Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/lib/site_settings/validations_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

418 lines
14 KiB
Ruby
Raw Normal View History

DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction
2019-04-29 20:27:42 -04:00
# frozen_string_literal: true
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
require 'site_settings/validations'
describe SiteSettings::Validations do
subject { Class.new.include(described_class).new }
SECURITY: SQL injection with default categories This is a low severity security fix because it requires a logged in admin user to update a site setting via the API directly to an invalid value. The fix adds validation for the affected site settings, as well as a secondary fix to prevent injection in the event of bad data somehow already exists.
2019-07-11 13:41:51 -04:00
context "default_categories" do
fab!(:category) { Fabricate(:category) }
it "supports valid categories" do
expect { subject.validate_default_categories_watching("#{category.id}") }.not_to raise_error
end
it "won't allow you to input junk categories" do
expect {
subject.validate_default_categories_watching("junk")
}.to raise_error(Discourse::InvalidParameters)
expect {
subject.validate_default_categories_watching("#{category.id}|12312323")
}.to raise_error(Discourse::InvalidParameters)
end
FIX: Check for category conflicts in SiteSetting validations (#8137) It was possible to add a category to more than one default group, e.g. "default categories muted" and "default categories watching first post". The bug was caused by category validations inadvertently comparing strings and numbers.
2019-10-06 14:50:07 -04:00
it "prevents using the same category in more than one default group" do
SiteSetting.default_categories_watching = "#{category.id}"
expect {
SiteSetting.default_categories_tracking = "#{category.id}"
}.to raise_error(Discourse::InvalidParameters)
end
SECURITY: SQL injection with default categories This is a low severity security fix because it requires a logged in admin user to update a site setting via the API directly to an invalid value. The fix adds validation for the affected site settings, as well as a secondary fix to prevent injection in the event of bad data somehow already exists.
2019-07-11 13:41:51 -04:00
end
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
context "s3 buckets reusage" do
let(:error_message) { I18n.t("errors.site_settings.s3_bucket_reused") }
shared_examples "s3 bucket validation" do
def change_bucket_value(value)
DEV: introduce new API to look up dynamic site setting This removes all uses of both `send` and `public_send` from consumers of SiteSetting and instead introduces a `get` helper for dynamic lookup This leads to much cleaner and safer code long term as we are always explicit to test that a site setting is really there before sending an arbitrary string to the class It also removes a couple of risky stubs from the auth provider test
2019-05-06 21:00:09 -04:00
SiteSetting.set(other_setting_name, value)
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
end
it "shouldn't raise an error when both buckets are blank" do
change_bucket_value("")
DEV: Remove unnecessary `to_not raise_error` from specs Follow-up to 01cdbd3a13af424dbb9dfe0202991ca63ea0bb4c
2018-12-17 10:10:10 -05:00
validate("")
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
end
it "shouldn't raise an error when only one bucket is set" do
change_bucket_value("")
DEV: Remove unnecessary `to_not raise_error` from specs Follow-up to 01cdbd3a13af424dbb9dfe0202991ca63ea0bb4c
2018-12-17 10:10:10 -05:00
validate("my-awesome-bucket")
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
end
it "shouldn't raise an error when both buckets are equal, but use a different path" do
change_bucket_value("my-awesome-bucket/foo")
DEV: Remove unnecessary `to_not raise_error` from specs Follow-up to 01cdbd3a13af424dbb9dfe0202991ca63ea0bb4c
2018-12-17 10:10:10 -05:00
validate("my-awesome-bucket/bar")
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
end
it "should raise an error when both buckets are equal" do
change_bucket_value("my-awesome-bucket")
expect { validate("my-awesome-bucket") }.to raise_error(Discourse::InvalidParameters, error_message)
end
it "should raise an error when both buckets are equal except for a trailing slash" do
change_bucket_value("my-awesome-bucket/")
expect { validate("my-awesome-bucket") }.to raise_error(Discourse::InvalidParameters, error_message)
change_bucket_value("my-awesome-bucket")
expect { validate("my-awesome-bucket/") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
describe "#validate_s3_backup_bucket" do
let(:other_setting_name) { "s3_upload_bucket" }
def validate(new_value)
subject.validate_s3_backup_bucket(new_value)
end
it_behaves_like "s3 bucket validation"
it "shouldn't raise an error when the 's3_backup_bucket' is a subdirectory of 's3_upload_bucket'" do
SiteSetting.s3_upload_bucket = "my-awesome-bucket"
DEV: Remove unnecessary `to_not raise_error` from specs Follow-up to 01cdbd3a13af424dbb9dfe0202991ca63ea0bb4c
2018-12-17 10:10:10 -05:00
validate("my-awesome-bucket/backups")
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
SiteSetting.s3_upload_bucket = "my-awesome-bucket/foo"
DEV: Remove unnecessary `to_not raise_error` from specs Follow-up to 01cdbd3a13af424dbb9dfe0202991ca63ea0bb4c
2018-12-17 10:10:10 -05:00
validate("my-awesome-bucket/foo/backups")
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
end
end
describe "#validate_s3_upload_bucket" do
let(:other_setting_name) { "s3_backup_bucket" }
def validate(new_value)
subject.validate_s3_upload_bucket(new_value)
end
it_behaves_like "s3 bucket validation"
it "should raise an error when the 's3_upload_bucket' is a subdirectory of 's3_backup_bucket'" do
SiteSetting.s3_backup_bucket = "my-awesome-bucket"
expect { validate("my-awesome-bucket/uploads") }.to raise_error(Discourse::InvalidParameters, error_message)
SiteSetting.s3_backup_bucket = "my-awesome-bucket/foo"
expect { validate("my-awesome-bucket/foo/uploads") }.to raise_error(Discourse::InvalidParameters, error_message)
end
Revert "Revert "FIX: Don't allow people to clear the upload bucket while it's enabled"" This reverts commit d4fc76b335d012275b06b7ce80d0c1b98f9db33d.
2020-03-06 08:49:28 -05:00
it "cannot be made blank unless the setting is false" do
SiteSetting.s3_backup_bucket = "really-real-cool-bucket"
SiteSetting.enable_s3_uploads = true
expect { validate("") }.to raise_error(Discourse::InvalidParameters)
SiteSetting.enable_s3_uploads = false
validate("")
end
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
end
end
Block enabling force 2FA if local logins disabled & vice-versa (#8355)
2019-11-15 01:05:10 -05:00
FIX: Error message when setting enforce 2fa with social logins (#10479)
2020-08-19 14:16:31 -04:00
describe "enforce second factor & local/auth provider login interplay" do
Block enabling force 2FA if local logins disabled & vice-versa (#8355)
2019-11-15 01:05:10 -05:00
describe "#validate_enforce_second_factor" do
context "when local logins are disabled" do
FIX: Error message when setting enforce 2fa with social logins (#10479)
2020-08-19 14:16:31 -04:00
let(:error_message) { I18n.t("errors.site_settings.second_factor_cannot_be_enforced_with_disabled_local_login") }
Block enabling force 2FA if local logins disabled & vice-versa (#8355)
2019-11-15 01:05:10 -05:00
before do
SiteSetting.enable_local_logins = false
end
it "should raise an error" do
expect { subject.validate_enforce_second_factor("t") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
context "when local logins are enabled" do
before do
SiteSetting.enable_local_logins = true
end
it "should be ok" do
FIX: Allow secure uploads if global s3 setting active and enable_s3_uploads validations (#8373) The secure media functionality relied on `SiteSetting.enable_s3_uploads?` which, as we found in dev, did not take into account global S3 settings via `GlobalSetting.use_s3?`. We now use `SiteSetting.Upload.enable_s3_uploads` instead to be more consistent. Also, we now validate `enable_s3_uploads` changes, because if `GlobalSetting.use_s3?` is true users should NOT be enabling S3 uploads manually.
2019-11-19 16:46:44 -05:00
expect { subject.validate_enforce_second_factor("t") }.not_to raise_error
Block enabling force 2FA if local logins disabled & vice-versa (#8355)
2019-11-15 01:05:10 -05:00
end
end
FIX: Error message when setting enforce 2fa with social logins (#10479)
2020-08-19 14:16:31 -04:00
context "when social logins are enabled" do
let(:error_message) { I18n.t("errors.site_settings.second_factor_cannot_enforce_with_socials", auth_provider_names: "facebook, github") }
before do
SiteSetting.enable_facebook_logins = true
SiteSetting.enable_github_logins = true
end
it "raises and error, and specifies the auth providers" do
expect { subject.validate_enforce_second_factor("all") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
FIX: second factor cannot be enabled if SSO is enabled (#10880) * FIX: second factor cannot be enabled if SSO is enabled If `enable_sso` setting is enabled then admin should not be able to enable `enforce_second_factor` setting as that will lock users out. Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-10-09 13:06:38 -04:00
context "when SSO is enabled" do
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense. This commit aims to: - Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_` - Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices - Copy `site_settings` database records to the new names - Rename relevant translation keys - Update relevant translations This commit does **not** aim to: - Rename any Ruby classes or methods. This might be done in a future commit - Change any URLs. This would break existing integrations - Make any changes to the protocol. This would break existing integrations - Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately The risks are: - There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical. - If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working. A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2021-02-08 05:04:33 -05:00
let(:error_message) { I18n.t("errors.site_settings.second_factor_cannot_be_enforced_with_discourse_connect_enabled") }
FIX: second factor cannot be enabled if SSO is enabled (#10880) * FIX: second factor cannot be enabled if SSO is enabled If `enable_sso` setting is enabled then admin should not be able to enable `enforce_second_factor` setting as that will lock users out. Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-10-09 13:06:38 -04:00
before do
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense. This commit aims to: - Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_` - Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices - Copy `site_settings` database records to the new names - Rename relevant translation keys - Update relevant translations This commit does **not** aim to: - Rename any Ruby classes or methods. This might be done in a future commit - Change any URLs. This would break existing integrations - Make any changes to the protocol. This would break existing integrations - Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately The risks are: - There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical. - If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working. A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2021-02-08 05:04:33 -05:00
SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_discourse_connect = true
FIX: second factor cannot be enabled if SSO is enabled (#10880) * FIX: second factor cannot be enabled if SSO is enabled If `enable_sso` setting is enabled then admin should not be able to enable `enforce_second_factor` setting as that will lock users out. Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-10-09 13:06:38 -04:00
end
it "should raise an error" do
expect { subject.validate_enforce_second_factor("t") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
Block enabling force 2FA if local logins disabled & vice-versa (#8355)
2019-11-15 01:05:10 -05:00
end
describe "#validate_enable_local_logins" do
let(:error_message) { I18n.t("errors.site_settings.local_login_cannot_be_disabled_if_second_factor_enforced") }
context "when the new value is false" do
context "when enforce second factor is enabled" do
before do
SiteSetting.enforce_second_factor = "all"
end
it "should raise an error" do
expect { subject.validate_enable_local_logins("f") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
context "when enforce second factor is disabled" do
before do
SiteSetting.enforce_second_factor = "no"
end
it "should be ok" do
FIX: Allow secure uploads if global s3 setting active and enable_s3_uploads validations (#8373) The secure media functionality relied on `SiteSetting.enable_s3_uploads?` which, as we found in dev, did not take into account global S3 settings via `GlobalSetting.use_s3?`. We now use `SiteSetting.Upload.enable_s3_uploads` instead to be more consistent. Also, we now validate `enable_s3_uploads` changes, because if `GlobalSetting.use_s3?` is true users should NOT be enabling S3 uploads manually.
2019-11-19 16:46:44 -05:00
expect { subject.validate_enable_local_logins("f") }.not_to raise_error
Block enabling force 2FA if local logins disabled & vice-versa (#8355)
2019-11-15 01:05:10 -05:00
end
end
end
context "when the new value is true" do
it "should be ok" do
FIX: Allow secure uploads if global s3 setting active and enable_s3_uploads validations (#8373) The secure media functionality relied on `SiteSetting.enable_s3_uploads?` which, as we found in dev, did not take into account global S3 settings via `GlobalSetting.use_s3?`. We now use `SiteSetting.Upload.enable_s3_uploads` instead to be more consistent. Also, we now validate `enable_s3_uploads` changes, because if `GlobalSetting.use_s3?` is true users should NOT be enabling S3 uploads manually.
2019-11-19 16:46:44 -05:00
expect { subject.validate_enable_local_logins("t") }.not_to raise_error
end
end
end
FIX: strip the trailing slash (/) of cors origins. (#10996) Strips trailing `/` from global settings Provides a validation for site settings to ensure a trailing `/` is not added
2020-10-28 22:01:06 -04:00
describe "#validate_cors_origins" do
let(:error_message) { I18n.t("errors.site_settings.cors_origins_should_not_have_trailing_slash") }
context "when the new value has trailing slash" do
it "should raise an error" do
expect { subject.validate_cors_origins("https://www.rainbows.com/") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
end
FIX: Do not enable published page if secure media enabled (#11131) There are issues around displaying images on published pages when secure media is enabled. This PR temporarily makes it appear as if published pages are enabled if secure media is also enabled.
2020-11-05 19:33:19 -05:00
describe "#validate_enable_page_publishing" do
context "when the new value is true" do
it "is ok" do
expect { subject.validate_enable_page_publishing("t") }.not_to raise_error
end
context "if secure media is enabled" do
let(:error_message) { I18n.t("errors.site_settings.page_publishing_requirements") }
before do
enable_secure_media
end
it "is not ok" do
expect { subject.validate_enable_page_publishing("t") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
end
end
FIX: Allow secure uploads if global s3 setting active and enable_s3_uploads validations (#8373) The secure media functionality relied on `SiteSetting.enable_s3_uploads?` which, as we found in dev, did not take into account global S3 settings via `GlobalSetting.use_s3?`. We now use `SiteSetting.Upload.enable_s3_uploads` instead to be more consistent. Also, we now validate `enable_s3_uploads` changes, because if `GlobalSetting.use_s3?` is true users should NOT be enabling S3 uploads manually.
2019-11-19 16:46:44 -05:00
describe "#validate_secure_media" do
let(:error_message) { I18n.t("errors.site_settings.secure_media_requirements") }
context "when the new value is true" do
context 'if site setting for enable_s3_uploads is enabled' do
before do
SiteSetting.enable_s3_uploads = true
end
it "should be ok" do
expect { subject.validate_secure_media("t") }.not_to raise_error
end
end
context 'if site setting for enable_s3_uploads is not enabled' do
before do
SiteSetting.enable_s3_uploads = false
end
it "is not ok" do
expect { subject.validate_secure_media("t") }.to raise_error(Discourse::InvalidParameters, error_message)
end
context "if global s3 setting is enabled" do
before do
GlobalSetting.stubs(:use_s3?).returns(true)
end
it "should be ok" do
expect { subject.validate_secure_media("t") }.not_to raise_error
end
end
end
end
end
describe "#validate_enable_s3_uploads" do
let(:error_message) { I18n.t("errors.site_settings.cannot_enable_s3_uploads_when_s3_enabled_globally") }
context "when the new value is true" do
context "when s3 uploads are already globally enabled" do
before do
GlobalSetting.stubs(:use_s3?).returns(true)
end
it "is not ok" do
expect { subject.validate_enable_s3_uploads("t") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
context "when s3 uploads are not already globally enabled" do
before do
GlobalSetting.stubs(:use_s3?).returns(false)
end
it "should be ok" do
expect { subject.validate_enable_s3_uploads("t") }.not_to raise_error
end
end
context "when the s3_upload_bucket is blank" do
let(:error_message) { I18n.t("errors.site_settings.s3_upload_bucket_is_required") }
before do
SiteSetting.s3_upload_bucket = nil
end
it "is not ok" do
expect { subject.validate_enable_s3_uploads("t") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
context "when the s3_upload_bucket is not blank" do
before do
SiteSetting.s3_upload_bucket = "some-bucket"
end
it "should be ok" do
expect { subject.validate_enable_s3_uploads("t") }.not_to raise_error
end
Block enabling force 2FA if local logins disabled & vice-versa (#8355)
2019-11-15 01:05:10 -05:00
end
end
end
end
FEATURE: Replace `Crawl-delay` directive with proper rate limiting (#15131) We have a couple of site setting, `slow_down_crawler_user_agents` and `slow_down_crawler_rate`, that are meant to allow site owners to signal to specific crawlers that they're crawling the site too aggressively and that they should slow down. When a crawler is added to the `slow_down_crawler_user_agents` setting, Discourse currently adds a `Crawl-delay` directive for that crawler in `/robots.txt`. Unfortunately, many crawlers don't support the `Crawl-delay` directive in `/robots.txt` which leaves the site owners no options if a crawler is crawling the site too aggressively. This PR replaces the `Crawl-delay` directive with proper rate limiting for crawlers added to the `slow_down_crawler_user_agents` list. On every request made by a non-logged in user, Discourse will check the User Agent string and if it contains one of the values of the `slow_down_crawler_user_agents` list, Discourse will only allow 1 request every N seconds for that User Agent (N is the value of the `slow_down_crawler_rate` setting) and the rest of requests made within the same interval will get a 429 response. The `slow_down_crawler_user_agents` setting becomes quite dangerous with this PR since it could rate limit lots if not all of anonymous traffic if the setting is not used appropriately. So to protect against this scenario, we've added a couple of new validations to the setting when it's changed: 1) each value added to setting must 3 characters or longer 2) each value cannot be a substring of tokens found in popular browser User Agent. The current list of prohibited values is: apple, windows, linux, ubuntu, gecko, firefox, chrome, safari, applewebkit, webkit, mozilla, macintosh, khtml, intel, osx, os x, iphone, ipad and mac.
2021-11-30 04:55:25 -05:00
context "slow_down_crawler_user_agents" do
let(:too_short_message) do
I18n.t(
"errors.site_settings.slow_down_crawler_user_agent_must_be_at_least_3_characters"
)
end
let(:popular_browser_message) do
I18n.t(
"errors.site_settings.slow_down_crawler_user_agent_cannot_be_popular_browsers",
values: SiteSettings::Validations::PROHIBITED_USER_AGENT_STRINGS.join(I18n.t("word_connector.comma"))
)
end
it "cannot contain a user agent that's shorter than 3 characters" do
expect {
subject.validate_slow_down_crawler_user_agents("ao|acsw")
}.to raise_error(Discourse::InvalidParameters, too_short_message)
expect {
subject.validate_slow_down_crawler_user_agents("up")
}.to raise_error(Discourse::InvalidParameters, too_short_message)
expect {
subject.validate_slow_down_crawler_user_agents("a|")
}.to raise_error(Discourse::InvalidParameters, too_short_message)
expect {
subject.validate_slow_down_crawler_user_agents("|a")
}.to raise_error(Discourse::InvalidParameters, too_short_message)
end
it "allows user agents that are 3 characters or longer" do
expect {
subject.validate_slow_down_crawler_user_agents("aoc")
}.not_to raise_error
expect {
subject.validate_slow_down_crawler_user_agents("anuq")
}.not_to raise_error
expect {
subject.validate_slow_down_crawler_user_agents("pupsc|kcx")
}.not_to raise_error
end
it "allows the setting to be empty" do
expect {
subject.validate_slow_down_crawler_user_agents("")
}.not_to raise_error
end
it "cannot contain a token of a popular browser user agent" do
expect {
subject.validate_slow_down_crawler_user_agents("mOzilla")
}.to raise_error(Discourse::InvalidParameters, popular_browser_message)
expect {
subject.validate_slow_down_crawler_user_agents("chRome|badcrawler")
}.to raise_error(Discourse::InvalidParameters, popular_browser_message)
expect {
subject.validate_slow_down_crawler_user_agents("html|badcrawler")
}.to raise_error(Discourse::InvalidParameters, popular_browser_message)
end
end
FEATURE: Validate setting combination between exif strip and img opt (#16662) Admins won't be able to disable strip_image_metadata if they don't disable composer_media_optimization_image_enabled first since the later will strip the same metadata on client during upload, making disabling the former have no effect. Bug report at https://meta.discourse.org/t/-/223350
2022-05-05 14:13:17 -04:00
describe "strip image metadata and composer media optimization interplay" do
describe "#validate_strip_image_metadata" do
let(:error_message) { I18n.t("errors.site_settings.strip_image_metadata_cannot_be_disabled_if_composer_media_optimization_image_enabled") }
context "when the new value is false" do
context "when composer_media_optimization_image_enabled is enabled" do
before do
SiteSetting.composer_media_optimization_image_enabled = true
end
it "should raise an error" do
expect { subject.validate_strip_image_metadata("f") }.to raise_error(Discourse::InvalidParameters, error_message)
end
end
context "when composer_media_optimization_image_enabled is disabled" do
before do
SiteSetting.composer_media_optimization_image_enabled = false
end
it "should be ok" do
expect { subject.validate_strip_image_metadata("f") }.not_to raise_error
end
end
end
context "when the new value is true" do
it "should be ok" do
expect { subject.validate_strip_image_metadata("t") }.not_to raise_error
end
end
end
end
FIX: Do not use SVGs for twitter:image metadata (#16973) Twitter does not allow SVGs to be used for twitter:image metadata (see https://developer.twitter.com/en/docs/twitter-for-websites/cards/overview/markup) so we should fall back to the site logo if the image option provided to `crawlable_meta_data` or SiteSetting.site_twitter_summary_large_image_url is an SVG, and do not add the meta tag for twitter:image at all if the site logo is an SVG.
2022-06-02 19:02:57 -04:00
describe "#twitter_summary_large_image" do
it "does not allow SVG image files" do
upload = Fabricate(:upload, url: '/images/logo-dark.svg', extension: "svg")
expect { subject.validate_twitter_summary_large_image(upload.id) }.to raise_error(
Discourse::InvalidParameters, I18n.t("errors.site_settings.twitter_summary_large_image_no_svg")
)
upload.update!(url: '/images/logo-dark.png', extension: 'png')
expect { subject.validate_twitter_summary_large_image(upload.id) }.not_to raise_error
expect { subject.validate_twitter_summary_large_image(nil) }.not_to raise_error
end
end
FEATURE: Prohibit S3 bucket reusage This validation makes sure that the s3_upload_bucket and the s3_backup_bucket have different values. The backup bucket is allowed to be a subfolder of the upload bucket. The other way around is forbidden because the backup system searches by prefix and would return all files stored within the backup bucket and its subfolders.
2018-12-16 18:09:13 -05:00
end