discourse/spec/models/optimized_image_spec.rb

require 'rails_helper'

describe OptimizedImage do
  let(:upload) { build(:upload) }
  before { upload.id = 42 }

  unless ENV["TRAVIS"]
    describe '.crop' do
      it 'should work correctly' do
        tmp_path = "/tmp/cropped.png"

        begin
          OptimizedImage.crop(
            "#{Rails.root}/spec/fixtures/images/logo.png",
            tmp_path,
            5,
            5
          )

          expect(File.read(tmp_path)).to eq(
            File.read("#{Rails.root}/spec/fixtures/images/cropped.png")
          )
        ensure
          File.delete(tmp_path) if File.exists?(tmp_path)
        end
      end
    end

    describe '.resize' do
      it 'should work correctly' do
        tmp_path = "/tmp/resized.png"

        begin
          OptimizedImage.resize(
            "#{Rails.root}/spec/fixtures/images/logo.png",
            tmp_path,
            5,
            5
          )

          expect(File.read(tmp_path)).to eq(
            File.read("#{Rails.root}/spec/fixtures/images/resized.png")
          )
        ensure
          File.delete(tmp_path) if File.exists?(tmp_path)
        end
      end

      describe 'when an svg with a href is masked as a png' do
        it 'should not trigger the external request' do
          tmp_path = "/tmp/resized.png"

          begin
            expect do
              OptimizedImage.resize(
                "#{Rails.root}/spec/fixtures/images/svg.png",
                tmp_path,
                5,
                5
              )
            end.to raise_error(RuntimeError, /improper image header/)
          ensure
            File.delete(tmp_path) if File.exists?(tmp_path)
          end
        end
      end
    end

    describe '.downsize' do
      it 'should work correctly' do
        tmp_path = "/tmp/downsized.png"

        begin
          OptimizedImage.downsize(
            "#{Rails.root}/spec/fixtures/images/logo.png",
            tmp_path,
            "100x100\>"
          )

          expect(File.read(tmp_path)).to eq(
            File.read("#{Rails.root}/spec/fixtures/images/downsized.png")
          )
        ensure
          File.delete(tmp_path) if File.exists?(tmp_path)
        end
      end
    end
  end

  describe ".safe_path?" do

    it "correctly detects unsafe paths" do
      expect(OptimizedImage.safe_path?("/path/A-AA/22_00.TIFF")).to eq(true)
      expect(OptimizedImage.safe_path?("/path/AAA/2200.TIFF")).to eq(true)
      expect(OptimizedImage.safe_path?("/tmp/a.png")).to eq(true)
      expect(OptimizedImage.safe_path?("../a.png")).to eq(false)
      expect(OptimizedImage.safe_path?("/tmp/a.png\\test")).to eq(false)
      expect(OptimizedImage.safe_path?("/tmp/a.png\\test")).to eq(false)
      expect(OptimizedImage.safe_path?("/path/\u1000.png")).to eq(false)
      expect(OptimizedImage.safe_path?("/path/x.png\n")).to eq(false)
      expect(OptimizedImage.safe_path?("/path/x.png\ny.png")).to eq(false)
      expect(OptimizedImage.safe_path?("/path/x.png y.png")).to eq(false)
      expect(OptimizedImage.safe_path?(nil)).to eq(false)
    end

  end

  describe "ensure_safe_paths!" do
    it "raises nothing on safe paths" do
      expect {
        OptimizedImage.ensure_safe_paths!("/a.png", "/b.png")
      }.not_to raise_error
    end

    it "raises InvalidAccess error on paths" do
      expect {
        OptimizedImage.ensure_safe_paths!("/a.png", "/b.png", "c.png")
      }.to raise_error(Discourse::InvalidAccess)
    end
  end

  describe ".local?" do

    def local(url)
      OptimizedImage.new(url: url).local?
    end

    it "correctly detects local vs remote" do
      expect(local("//hello")).to eq(false)
      expect(local("http://hello")).to eq(false)
      expect(local("https://hello")).to eq(false)
      expect(local("https://hello")).to eq(false)
      expect(local("/hello")).to eq(true)
    end
  end

  describe ".create_for" do

    context "when using an internal store" do

      let(:store) { FakeInternalStore.new }
      before { Discourse.stubs(:store).returns(store) }

      context "when an error happened while generating the thumbnail" do

        it "returns nil" do
          OptimizedImage.expects(:resize).returns(false)
          expect(OptimizedImage.create_for(upload, 100, 200)).to eq(nil)
        end

      end

      context "when the thumbnail is properly generated" do

        before do
          OptimizedImage.expects(:resize).returns(true)
        end

        it "does not download a copy of the original image" do
          store.expects(:download).never
          OptimizedImage.create_for(upload, 100, 200)
        end

        it "closes and removes the tempfile" do
          Tempfile.any_instance.expects(:close!)
          OptimizedImage.create_for(upload, 100, 200)
        end

        it "works" do
          oi = OptimizedImage.create_for(upload, 100, 200)
          expect(oi.sha1).to eq("da39a3ee5e6b4b0d3255bfef95601890afd80709")
          expect(oi.extension).to eq(".png")
          expect(oi.width).to eq(100)
          expect(oi.height).to eq(200)
          expect(oi.url).to eq("/internally/stored/optimized/image.png")
        end

      end

    end

    describe "external store" do

      let(:store) { FakeExternalStore.new }
      before { Discourse.stubs(:store).returns(store) }

      context "when an error happened while generatign the thumbnail" do

        it "returns nil" do
          OptimizedImage.expects(:resize).returns(false)
          expect(OptimizedImage.create_for(upload, 100, 200)).to eq(nil)
        end

      end

      context "when the thumbnail is properly generated" do

        before do
          OptimizedImage.expects(:resize).returns(true)
        end

        it "downloads a copy of the original image" do
          Tempfile.any_instance.expects(:close!)
          store.expects(:download).with(upload).returns(Tempfile.new(["discourse-external", ".png"]))
          OptimizedImage.create_for(upload, 100, 200)
        end

        it "works" do
          oi = OptimizedImage.create_for(upload, 100, 200)
          expect(oi.sha1).to eq("da39a3ee5e6b4b0d3255bfef95601890afd80709")
          expect(oi.extension).to eq(".png")
          expect(oi.width).to eq(100)
          expect(oi.height).to eq(200)
          expect(oi.url).to eq("/externally/stored/optimized/image.png")
        end

      end

    end

  end

end

class FakeInternalStore

  def external?
    false
  end

  def path_for(upload)
    upload.url
  end

  def store_optimized_image(file, optimized_image)
    "/internally/stored/optimized/image#{optimized_image.extension}"
  end

end

class FakeExternalStore

  def path_for(upload)
    nil
  end

  def external?
    true
  end

  def store_optimized_image(file, optimized_image)
    "/externally/stored/optimized/image#{optimized_image.extension}"
  end

  def download(upload)
    extension = File.extname(upload.original_filename)
    Tempfile.new(["discourse-s3", extension])
  end

end
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails. 2015-10-11 05:41:23 -04:00			`require 'rails_helper'`
created `optimized_image` model 2013-06-16 04:39:48 -04:00
			`describe OptimizedImage do`
pull hotlinked images 2013-11-05 13:04:47 -05:00			`let(:upload) { build(:upload) }`
			`before { upload.id = 42 }`
refactored a bit & tested thumbnails creation 2013-06-16 20:46:42 -04:00
Skip imagemagick tests on Travis. 2018-07-17 05:11:05 -04:00			`unless ENV["TRAVIS"]`
			`describe '.crop' do`
			`it 'should work correctly' do`
			`tmp_path = "/tmp/cropped.png"`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00
Skip imagemagick tests on Travis. 2018-07-17 05:11:05 -04:00			`begin`
			`OptimizedImage.crop(`
			`"#{Rails.root}/spec/fixtures/images/logo.png",`
			`tmp_path,`
			`5,`
			`5`
			`)`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00
Skip imagemagick tests on Travis. 2018-07-17 05:11:05 -04:00			`expect(File.read(tmp_path)).to eq(`
			`File.read("#{Rails.root}/spec/fixtures/images/cropped.png")`
			`)`
			`ensure`
			`File.delete(tmp_path) if File.exists?(tmp_path)`
			`end`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00			`end`
			`end`

Skip imagemagick tests on Travis. 2018-07-17 05:11:05 -04:00			`describe '.resize' do`
			`it 'should work correctly' do`
			`tmp_path = "/tmp/resized.png"`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00
Skip imagemagick tests on Travis. 2018-07-17 05:11:05 -04:00			`begin`
			`OptimizedImage.resize(`
			`"#{Rails.root}/spec/fixtures/images/logo.png",`
			`tmp_path,`
			`5,`
			`5`
			`)`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00
Skip imagemagick tests on Travis. 2018-07-17 05:11:05 -04:00			`expect(File.read(tmp_path)).to eq(`
			`File.read("#{Rails.root}/spec/fixtures/images/resized.png")`
			`)`
			`ensure`
			`File.delete(tmp_path) if File.exists?(tmp_path)`
			`end`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00			`end`
Add spec for https://github.com/discourse/discourse/commit/4bf3bf678630338289bc8bc3a78aacdaf15560e5. 2018-07-25 21:16:14 -04:00
			`describe 'when an svg with a href is masked as a png' do`
			`it 'should not trigger the external request' do`
			`tmp_path = "/tmp/resized.png"`

			`begin`
			`expect do`
			`OptimizedImage.resize(`
			`"#{Rails.root}/spec/fixtures/images/svg.png",`
			`tmp_path,`
			`5,`
			`5`
			`)`
			`end.to raise_error(RuntimeError, /improper image header/)`
			`ensure`
			`File.delete(tmp_path) if File.exists?(tmp_path)`
			`end`
			`end`
			`end`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00			`end`

Skip imagemagick tests on Travis. 2018-07-17 05:11:05 -04:00			`describe '.downsize' do`
			`it 'should work correctly' do`
			`tmp_path = "/tmp/downsized.png"`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00
Skip imagemagick tests on Travis. 2018-07-17 05:11:05 -04:00			`begin`
			`OptimizedImage.downsize(`
			`"#{Rails.root}/spec/fixtures/images/logo.png",`
			`tmp_path,`
			`"100x100\>"`
			`)`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00
Skip imagemagick tests on Travis. 2018-07-17 05:11:05 -04:00			`expect(File.read(tmp_path)).to eq(`
			`File.read("#{Rails.root}/spec/fixtures/images/downsized.png")`
			`)`
			`ensure`
			`File.delete(tmp_path) if File.exists?(tmp_path)`
			`end`
Add compatibility for ImageMagick7. 2018-07-17 03:48:59 -04:00			`end`
			`end`
			`end`

SECURITY: protect upload params, only allow very strict filenames 2016-12-18 18:16:18 -05:00			`describe ".safe_path?" do`

			`it "correctly detects unsafe paths" do`
			`expect(OptimizedImage.safe_path?("/path/A-AA/22_00.TIFF")).to eq(true)`
			`expect(OptimizedImage.safe_path?("/path/AAA/2200.TIFF")).to eq(true)`
			`expect(OptimizedImage.safe_path?("/tmp/a.png")).to eq(true)`
			`expect(OptimizedImage.safe_path?("../a.png")).to eq(false)`
			`expect(OptimizedImage.safe_path?("/tmp/a.png\\test")).to eq(false)`
			`expect(OptimizedImage.safe_path?("/tmp/a.png\\test")).to eq(false)`
			`expect(OptimizedImage.safe_path?("/path/\u1000.png")).to eq(false)`
			`expect(OptimizedImage.safe_path?("/path/x.png\n")).to eq(false)`
			`expect(OptimizedImage.safe_path?("/path/x.png\ny.png")).to eq(false)`
			`expect(OptimizedImage.safe_path?("/path/x.png y.png")).to eq(false)`
			`expect(OptimizedImage.safe_path?(nil)).to eq(false)`
			`end`

			`end`

			`describe "ensure_safe_paths!" do`
			`it "raises nothing on safe paths" do`
			`expect {`
			`OptimizedImage.ensure_safe_paths!("/a.png", "/b.png")`
			`}.not_to raise_error`
			`end`

SECURITY: force IM decoder based on file extension 2018-07-25 16:00:04 -04:00			`it "raises InvalidAccess error on paths" do`
SECURITY: protect upload params, only allow very strict filenames 2016-12-18 18:16:18 -05:00			`expect {`
			`OptimizedImage.ensure_safe_paths!("/a.png", "/b.png", "c.png")`
			`}.to raise_error(Discourse::InvalidAccess)`
			`end`
			`end`

FIX: should be able to serve optimized image from local if its ... local... 2015-05-25 22:32:52 -04:00			`describe ".local?" do`

			`def local(url)`
			`OptimizedImage.new(url: url).local?`
			`end`

			`it "correctly detects local vs remote" do`
			`expect(local("//hello")).to eq(false)`
			`expect(local("http://hello")).to eq(false)`
			`expect(local("https://hello")).to eq(false)`
			`expect(local("https://hello")).to eq(false)`
			`expect(local("/hello")).to eq(true)`
			`end`
			`end`

refactored a bit & tested thumbnails creation 2013-06-16 20:46:42 -04:00			`describe ".create_for" do`

pull hotlinked images 2013-11-05 13:04:47 -05:00			`context "when using an internal store" do`

			`let(:store) { FakeInternalStore.new }`
			`before { Discourse.stubs(:store).returns(store) }`

Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 05:46:43 -04:00			`context "when an error happened while generating the thumbnail" do`
pull hotlinked images 2013-11-05 13:04:47 -05:00
			`it "returns nil" do`
Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 05:46:43 -04:00			`OptimizedImage.expects(:resize).returns(false)`
models with rspec3 syntax 2015-01-05 11:04:23 -05:00			`expect(OptimizedImage.create_for(upload, 100, 200)).to eq(nil)`
pull hotlinked images 2013-11-05 13:04:47 -05:00			`end`

			`end`

			`context "when the thumbnail is properly generated" do`

Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 05:46:43 -04:00			`before do`
			`OptimizedImage.expects(:resize).returns(true)`
			`end`
pull hotlinked images 2013-11-05 13:04:47 -05:00
			`it "does not download a copy of the original image" do`
			`store.expects(:download).never`
			`OptimizedImage.create_for(upload, 100, 200)`
			`end`
enable thumbnailing on S3 - added url to optimized image model - refactored s3_store & local_store 2013-07-31 17:26:34 -04:00
pull hotlinked images 2013-11-05 13:04:47 -05:00			`it "closes and removes the tempfile" do`
			`Tempfile.any_instance.expects(:close!)`
			`OptimizedImage.create_for(upload, 100, 200)`
			`end`

			`it "works" do`
			`oi = OptimizedImage.create_for(upload, 100, 200)`
models with rspec3 syntax 2015-01-05 11:04:23 -05:00			`expect(oi.sha1).to eq("da39a3ee5e6b4b0d3255bfef95601890afd80709")`
			`expect(oi.extension).to eq(".png")`
			`expect(oi.width).to eq(100)`
			`expect(oi.height).to eq(200)`
			`expect(oi.url).to eq("/internally/stored/optimized/image.png")`
pull hotlinked images 2013-11-05 13:04:47 -05:00			`end`
enable thumbnailing on S3 - added url to optimized image model - refactored s3_store & local_store 2013-07-31 17:26:34 -04:00
			`end`

refactored a bit & tested thumbnails creation 2013-06-16 20:46:42 -04:00			`end`

enable thumbnailing on S3 - added url to optimized image model - refactored s3_store & local_store 2013-07-31 17:26:34 -04:00			`describe "external store" do`

pull hotlinked images 2013-11-05 13:04:47 -05:00			`let(:store) { FakeExternalStore.new }`
			`before { Discourse.stubs(:store).returns(store) }`

			`context "when an error happened while generatign the thumbnail" do`

			`it "returns nil" do`
Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 05:46:43 -04:00			`OptimizedImage.expects(:resize).returns(false)`
models with rspec3 syntax 2015-01-05 11:04:23 -05:00			`expect(OptimizedImage.create_for(upload, 100, 200)).to eq(nil)`
pull hotlinked images 2013-11-05 13:04:47 -05:00			`end`
enable thumbnailing on S3 - added url to optimized image model - refactored s3_store & local_store 2013-07-31 17:26:34 -04:00
			`end`

pull hotlinked images 2013-11-05 13:04:47 -05:00			`context "when the thumbnail is properly generated" do`

Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 05:46:43 -04:00			`before do`
			`OptimizedImage.expects(:resize).returns(true)`
			`end`
pull hotlinked images 2013-11-05 13:04:47 -05:00
			`it "downloads a copy of the original image" do`
fix the build 2015-02-09 11:13:22 -05:00			`Tempfile.any_instance.expects(:close!)`
FEATURE: support email attachments 2014-04-14 16:55:57 -04:00			`store.expects(:download).with(upload).returns(Tempfile.new(["discourse-external", ".png"]))`
pull hotlinked images 2013-11-05 13:04:47 -05:00			`OptimizedImage.create_for(upload, 100, 200)`
			`end`

			`it "works" do`
			`oi = OptimizedImage.create_for(upload, 100, 200)`
models with rspec3 syntax 2015-01-05 11:04:23 -05:00			`expect(oi.sha1).to eq("da39a3ee5e6b4b0d3255bfef95601890afd80709")`
			`expect(oi.extension).to eq(".png")`
			`expect(oi.width).to eq(100)`
			`expect(oi.height).to eq(200)`
			`expect(oi.url).to eq("/externally/stored/optimized/image.png")`
pull hotlinked images 2013-11-05 13:04:47 -05:00			`end`

enable thumbnailing on S3 - added url to optimized image model - refactored s3_store & local_store 2013-07-31 17:26:34 -04:00			`end`

refactored a bit & tested thumbnails creation 2013-06-16 20:46:42 -04:00			`end`

			`end`

created `optimized_image` model 2013-06-16 04:39:48 -04:00			`end`
pull hotlinked images 2013-11-05 13:04:47 -05:00
			`class FakeInternalStore`

			`def external?`
storage engines refactor 2015-05-29 12:39:47 -04:00			`false`
pull hotlinked images 2013-11-05 13:04:47 -05:00			`end`

			`def path_for(upload)`
			`upload.url`
			`end`

			`def store_optimized_image(file, optimized_image)`
			`"/internally/stored/optimized/image#{optimized_image.extension}"`
			`end`

			`end`

			`class FakeExternalStore`

FIX: mixed local s3 store missing avatars 2015-05-31 21:17:42 -04:00			`def path_for(upload)`
			`nil`
			`end`

pull hotlinked images 2013-11-05 13:04:47 -05:00			`def external?`
			`true`
			`end`

			`def store_optimized_image(file, optimized_image)`
			`"/externally/stored/optimized/image#{optimized_image.extension}"`
			`end`

			`def download(upload)`
			`extension = File.extname(upload.original_filename)`
			`Tempfile.new(["discourse-s3", extension])`
			`end`

			`end`