discourse/spec/controllers/uploads_controller_spec.rb

require 'spec_helper'

describe UploadsController do

  context '.create' do

    it 'requires you to be logged in' do
      expect { xhr :post, :create }.to raise_error(Discourse::NotLoggedIn)
    end

    context 'logged in' do

      before { @user = log_in :user }

      let(:logo) do
        ActionDispatch::Http::UploadedFile.new({
          filename: 'logo.png',
          tempfile: file_from_fixtures("logo.png")
        })
      end

      let(:text_file) do
        ActionDispatch::Http::UploadedFile.new({
          filename: 'LICENSE.TXT',
          tempfile: File.new("#{Rails.root}/LICENSE.txt")
        })
      end

      it 'is successful with an image' do
        Jobs.expects(:enqueue).with(:create_thumbnails, anything)

        message = MessageBus.track_publish do
          xhr :post, :create, file: logo, type: "avatar"
        end.first

        expect(response.status).to eq 200

        expect(message.channel).to eq("/uploads/avatar")
        expect(message.data).to be
      end

      it 'is successful with an attachment' do
        SiteSetting.stubs(:authorized_extensions).returns("*")

        Jobs.expects(:enqueue).never

        message = MessageBus.track_publish do
          xhr :post, :create, file: text_file, type: "composer"
        end.first

        expect(response.status).to eq 200
        expect(message.channel).to eq("/uploads/composer")
        expect(message.data).to be
      end

      it 'is successful with synchronous api' do
        SiteSetting.stubs(:authorized_extensions).returns("*")
        controller.stubs(:is_api?).returns(true)

        Jobs.expects(:enqueue).with(:create_thumbnails, anything)

        FakeWeb.register_uri(:get, "http://example.com/image.png", :body => File.read('spec/fixtures/images/logo.png'))

        xhr :post, :create, url: 'http://example.com/image.png', type: "avatar", synchronous: true

        json = ::JSON.parse(response.body)

        expect(response.status).to eq 200
        expect(json["id"]).to be
      end

      it 'correctly sets retain_hours for admins' do
        Jobs.expects(:enqueue).with(:create_thumbnails, anything)

        log_in :admin

        message = MessageBus.track_publish do
          xhr :post, :create, file: logo, retain_hours: 100, type: "profile_background"
        end.first

        id = message.data["id"]
        expect(Upload.find(id).retain_hours).to eq(100)
      end

      it 'requires a file' do
        Jobs.expects(:enqueue).never

        message = MessageBus.track_publish do
          xhr :post, :create, type: "composer"
        end.first

        expect(response.status).to eq 200
        expect(message.data["errors"]).to eq(I18n.t("upload.file_missing"))
      end

      it 'properly returns errors' do
        SiteSetting.stubs(:max_attachment_size_kb).returns(1)

        Jobs.expects(:enqueue).never

        message = MessageBus.track_publish do
          xhr :post, :create, file: text_file, type: "avatar"
        end.first

        expect(response.status).to eq 200
        expect(message.data["errors"]).to be
      end

      it 'ensures allow_uploaded_avatars is enabled when uploading an avatar' do
        SiteSetting.stubs(:allow_uploaded_avatars).returns(false)
        xhr :post, :create, file: logo, type: "avatar"
        expect(response).to_not be_success
      end

      it 'ensures sso_overrides_avatar is not enabled when uploading an avatar' do
        SiteSetting.stubs(:sso_overrides_avatar).returns(true)
        xhr :post, :create, file: logo, type: "avatar"
        expect(response).to_not be_success
      end

    end

  end

  context '.show' do

    let(:site) { "default" }
    let(:sha) { Digest::SHA1.hexdigest("discourse") }

    it "returns 404 when using external storage" do
      store = stub(internal?: false)
      Discourse.stubs(:store).returns(store)
      Upload.expects(:find_by).never

      get :show, site: site, sha: sha, extension: "pdf"
      expect(response.response_code).to eq(404)
    end

    it "returns 404 when the upload doens't exist" do
      Upload.stubs(:find_by).returns(nil)

      get :show, site: site, sha: sha, extension: "pdf"
      expect(response.response_code).to eq(404)
    end

    it 'uses send_file' do
      upload = build(:upload)
      Upload.expects(:find_by).with(sha1: sha).returns(upload)

      controller.stubs(:render)
      controller.expects(:send_file)

      get :show, site: site, sha: sha, extension: "zip"
    end

    context "prevent anons from downloading files" do

      before { SiteSetting.stubs(:prevent_anons_from_downloading_files).returns(true) }

      it "returns 404 when an anonymous user tries to download a file" do
        Upload.expects(:find_by).never

        get :show, site: site, sha: sha, extension: "pdf"
        expect(response.response_code).to eq(404)
      end

    end

  end

end
add UploadsController specs 2013-04-02 19:17:17 -04:00			`require 'spec_helper'`

			`describe UploadsController do`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`context '.create' do`
add UploadsController specs 2013-04-02 19:17:17 -04:00
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`it 'requires you to be logged in' do`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect { xhr :post, :create }.to raise_error(Discourse::NotLoggedIn)`
add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`context 'logged in' do`

			`before { @user = log_in :user }`
add UploadsController specs 2013-04-02 19:17:17 -04:00
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`let(:logo) do`
			`ActionDispatch::Http::UploadedFile.new({`
			`filename: 'logo.png',`
FIX: don't mess with fixtures when running the specs 2014-07-14 11:34:23 -04:00			`tempfile: file_from_fixtures("logo.png")`
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`})`
add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`

remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`let(:text_file) do`
			`ActionDispatch::Http::UploadedFile.new({`
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive 2014-04-29 13:12:35 -04:00			`filename: 'LICENSE.TXT',`
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`tempfile: File.new("#{Rails.root}/LICENSE.txt")`
			`})`
			`end`
add UploadsController specs 2013-04-02 19:17:17 -04:00
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`it 'is successful with an image' do`
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task 2015-05-25 11:59:00 -04:00			`Jobs.expects(:enqueue).with(:create_thumbnails, anything)`

FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`message = MessageBus.track_publish do`
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task 2015-05-25 11:59:00 -04:00			`xhr :post, :create, file: logo, type: "avatar"`
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`end.first`
add server-side filesize check on uploads 2013-07-23 18:54:18 -04:00
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`expect(response.status).to eq 200`
add server-side filesize check on uploads 2013-07-23 18:54:18 -04:00
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task 2015-05-25 11:59:00 -04:00			`expect(message.channel).to eq("/uploads/avatar")`
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`expect(message.data).to be`
			`end`
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive 2014-04-29 13:12:35 -04:00
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`it 'is successful with an attachment' do`
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task 2015-05-25 11:59:00 -04:00			`SiteSetting.stubs(:authorized_extensions).returns("*")`

			`Jobs.expects(:enqueue).never`

FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`message = MessageBus.track_publish do`
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task 2015-05-25 11:59:00 -04:00			`xhr :post, :create, file: text_file, type: "composer"`
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`end.first`
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive 2014-04-29 13:12:35 -04:00
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`expect(response.status).to eq 200`
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task 2015-05-25 11:59:00 -04:00			`expect(message.channel).to eq("/uploads/composer")`
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`expect(message.data).to be`
FIX: Allow api to send uploads with :url 2015-06-21 07:52:52 -04:00			`end`

			`it 'is successful with synchronous api' do`
			`SiteSetting.stubs(:authorized_extensions).returns("*")`
			`controller.stubs(:is_api?).returns(true)`

			`Jobs.expects(:enqueue).with(:create_thumbnails, anything)`

			`FakeWeb.register_uri(:get, "http://example.com/image.png", :body => File.read('spec/fixtures/images/logo.png'))`

			`xhr :post, :create, url: 'http://example.com/image.png', type: "avatar", synchronous: true`

			`json = ::JSON.parse(response.body)`

			`expect(response.status).to eq 200`
			`expect(json["id"]).to be`
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`end`
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive 2014-04-29 13:12:35 -04:00
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`it 'correctly sets retain_hours for admins' do`
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task 2015-05-25 11:59:00 -04:00			`Jobs.expects(:enqueue).with(:create_thumbnails, anything)`

FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`log_in :admin`
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive 2014-04-29 13:12:35 -04:00
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`message = MessageBus.track_publish do`
			`xhr :post, :create, file: logo, retain_hours: 100, type: "profile_background"`
			`end.first`
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive 2014-04-29 13:12:35 -04:00
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`id = message.data["id"]`
			`expect(Upload.find(id).retain_hours).to eq(100)`
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`end`
add UploadsController specs 2013-04-02 19:17:17 -04:00
FIX: ensure a file is present when creating an upload 2015-08-18 05:39:51 -04:00			`it 'requires a file' do`
			`Jobs.expects(:enqueue).never`

			`message = MessageBus.track_publish do`
			`xhr :post, :create, type: "composer"`
			`end.first`

			`expect(response.status).to eq 200`
			`expect(message.data["errors"]).to eq(I18n.t("upload.file_missing"))`
			`end`

FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`it 'properly returns errors' do`
			`SiteSetting.stubs(:max_attachment_size_kb).returns(1)`
add UploadsController specs 2013-04-02 19:17:17 -04:00
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task 2015-05-25 11:59:00 -04:00			`Jobs.expects(:enqueue).never`

FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`message = MessageBus.track_publish do`
			`xhr :post, :create, file: text_file, type: "avatar"`
			`end.first`
add UploadsController specs 2013-04-02 19:17:17 -04:00
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-19 19:39:58 -04:00			`expect(response.status).to eq 200`
			`expect(message.data["errors"]).to be`
add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`

FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side 2015-11-12 04:26:45 -05:00			`it 'ensures allow_uploaded_avatars is enabled when uploading an avatar' do`
			`SiteSetting.stubs(:allow_uploaded_avatars).returns(false)`
			`xhr :post, :create, file: logo, type: "avatar"`
			`expect(response).to_not be_success`
			`end`

			`it 'ensures sso_overrides_avatar is not enabled when uploading an avatar' do`
			`SiteSetting.stubs(:sso_overrides_avatar).returns(true)`
			`xhr :post, :create, file: logo, type: "avatar"`
			`expect(response).to_not be_success`
			`end`

add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`

			`end`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`context '.show' do`

FIX: consistent and future-proof upload storage pattern 2015-05-19 06:31:12 -04:00			`let(:site) { "default" }`
			`let(:sha) { Digest::SHA1.hexdigest("discourse") }`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`it "returns 404 when using external storage" do`
			`store = stub(internal?: false)`
			`Discourse.stubs(:store).returns(store)`
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`Upload.expects(:find_by).never`
FIX: consistent and future-proof upload storage pattern 2015-05-19 06:31:12 -04:00
			`get :show, site: site, sha: sha, extension: "pdf"`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response.response_code).to eq(404)`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`end`

			`it "returns 404 when the upload doens't exist" do`
fix the build 2015-05-20 09:32:31 -04:00			`Upload.stubs(:find_by).returns(nil)`
FEATURE: api support for arbitrary unlinked assets admins can set retain periods for assets 2014-09-23 01:50:26 -04:00
FIX: consistent and future-proof upload storage pattern 2015-05-19 06:31:12 -04:00			`get :show, site: site, sha: sha, extension: "pdf"`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response.response_code).to eq(404)`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`end`

			`it 'uses send_file' do`
FEATURE: support email attachments 2014-04-14 16:55:57 -04:00			`upload = build(:upload)`
FIX: consistent and future-proof upload storage pattern 2015-05-19 06:31:12 -04:00			`Upload.expects(:find_by).with(sha1: sha).returns(upload)`
FEATURE: support email attachments 2014-04-14 16:55:57 -04:00
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`controller.stubs(:render)`
			`controller.expects(:send_file)`
FEATURE: support email attachments 2014-04-14 16:55:57 -04:00
FIX: consistent and future-proof upload storage pattern 2015-05-19 06:31:12 -04:00			`get :show, site: site, sha: sha, extension: "zip"`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`end`

FEATURE: new 'prevent anons from download files' site setting 2014-09-09 12:40:11 -04:00			`context "prevent anons from downloading files" do`

			`before { SiteSetting.stubs(:prevent_anons_from_downloading_files).returns(true) }`

			`it "returns 404 when an anonymous user tries to download a file" do`
			`Upload.expects(:find_by).never`
FIX: consistent and future-proof upload storage pattern 2015-05-19 06:31:12 -04:00
			`get :show, site: site, sha: sha, extension: "pdf"`
controllers with rspec3 syntax 2015-01-09 12:04:02 -05:00			`expect(response.response_code).to eq(404)`
FEATURE: new 'prevent anons from download files' site setting 2014-09-09 12:40:11 -04:00			`end`

			`end`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`end`

add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`