, we populate cache once again using that function: https://github.com/discourse/discourse/blob/master/app/assets/javascripts/pretty-text/upload-short-url.js#L11:L17 And lookup_urls method from backend is returning `short_path` https://github.com/discourse/discourse/blob/master/app/controllers/uploads_controller.rb#L55:L64 TL;DR We should expose short path in upload serializer. I ensured that this serializer is used only when attachments are uploaded so it should not affect performance. 2020-04-14 19:19:59 -04:00			`expect(json_data['short_path']).to eql upload.short_path`
Add missing fields to Upload Fabricator (#6448) 2018-10-04 10:00:07 -04:00			`end`
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component. 2020-01-15 22:50:27 -05:00
			`context "when the upload is secure" do`
			`fab!(:upload) { Fabricate(:secure_upload) }`

			`context "when secure media is disabled" do`
			`it "just returns the normal URL, otherwise S3 errors are encountered" do`
			`json_data = JSON.load(subject.to_json)`
			`expect(json_data['url']).to eq(upload.url)`
			`end`
			`end`

			`context "when secure media is enabled" do`
			`before do`
			`enable_s3_uploads`
			`SiteSetting.secure_media = true`
			`end`

			`it "returns the cooked URL based on the upload URL" do`
			`UrlHelper.expects(:cook_url).with(upload.url, secure: true)`
			`subject.to_json`
			`end`
			`end`
			`end`

			`def enable_s3_uploads`
			`SiteSetting.s3_upload_bucket = "s3-upload-bucket"`
			`SiteSetting.s3_access_key_id = "s3-access-key-id"`
			`SiteSetting.s3_secret_access_key = "s3-secret-access-key"`
			`SiteSetting.s3_region = 'us-west-1'`
			`SiteSetting.enable_s3_uploads = true`

			`store = FileStore::S3Store.new`
			`s3_helper = store.instance_variable_get(:@s3_helper)`
			`client = Aws::S3::Client.new(stub_responses: true)`
			`s3_helper.stubs(:s3_client).returns(client)`
			`Discourse.stubs(:store).returns(store)`
			`end`
Add missing fields to Upload Fabricator (#6448) 2018-10-04 10:00:07 -04:00			`end`