discourse/spec/controllers/uploads_controller_spec.rb

require 'spec_helper'

describe UploadsController do

  context '.create' do

    it 'requires you to be logged in' do
      -> { xhr :post, :create }.should raise_error(Discourse::NotLoggedIn)
    end

    context 'logged in' do

      before { @user = log_in :user }

      let(:logo) do
        ActionDispatch::Http::UploadedFile.new({
          filename: 'logo.png',
          tempfile: file_from_fixtures("logo.png")
        })
      end

      let(:logo_dev) do
        ActionDispatch::Http::UploadedFile.new({
          filename: 'logo-dev.png',
          tempfile: file_from_fixtures("logo-dev.png")
        })
      end

      let(:text_file) do
        ActionDispatch::Http::UploadedFile.new({
          filename: 'LICENSE.TXT',
          tempfile: File.new("#{Rails.root}/LICENSE.txt")
        })
      end

      let(:files) { [ logo_dev, logo ] }

      context 'with a file' do

        context 'when authorized' do

          before { SiteSetting.stubs(:authorized_extensions).returns(".PNG|.txt") }

          it 'is successful with an image' do
            xhr :post, :create, file: logo
            response.status.should eq 200
          end

          it 'is successful with an attachment' do
            xhr :post, :create, file: text_file
            response.status.should eq 200
          end

          it 'correctly sets retain_hours for admins' do
            log_in :admin
            xhr :post, :create, file: logo, retain_hours: 100
            url = JSON.parse(response.body)["url"]
            id = url.split("/")[3].to_i
            Upload.find(id).retain_hours.should == 100
          end

          context 'with a big file' do

            before { SiteSetting.stubs(:max_attachment_size_kb).returns(1) }

            it 'rejects the upload' do
              xhr :post, :create, file: text_file
              response.status.should eq 422
            end

          end

        end

        context 'when not authorized' do

          before { SiteSetting.stubs(:authorized_extensions).returns(".png") }

          it 'rejects the upload' do
            xhr :post, :create, file: text_file
            response.status.should eq 422
          end

        end

        context 'when everything is authorized' do

          before { SiteSetting.stubs(:authorized_extensions).returns("*") }

          it 'is successful with an image' do
            xhr :post, :create, file: logo
            response.status.should eq 200
          end

          it 'is successful with an attachment' do
            xhr :post, :create, file: text_file
            response.status.should eq 200
          end

        end

      end

      context 'with some files' do

        it 'is successful' do
          xhr :post, :create, files: files
          response.should be_success
        end

        it 'takes the first file' do
          xhr :post, :create, files: files
          response.body.should match /logo-dev.png/
        end

      end

    end

  end

  context '.show' do

    it "returns 404 when using external storage" do
      store = stub(internal?: false)
      Discourse.stubs(:store).returns(store)
      Upload.expects(:find_by).never
      get :show, site: "default", id: 1, sha: "1234567890abcdef", extension: "pdf"
      response.response_code.should == 404
    end

    it "returns 404 when the upload doens't exist" do
      Upload.expects(:find_by).with(id: 2, url: "/uploads/default/2/1234567890abcdef.pdf").returns(nil)
      Upload.expects(:find_by).with(sha1: "1234567890abcdef").returns(nil)

      get :show, site: "default", id: 2, sha: "1234567890abcdef", extension: "pdf"
      response.response_code.should == 404
    end

    it 'uses send_file' do
      upload = build(:upload)
      Upload.expects(:find_by).with(id: 42, url: "/uploads/default/42/66b3ed1503efc936.zip").returns(upload)

      controller.stubs(:render)
      controller.expects(:send_file)

      get :show, site: "default", id: 42, sha: "66b3ed1503efc936", extension: "zip"
    end

    context "prevent anons from downloading files" do

      before { SiteSetting.stubs(:prevent_anons_from_downloading_files).returns(true) }

      it "returns 404 when an anonymous user tries to download a file" do
        Upload.expects(:find_by).never
        get :show, site: "default", id: 2, sha: "1234567890abcdef", extension: "pdf"
        response.response_code.should == 404
      end

    end

  end

end
add UploadsController specs 2013-04-02 19:17:17 -04:00			`require 'spec_helper'`

			`describe UploadsController do`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`context '.create' do`
add UploadsController specs 2013-04-02 19:17:17 -04:00
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`it 'requires you to be logged in' do`
			`-> { xhr :post, :create }.should raise_error(Discourse::NotLoggedIn)`
add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`context 'logged in' do`

			`before { @user = log_in :user }`
add UploadsController specs 2013-04-02 19:17:17 -04:00
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`let(:logo) do`
			`ActionDispatch::Http::UploadedFile.new({`
			`filename: 'logo.png',`
FIX: don't mess with fixtures when running the specs 2014-07-14 11:34:23 -04:00			`tempfile: file_from_fixtures("logo.png")`
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`})`
add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`

remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`let(:logo_dev) do`
			`ActionDispatch::Http::UploadedFile.new({`
			`filename: 'logo-dev.png',`
FIX: don't mess with fixtures when running the specs 2014-07-14 11:34:23 -04:00			`tempfile: file_from_fixtures("logo-dev.png")`
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`})`
			`end`
add UploadsController specs 2013-04-02 19:17:17 -04:00
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`let(:text_file) do`
			`ActionDispatch::Http::UploadedFile.new({`
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive 2014-04-29 13:12:35 -04:00			`filename: 'LICENSE.TXT',`
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`tempfile: File.new("#{Rails.root}/LICENSE.txt")`
			`})`
			`end`
add UploadsController specs 2013-04-02 19:17:17 -04:00
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`let(:files) { [ logo_dev, logo ] }`
add UploadsController specs 2013-04-02 19:17:17 -04:00
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`context 'with a file' do`
update back-end specs 2013-07-10 16:59:07 -04:00
			`context 'when authorized' do`

FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive 2014-04-29 13:12:35 -04:00			`before { SiteSetting.stubs(:authorized_extensions).returns(".PNG\|.txt") }`
update back-end specs 2013-07-10 16:59:07 -04:00
add server-side filesize check on uploads 2013-07-23 18:54:18 -04:00			`it 'is successful with an image' do`
			`xhr :post, :create, file: logo`
			`response.status.should eq 200`
			`end`

			`it 'is successful with an attachment' do`
update back-end specs 2013-07-10 16:59:07 -04:00			`xhr :post, :create, file: text_file`
			`response.status.should eq 200`
			`end`

FEATURE: api support for arbitrary unlinked assets admins can set retain periods for assets 2014-09-23 01:50:26 -04:00			`it 'correctly sets retain_hours for admins' do`
			`log_in :admin`
			`xhr :post, :create, file: logo, retain_hours: 100`
			`url = JSON.parse(response.body)["url"]`
			`id = url.split("/")[3].to_i`
			`Upload.find(id).retain_hours.should == 100`
			`end`

add server-side filesize check on uploads 2013-07-23 18:54:18 -04:00			`context 'with a big file' do`

			`before { SiteSetting.stubs(:max_attachment_size_kb).returns(1) }`

			`it 'rejects the upload' do`
			`xhr :post, :create, file: text_file`
FEATURE: support email attachments 2014-04-14 16:55:57 -04:00			`response.status.should eq 422`
add server-side filesize check on uploads 2013-07-23 18:54:18 -04:00			`end`

			`end`

update back-end specs 2013-07-10 16:59:07 -04:00			`end`

			`context 'when not authorized' do`

			`before { SiteSetting.stubs(:authorized_extensions).returns(".png") }`

			`it 'rejects the upload' do`
			`xhr :post, :create, file: text_file`
FEATURE: support email attachments 2014-04-14 16:55:57 -04:00			`response.status.should eq 422`
update back-end specs 2013-07-10 16:59:07 -04:00			`end`

add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`
update back-end specs 2013-07-10 16:59:07 -04:00
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive 2014-04-29 13:12:35 -04:00			`context 'when everything is authorized' do`

			`before { SiteSetting.stubs(:authorized_extensions).returns("*") }`

			`it 'is successful with an image' do`
			`xhr :post, :create, file: logo`
			`response.status.should eq 200`
			`end`

			`it 'is successful with an attachment' do`
			`xhr :post, :create, file: text_file`
			`response.status.should eq 200`
			`end`

			`end`

remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`end`
add UploadsController specs 2013-04-02 19:17:17 -04:00
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`context 'with some files' do`
add UploadsController specs 2013-04-02 19:17:17 -04:00
update back-end specs 2013-07-10 16:59:07 -04:00			`it 'is successful' do`
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`xhr :post, :create, files: files`
			`response.should be_success`
			`end`
add UploadsController specs 2013-04-02 19:17:17 -04:00
remove useless upload topic direct association 2013-06-15 03:54:49 -04:00			`it 'takes the first file' do`
			`xhr :post, :create, files: files`
			`response.body.should match /logo-dev.png/`
add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`

			`end`

			`end`

			`end`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`context '.show' do`

			`it "returns 404 when using external storage" do`
			`store = stub(internal?: false)`
			`Discourse.stubs(:store).returns(store)`
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`Upload.expects(:find_by).never`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`get :show, site: "default", id: 1, sha: "1234567890abcdef", extension: "pdf"`
			`response.response_code.should == 404`
			`end`

			`it "returns 404 when the upload doens't exist" do`
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`Upload.expects(:find_by).with(id: 2, url: "/uploads/default/2/1234567890abcdef.pdf").returns(nil)`
FEATURE: api support for arbitrary unlinked assets admins can set retain periods for assets 2014-09-23 01:50:26 -04:00			`Upload.expects(:find_by).with(sha1: "1234567890abcdef").returns(nil)`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`get :show, site: "default", id: 2, sha: "1234567890abcdef", extension: "pdf"`
			`response.response_code.should == 404`
			`end`

			`it 'uses send_file' do`
FEATURE: support email attachments 2014-04-14 16:55:57 -04:00			`upload = build(:upload)`
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`Upload.expects(:find_by).with(id: 42, url: "/uploads/default/42/66b3ed1503efc936.zip").returns(upload)`
FEATURE: support email attachments 2014-04-14 16:55:57 -04:00
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`controller.stubs(:render)`
			`controller.expects(:send_file)`
FEATURE: support email attachments 2014-04-14 16:55:57 -04:00
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`get :show, site: "default", id: 42, sha: "66b3ed1503efc936", extension: "zip"`
			`end`

FEATURE: new 'prevent anons from download files' site setting 2014-09-09 12:40:11 -04:00			`context "prevent anons from downloading files" do`

			`before { SiteSetting.stubs(:prevent_anons_from_downloading_files).returns(true) }`

			`it "returns 404 when an anonymous user tries to download a file" do`
			`Upload.expects(:find_by).never`
			`get :show, site: "default", id: 2, sha: "1234567890abcdef", extension: "pdf"`
			`response.response_code.should == 404`
			`end`

			`end`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`end`

add UploadsController specs 2013-04-02 19:17:17 -04:00			`end`