Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/requests/uploads_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

863 lines
29 KiB
Ruby
Raw Normal View History

DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction
2019-04-29 20:27:42 -04:00
# frozen_string_literal: true
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails.
2015-10-11 05:41:23 -04:00
require 'rails_helper'
add UploadsController specs
2013-04-02 19:17:17 -04:00
describe UploadsController do
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
fab!(:user) { Fabricate(:user) }
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
describe '#create' do
proper content-disposition header when downloading attachments
2013-09-06 13:18:42 -04:00
it 'requires you to be logged in' do
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json"
FIX: return 429 when admin api key is limited on admin route This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-11 22:15:10 -05:00
expect(response.status).to eq(403)
add UploadsController specs
2013-04-02 19:17:17 -04:00
end
proper content-disposition header when downloading attachments
2013-09-06 13:18:42 -04:00
context 'logged in' do
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
before do
sign_in(user)
end
add UploadsController specs
2013-04-02 19:17:17 -04:00
FIX: randomize file name when created from fixtures (#9731) * FIX: randomize file name when created from fixtures When a temporary file is created from fixtures it should have a unique name. It is to prevent a collision in parallel specs evaluation * FIX: use /tmp/pid folder to keep fixture files
2020-05-18 19:09:36 -04:00
let(:logo_file) { file_from_fixtures("logo.png") }
let(:logo_filename) { File.basename(logo_file) }
add UploadsController specs
2013-04-02 19:17:17 -04:00
FIX: uploading an existing image as a site setting The previous fix (f43c0a5d857d34) wasn't working for images that were already uploaded. The "metadata" (eg. 'for_*' and 'secure' attributes) were not added to existing uploads. Also used 'Upload.get_from_url' is the admin/site_setting controller to properly retrieve an upload from its URL. Fixed the Upload::URL_REGEX to use the \h (hexadecimal) for the SHA Follow-up-to: f43c0a5d857d34
2020-07-03 13:16:54 -04:00
let(:logo) { Rack::Test::UploadedFile.new(logo_file) }
let(:fake_jpg) { Rack::Test::UploadedFile.new(file_from_fixtures("fake.jpg")) }
let(:text_file) { Rack::Test::UploadedFile.new(File.new("#{Rails.root}/LICENSE.txt")) }
add UploadsController specs
2013-04-02 19:17:17 -04:00
FEATURE: Uppy image uploader with UppyUploadMixin (#13656) This PR adds the first use of Uppy in our codebase, hidden behind a enable_experimental_image_uploader site setting. When the setting is enabled only the user card background uploader will use the new uppy-image-uploader component added in this PR. I've introduced an UppyUpload mixin that has feature parity with the existing Upload mixin, and improves it slightly to deal with multiple/single file distinctions and validations better. For now, this just supports the XHRUpload plugin for uppy, which keeps our existing POST to /uploads.json.
2021-07-12 22:22:00 -04:00
it 'expects a type or upload_type' do
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: { file: logo }
expect(response.status).to eq(400)
FEATURE: Uppy image uploader with UppyUploadMixin (#13656) This PR adds the first use of Uppy in our codebase, hidden behind a enable_experimental_image_uploader site setting. When the setting is enabled only the user card background uploader will use the new uppy-image-uploader component added in this PR. I've introduced an UppyUpload mixin that has feature parity with the existing Upload mixin, and improves it slightly to deal with multiple/single file distinctions and validations better. For now, this just supports the XHRUpload plugin for uppy, which keeps our existing POST to /uploads.json.
2021-07-12 22:22:00 -04:00
post "/uploads.json", params: { file: Rack::Test::UploadedFile.new(logo_file), type: "avatar" }
expect(response.status).to eq 200
post "/uploads.json", params: { file: Rack::Test::UploadedFile.new(logo_file), upload_type: "avatar" }
expect(response.status).to eq 200
FEATURE: image uploads now have short urls Shorten all image uploads to use short urls, this is the client side implementation.
2017-08-22 16:40:01 -04:00
end
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-19 19:39:58 -04:00
it 'is successful with an image' do
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: { file: logo, type: "avatar" }
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-19 19:39:58 -04:00
expect(response.status).to eq 200
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
expect(response.parsed_body["id"]).to be_present
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(Jobs::CreateAvatarThumbnails.jobs.size).to eq(1)
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-19 19:39:58 -04:00
end
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive
2014-04-29 13:12:35 -04:00
FIX: uploading an image as a site setting When uploading an image as a site setting, we need to return the "raw" URL, otherwise when saving the site setting, the upload won't be looked up properly. Follow-up-to: f11363d446
2020-07-03 07:23:10 -04:00
it 'returns "raw" url for site settings' do
set_cdn_url "https://awesome.com"
FIX: uploading an existing image as a site setting The previous fix (f43c0a5d857d34) wasn't working for images that were already uploaded. The "metadata" (eg. 'for_*' and 'secure' attributes) were not added to existing uploads. Also used 'Upload.get_from_url' is the admin/site_setting controller to properly retrieve an upload from its URL. Fixed the Upload::URL_REGEX to use the \h (hexadecimal) for the SHA Follow-up-to: f43c0a5d857d34
2020-07-03 13:16:54 -04:00
upload = UploadCreator.new(logo_file, "logo.png").create_for(-1)
logo = Rack::Test::UploadedFile.new(file_from_fixtures("logo.png"))
FIX: uploading an image as a site setting When uploading an image as a site setting, we need to return the "raw" URL, otherwise when saving the site setting, the upload won't be looked up properly. Follow-up-to: f11363d446
2020-07-03 07:23:10 -04:00
post "/uploads.json", params: { file: logo, type: "site_setting", for_site_setting: "true" }
expect(response.status).to eq 200
FIX: uploading an existing image as a site setting The previous fix (f43c0a5d857d34) wasn't working for images that were already uploaded. The "metadata" (eg. 'for_*' and 'secure' attributes) were not added to existing uploads. Also used 'Upload.get_from_url' is the admin/site_setting controller to properly retrieve an upload from its URL. Fixed the Upload::URL_REGEX to use the \h (hexadecimal) for the SHA Follow-up-to: f43c0a5d857d34
2020-07-03 13:16:54 -04:00
expect(response.parsed_body["url"]).to eq(upload.url)
FIX: uploading an image as a site setting When uploading an image as a site setting, we need to return the "raw" URL, otherwise when saving the site setting, the upload won't be looked up properly. Follow-up-to: f11363d446
2020-07-03 07:23:10 -04:00
end
FIX: return cdn url for uploads if available. Currently it is displaying non-cdn urls in the composer preview.
2020-07-01 21:06:14 -04:00
it 'returns cdn url' do
set_cdn_url "https://awesome.com"
post "/uploads.json", params: { file: logo, type: "composer" }
expect(response.status).to eq 200
expect(response.parsed_body["url"]).to start_with("https://awesome.com/uploads/default/")
end
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-19 19:39:58 -04:00
it 'is successful with an attachment' do
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 16:41:29 -04:00
SiteSetting.authorized_extensions = "*"
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task
2015-05-25 11:59:00 -04:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: { file: text_file, type: "composer" }
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-19 19:39:58 -04:00
expect(response.status).to eq 200
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(Jobs::CreateAvatarThumbnails.jobs.size).to eq(0)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
id = response.parsed_body["id"]
FEATURE: uploads are processed a faster Also cleans up API to always return 422 on upload error. (previously returned 200) Uploads are processed using new hijack pattern
2017-11-26 20:43:18 -05:00
expect(id).to be
FIX: Allow api to send uploads with :url
2015-06-21 07:52:52 -04:00
end
FIX: don't double request when downloading a file
2018-02-24 06:35:57 -05:00
it 'is successful with api' do
Support Ruby 2.4.
2017-04-15 00:11:02 -04:00
SiteSetting.authorized_extensions = "*"
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
api_key = Fabricate(:api_key, user: user).key
Use webmock to stub external web requests.
2017-05-26 03:19:09 -04:00
FIX: don't double request when downloading a file
2018-02-24 06:35:57 -05:00
url = "http://example.com/image.png"
png = File.read(Rails.root + "spec/fixtures/images/logo.png")
stub_request(:get, url).to_return(status: 200, body: png)
FIX: Allow api to send uploads with :url
2015-06-21 07:52:52 -04:00
DEPRECATION: Remove support for api creds in query params (#9106) * DEPRECATION: Remove support for api creds in query params This commit removes support for api credentials in query params except for a few whitelisted routes like rss/json feeds and the handle_mail route. Several tests were written to valid these changes, but the bulk of the spec changes are just switching them over to use header based auth so that they will pass without changing what they were actually testing. Original commit that notified admins this change was coming was created over 3 months ago: 2db20031879dbafd1a90cbb1a43bca55d51c1b08 * fix tests * Also allow iCalendar feeds Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2020-04-06 18:55:44 -04:00
post "/uploads.json", params: { url: url, type: "avatar" }, headers: {
HTTP_API_KEY: api_key,
HTTP_API_USERNAME: user.username.downcase
}
FIX: Allow api to send uploads with :url
2015-06-21 07:52:52 -04:00
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
json = response.parsed_body
FIX: Allow api to send uploads with :url
2015-06-21 07:52:52 -04:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(response.status).to eq(200)
expect(Jobs::CreateAvatarThumbnails.jobs.size).to eq(1)
expect(json["id"]).to be_present
FEATURE: image uploads now have short urls Shorten all image uploads to use short urls, this is the client side implementation.
2017-08-22 16:40:01 -04:00
expect(json["short_url"]).to eq("upload://qUm0DGR49PAZshIi7HxMd3cAlzn.png")
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-19 19:39:58 -04:00
end
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive
2014-04-29 13:12:35 -04:00
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-19 19:39:58 -04:00
it 'correctly sets retain_hours for admins' do
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
sign_in(Fabricate(:admin))
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive
2014-04-29 13:12:35 -04:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: {
FEATURE: uploads are processed a faster Also cleans up API to always return 422 on upload error. (previously returned 200) Uploads are processed using new hijack pattern
2017-11-26 20:43:18 -05:00
file: logo,
retain_hours: 100,
type: "profile_background",
}
FEATURE: support for enabling all upload file types BUGFIX: authorized extensions is now case insensitive
2014-04-29 13:12:35 -04:00
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
id = response.parsed_body["id"]
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(Jobs::CreateAvatarThumbnails.jobs.size).to eq(0)
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-19 19:39:58 -04:00
expect(Upload.find(id).retain_hours).to eq(100)
remove useless upload topic direct association
2013-06-15 03:54:49 -04:00
end
add UploadsController specs
2013-04-02 19:17:17 -04:00
FIX: ensure a file is present when creating an upload
2015-08-18 05:39:51 -04:00
it 'requires a file' do
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: { type: "composer" }
FIX: ensure a file is present when creating an upload
2015-08-18 05:39:51 -04:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(Jobs::CreateAvatarThumbnails.jobs.size).to eq(0)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
message = response.parsed_body
FEATURE: uploads are processed a faster Also cleans up API to always return 422 on upload error. (previously returned 200) Uploads are processed using new hijack pattern
2017-11-26 20:43:18 -05:00
expect(response.status).to eq 422
expect(message["errors"]).to contain_exactly(I18n.t("upload.file_missing"))
FIX: ensure a file is present when creating an upload
2015-08-18 05:39:51 -04:00
end
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-19 19:39:58 -04:00
it 'properly returns errors' do
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
SiteSetting.authorized_extensions = "*"
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 16:41:29 -04:00
SiteSetting.max_attachment_size_kb = 1
add UploadsController specs
2013-04-02 19:17:17 -04:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: { file: text_file, type: "avatar" }
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task
2015-05-25 11:59:00 -04:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(response.status).to eq(422)
expect(Jobs::CreateAvatarThumbnails.jobs.size).to eq(0)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
errors = response.parsed_body["errors"]
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(errors.first).to eq(I18n.t("upload.attachments.too_large", max_size_kb: 1))
add UploadsController specs
2013-04-02 19:17:17 -04:00
end
FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side
2015-11-12 04:26:45 -05:00
it 'ensures allow_uploaded_avatars is enabled when uploading an avatar' do
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 16:41:29 -04:00
SiteSetting.allow_uploaded_avatars = false
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: { file: logo, type: "avatar" }
expect(response.status).to eq(422)
FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side
2015-11-12 04:26:45 -05:00
end
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense. This commit aims to: - Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_` - Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices - Copy `site_settings` database records to the new names - Rename relevant translation keys - Update relevant translations This commit does **not** aim to: - Rename any Ruby classes or methods. This might be done in a future commit - Change any URLs. This would break existing integrations - Make any changes to the protocol. This would break existing integrations - Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately The risks are: - There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical. - If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working. A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2021-02-08 05:04:33 -05:00
it 'ensures discourse_connect_overrides_avatar is not enabled when uploading an avatar' do
SiteSetting.discourse_connect_overrides_avatar = true
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: { file: logo, type: "avatar" }
expect(response.status).to eq(422)
FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side
2015-11-12 04:26:45 -05:00
end
FIX: Always allow admins upload selectable avatars.
2018-12-05 07:35:59 -05:00
it 'always allows admins to upload avatars' do
sign_in(Fabricate(:admin))
SiteSetting.allow_uploaded_avatars = false
post "/uploads.json", params: { file: logo, type: "avatar" }
expect(response.status).to eq(200)
end
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 16:41:29 -04:00
it 'allows staff to upload any file in PM' do
SiteSetting.authorized_extensions = "jpg"
SiteSetting.allow_staff_to_upload_any_file_in_pm = true
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
user.update_columns(moderator: true)
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 16:41:29 -04:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: {
FEATURE: uploads are processed a faster Also cleans up API to always return 422 on upload error. (previously returned 200) Uploads are processed using new hijack pattern
2017-11-26 20:43:18 -05:00
file: text_file,
type: "composer",
for_private_message: "true",
}
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 16:41:29 -04:00
DEV: Assert for 200 response code to avoid changing magic helper in the future.
2018-06-07 04:11:09 -04:00
expect(response.status).to eq(200)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
id = response.parsed_body["id"]
FEATURE: Upload Site Settings. (#6573)
2018-11-14 02:03:02 -05:00
expect(Upload.last.id).to eq(id)
end
it 'allows staff to upload supported images for site settings' do
SiteSetting.authorized_extensions = ''
user.update!(admin: true)
post "/uploads.json", params: {
file: logo,
type: "site_setting",
for_site_setting: "true",
}
expect(response.status).to eq(200)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
id = response.parsed_body["id"]
FEATURE: Upload Site Settings. (#6573)
2018-11-14 02:03:02 -05:00
upload = Upload.last
expect(upload.id).to eq(id)
FIX: randomize file name when created from fixtures (#9731) * FIX: randomize file name when created from fixtures When a temporary file is created from fixtures it should have a unique name. It is to prevent a collision in parallel specs evaluation * FIX: use /tmp/pid folder to keep fixture files
2020-05-18 19:09:36 -04:00
expect(upload.original_filename).to eq(logo_filename)
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 16:41:29 -04:00
end
FEATURE: New site setting for additional allowed filetypes for staff (#5364) * FEATURE: New site setting for additional allowed filetypes for staff * Problematic variable name * feedback * small issues * fix indentation * failing tests * Remove message bus and fix minor issues * Missed this message bus
2018-02-19 04:44:24 -05:00
it 'respects `authorized_extensions_for_staff` setting when staff upload file' do
SiteSetting.authorized_extensions = ""
SiteSetting.authorized_extensions_for_staff = "*"
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
user.update_columns(moderator: true)
FEATURE: New site setting for additional allowed filetypes for staff (#5364) * FEATURE: New site setting for additional allowed filetypes for staff * Problematic variable name * feedback * small issues * fix indentation * failing tests * Remove message bus and fix minor issues * Missed this message bus
2018-02-19 04:44:24 -05:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: {
FEATURE: New site setting for additional allowed filetypes for staff (#5364) * FEATURE: New site setting for additional allowed filetypes for staff * Problematic variable name * feedback * small issues * fix indentation * failing tests * Remove message bus and fix minor issues * Missed this message bus
2018-02-19 04:44:24 -05:00
file: text_file,
type: "composer",
}
DEV: Assert for 200 response code to avoid changing magic helper in the future.
2018-06-07 04:11:09 -04:00
expect(response.status).to eq(200)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
data = response.parsed_body
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(data["id"]).to be_present
FEATURE: New site setting for additional allowed filetypes for staff (#5364) * FEATURE: New site setting for additional allowed filetypes for staff * Problematic variable name * feedback * small issues * fix indentation * failing tests * Remove message bus and fix minor issues * Missed this message bus
2018-02-19 04:44:24 -05:00
end
it 'ignores `authorized_extensions_for_staff` setting when non-staff upload file' do
SiteSetting.authorized_extensions = ""
SiteSetting.authorized_extensions_for_staff = "*"
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: {
FEATURE: New site setting for additional allowed filetypes for staff (#5364) * FEATURE: New site setting for additional allowed filetypes for staff * Problematic variable name * feedback * small issues * fix indentation * failing tests * Remove message bus and fix minor issues * Missed this message bus
2018-02-19 04:44:24 -05:00
file: text_file,
type: "composer",
}
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
data = response.parsed_body
FEATURE: New site setting for additional allowed filetypes for staff (#5364) * FEATURE: New site setting for additional allowed filetypes for staff * Problematic variable name * feedback * small issues * fix indentation * failing tests * Remove message bus and fix minor issues * Missed this message bus
2018-02-19 04:44:24 -05:00
expect(data["errors"].first).to eq(I18n.t("upload.unauthorized", authorized_extensions: ''))
end
SECURITY: ensure we never accept fake images
2015-12-21 10:08:14 -05:00
it 'returns an error when it could not determine the dimensions of an image' do
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
post "/uploads.json", params: { file: fake_jpg, type: "composer" }
SECURITY: ensure we never accept fake images
2015-12-21 10:08:14 -05:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(response.status).to eq(422)
expect(Jobs::CreateAvatarThumbnails.jobs.size).to eq(0)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
message = response.parsed_body["errors"]
FEATURE: uploads are processed a faster Also cleans up API to always return 422 on upload error. (previously returned 200) Uploads are processed using new hijack pattern
2017-11-26 20:43:18 -05:00
expect(message).to contain_exactly(I18n.t("upload.images.size_not_found"))
SECURITY: ensure we never accept fake images
2015-12-21 10:08:14 -05:00
end
add UploadsController specs
2013-04-02 19:17:17 -04:00
end
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
def upload_file(file, folder = "images")
fake_logo = Rack::Test::UploadedFile.new(file_from_fixtures(file, folder))
SiteSetting.authorized_extensions = "*"
sign_in(user)
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
post "/uploads.json", params: {
file: fake_logo,
type: "composer",
}
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
expect(response.status).to eq(200)
DEV: Improve specs to use `upload_s3` fabricator.
2019-05-14 20:42:17 -04:00
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
url = response.parsed_body["url"]
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
upload = Upload.get_from_url(url)
upload
end
DEV: Improve specs to use `upload_s3` fabricator.
2019-05-14 20:42:17 -04:00
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
describe '#show' do
let(:site) { "default" }
let(:sha) { Digest::SHA1.hexdigest("discourse") }
FIX: consistent and future-proof upload storage pattern
2015-05-19 06:31:12 -04:00
FIX: return 404 only if upload url also not internal.
2019-05-14 16:36:54 -04:00
context "when using external storage" do
DEV: Improve specs to use `upload_s3` fabricator.
2019-05-14 20:42:17 -04:00
fab!(:upload) { upload_file("small.pdf", "pdf") }
FIX: return 404 only if upload url also not internal.
2019-05-14 16:36:54 -04:00
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
setup_s3
FIX: return 404 only if upload url also not internal.
2019-05-14 16:36:54 -04:00
end
FIX: consistent and future-proof upload storage pattern
2015-05-19 06:31:12 -04:00
DEV: Improve specs to use `upload_s3` fabricator.
2019-05-14 20:42:17 -04:00
it "returns 404 " do
upload = Fabricate(:upload_s3)
get "/uploads/#{site}/#{upload.sha1}.#{upload.extension}"
FIX: return 404 only if upload url also not internal.
2019-05-14 16:36:54 -04:00
expect(response.response_code).to eq(404)
end
it "returns upload if url not migrated" do
DEV: Improve specs to use `upload_s3` fabricator.
2019-05-14 20:42:17 -04:00
get "/uploads/#{site}/#{upload.sha1}.#{upload.extension}"
FIX: return 404 only if upload url also not internal.
2019-05-14 16:36:54 -04:00
expect(response.status).to eq(200)
end
proper content-disposition header when downloading attachments
2013-09-06 13:18:42 -04:00
end
add test case for handling uploads without extension
2016-12-19 13:39:04 -05:00
it "returns 404 when the upload doesn't exist" do
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
get "/uploads/#{site}/#{sha}.pdf"
expect(response.status).to eq(404)
proper content-disposition header when downloading attachments
2013-09-06 13:18:42 -04:00
end
FIX: Better error handling if a file cannot be sent If for some reason `Discourse.store.path_for` returns `nil`, the forum would throw an error rather than returning 404. Why would it be `nil`? One cause could be changing the type of file store and having the `url` field no longer be relative.
2019-01-29 16:47:25 -05:00
it "returns 404 when the path is nil" do
upload = upload_file("logo.png")
upload.update_column(:url, "invalid-url")
get "/uploads/#{site}/#{upload.sha1}.#{upload.extension}"
expect(response.status).to eq(404)
end
proper content-disposition header when downloading attachments
2013-09-06 13:18:42 -04:00
it 'uses send_file' do
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
upload = upload_file("logo.png")
get "/uploads/#{site}/#{upload.sha1}.#{upload.extension}"
expect(response.status).to eq(200)
DEV: Add support for Rails 6 Minor fixes to add Rails 6 support to Discourse, we now will boot with RAILS_MASTER=1, all specs pass Only one tiny deprecation left Largest change was the way ActiveModel:Errors changed interface a bit but there is a simple backwards compat way of working it
2019-04-30 02:58:18 -04:00
FIX: Correctly encode non-ASCII filenames in HTTP header Backport of fix from Rails 6: https://github.com/rails/rails/commit/890485cfce4c361c03a41ec23b0ba187007818cc
2019-08-07 11:00:43 -04:00
expect(response.headers["Content-Disposition"])
FIX: randomize file name when created from fixtures (#9731) * FIX: randomize file name when created from fixtures When a temporary file is created from fixtures it should have a unique name. It is to prevent a collision in parallel specs evaluation * FIX: use /tmp/pid folder to keep fixture files
2020-05-18 19:09:36 -04:00
.to eq(%Q|attachment; filename="#{upload.original_filename}"; filename*=UTF-8''#{upload.original_filename}|)
proper content-disposition header when downloading attachments
2013-09-06 13:18:42 -04:00
end
FIX: Allow themes to upload and serve js files (#8188) If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error: `Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.` The reason is that content type is `application/javascript` and in Rails 5 guard looked like that: https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280 However, in Rails 6 `application` was added to regex: https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284 This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8
2019-10-14 00:40:33 -04:00
it 'returns 200 when js file' do
Revert "FIX: public_file_server.enabled is false in test (#8192)" (#8196) This reverts commit 5a8fdd02fe209872b2e2452b9b83e227dfed1727.
2019-10-15 19:39:31 -04:00
ActionDispatch::FileHandler.any_instance.stubs(:match?).returns(false)
FIX: Allow themes to upload and serve js files (#8188) If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error: `Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.` The reason is that content type is `application/javascript` and in Rails 5 guard looked like that: https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280 However, in Rails 6 `application` was added to regex: https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284 This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8
2019-10-14 00:40:33 -04:00
upload = upload_file("test.js", "themes")
get upload.url
expect(response.status).to eq(200)
end
correct specs
2018-08-19 22:41:46 -04:00
it "handles image without extension" do
add test case for handling uploads without extension
2016-12-19 13:39:04 -05:00
SiteSetting.authorized_extensions = "*"
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
upload = upload_file("image_no_extension")
add test case for handling uploads without extension
2016-12-19 13:39:04 -05:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
get "/uploads/#{site}/#{upload.sha1}.json"
expect(response.status).to eq(200)
FIX: Correctly encode non-ASCII filenames in HTTP header Backport of fix from Rails 6: https://github.com/rails/rails/commit/890485cfce4c361c03a41ec23b0ba187007818cc
2019-08-07 11:00:43 -04:00
expect(response.headers["Content-Disposition"])
FIX: randomize file name when created from fixtures (#9731) * FIX: randomize file name when created from fixtures When a temporary file is created from fixtures it should have a unique name. It is to prevent a collision in parallel specs evaluation * FIX: use /tmp/pid folder to keep fixture files
2020-05-18 19:09:36 -04:00
.to eq(%Q|attachment; filename="#{upload.original_filename}"; filename*=UTF-8''#{upload.original_filename}|)
correct specs
2018-08-19 22:41:46 -04:00
end
it "handles file without extension" do
SiteSetting.authorized_extensions = "*"
upload = upload_file("not_an_image")
get "/uploads/#{site}/#{upload.sha1}.json"
expect(response.status).to eq(200)
FIX: Correctly encode non-ASCII filenames in HTTP header Backport of fix from Rails 6: https://github.com/rails/rails/commit/890485cfce4c361c03a41ec23b0ba187007818cc
2019-08-07 11:00:43 -04:00
expect(response.headers["Content-Disposition"])
FIX: randomize file name when created from fixtures (#9731) * FIX: randomize file name when created from fixtures When a temporary file is created from fixtures it should have a unique name. It is to prevent a collision in parallel specs evaluation * FIX: use /tmp/pid folder to keep fixture files
2020-05-18 19:09:36 -04:00
.to eq(%Q|attachment; filename="#{upload.original_filename}"; filename*=UTF-8''#{upload.original_filename}|)
add test case for handling uploads without extension
2016-12-19 13:39:04 -05:00
end
FEATURE: new 'prevent anons from download files' site setting
2014-09-09 12:40:11 -04:00
context "prevent anons from downloading files" do
it "returns 404 when an anonymous user tries to download a file" do
DEV: fix and skip upload_controller test This test of `prevent_anons_from_downloading_files` was testing an image instead of an attachment and it was testing the wrong upload URL. I fixed the test, but with `config.public_file_server.enabled = true` on the test environment, this will always fail, as preventing anonymous file downloads depends on nginx. So, I marked the test as skipped, for now.
2019-04-18 12:58:39 -04:00
upload = upload_file("small.pdf", "pdf")
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
delete "/session/#{user.username}.json"
FIX: consistent and future-proof upload storage pattern
2015-05-19 06:31:12 -04:00
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
SiteSetting.prevent_anons_from_downloading_files = true
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-05 23:27:24 -04:00
get "/uploads/#{site}/#{upload.sha1}.#{upload.extension}"
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(response.status).to eq(404)
FEATURE: new 'prevent anons from download files' site setting
2014-09-09 12:40:11 -04:00
end
end
proper content-disposition header when downloading attachments
2013-09-06 13:18:42 -04:00
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
describe "#show_short" do
SECURITY: Ensure only image uploads can be inlined This prevents malicious files (for example special crafted XMLs) to be used in XSS attacks.
2019-12-11 08:21:41 -05:00
it 'inlines only supported image files' do
upload = upload_file("smallest.png")
get upload.short_path, params: { inline: true }
expect(response.header['Content-Type']).to eq('image/png')
expect(response.header['Content-Disposition']).to include('inline;')
upload.update!(original_filename: "test.xml")
get upload.short_path, params: { inline: true }
expect(response.header['Content-Type']).to eq('application/xml')
expect(response.header['Content-Disposition']).to include('attachment;')
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
describe "local store" do
fab!(:image_upload) { upload_file("smallest.png") }
it "returns the right response" do
get image_upload.short_path
expect(response.status).to eq(200)
expect(response.headers["Content-Disposition"])
.to include("attachment; filename=\"#{image_upload.original_filename}\"")
end
it "returns the right response when `inline` param is given" do
get "#{image_upload.short_path}?inline=1"
expect(response.status).to eq(200)
expect(response.headers["Content-Disposition"])
.to include("inline; filename=\"#{image_upload.original_filename}\"")
end
it "returns the right response when base62 param is invalid " do
get "/uploads/short-url/12345.png"
expect(response.status).to eq(404)
end
FIX: allow underscore in file extension while downloading the uploads.
2020-01-02 23:39:07 -05:00
it "returns uploads with underscore in extension correctly" do
fake_upload = upload_file("fake.not_image")
get fake_upload.short_path
expect(response.status).to eq(200)
end
FIX: Be able to handle long file extensions (#12375) * FIX: Be able to handle long file extensions Some applications have really long file extensions, but if we truncate them weird behavior ensues. This commit changes the file extension size from 10 characters to 255 characters instead. See: https://meta.discourse.org/t/182824 * Keep truncation at 10, but allow uppercase and dashes
2021-03-17 14:01:29 -04:00
it "returns uploads with a dash and uppercase in extension correctly" do
fake_upload = upload_file("fake.long-FileExtension")
get fake_upload.short_path
expect(response.status).to eq(200)
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
it "returns the right response when anon tries to download a file " \
FIX: Change secure media to encompass attachments as well (#9271) If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”. This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-25 17:16:02 -04:00
"when prevent_anons_from_downloading_files is true" do
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
delete "/session/#{user.username}.json"
SiteSetting.prevent_anons_from_downloading_files = true
get image_upload.short_path
expect(response.status).to eq(404)
end
end
describe "s3 store" do
let(:upload) { Fabricate(:upload_s3) }
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
setup_s3
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
end
it "should redirect to the s3 URL" do
get upload.short_path
expect(response).to redirect_to(upload.url)
end
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
context "when upload is secure and secure media enabled" do
before do
SiteSetting.secure_media = true
upload.update(secure: true)
end
it "redirects to the signed_url_for_path" do
FIX: Change secure media to encompass attachments as well (#9271) If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”. This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-25 17:16:02 -04:00
sign_in(user)
DEV: Fix flaky `signed_url_for_path` spec AWS gem uses internally `Time.now` to generate the presigned URLs, so often two consecutive calls with the same params would give different results.
2020-03-10 18:22:26 -04:00
freeze_time
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
get upload.short_path
expect(response).to redirect_to(Discourse.store.signed_url_for_path(Discourse.store.get_path_for_upload(upload)))
FIX: Respect force download when downloading secure media via lightbox (#10769) The download link on the lightbox for images was not downloading the image if the upload was marked secure, because the code in the upload controller route was not respecting the dl=1 param for force download. This PR fixes this so the download link works for secure images as well as regular ligthboxed images.
2020-09-28 22:12:03 -04:00
expect(response.header['Location']).not_to include('response-content-disposition=attachment')
end
it "respects the force download (dl) param" do
sign_in(user)
freeze_time
get upload.short_path, params: { dl: '1' }
expect(response.header['Location']).to include('response-content-disposition=attachment')
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
end
UX: Allow secure media URLs to be cached for a short period of time Signed S3 URLs are valid for 15 seconds, so we can safely allow the browser to cache them for 10 seconds. This should help with large numbers of requests when composing a post with many images.
2020-05-18 10:00:41 -04:00
it "has the correct caching header" do
sign_in(user)
get upload.short_path
expected_max_age = S3Helper::DOWNLOAD_URL_EXPIRES_AFTER_SECONDS - UploadsController::SECURE_REDIRECT_GRACE_SECONDS
expect(expected_max_age).to be > 0 # Sanity check that the constants haven't been set to broken values
expect(response.headers["Cache-Control"]).to eq("max-age=#{expected_max_age}, private")
end
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
it "raises invalid access if the user cannot access the upload access control post" do
FIX: Change secure media to encompass attachments as well (#9271) If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”. This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-25 17:16:02 -04:00
sign_in(user)
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
post = Fabricate(:post)
post.topic.change_category_to_id(Fabricate(:private_category, group: Fabricate(:group)).id)
upload.update(access_control_post: post)
get upload.short_path
expect(response.code).to eq("403")
end
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
end
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
describe "#show_secure" do
describe "local store" do
fab!(:image_upload) { upload_file("smallest.png") }
it "does not return secure media when using local store" do
secure_url = image_upload.url.sub("/uploads", "/secure-media-uploads")
get secure_url
expect(response.status).to eq(404)
end
end
describe "s3 store" do
let(:upload) { Fabricate(:upload_s3) }
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
let(:secure_url) { upload.url.sub(SiteSetting.Upload.absolute_base_url, "/secure-media-uploads") }
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
setup_s3
FIX: Change secure media to encompass attachments as well (#9271) If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”. This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-25 17:16:02 -04:00
SiteSetting.authorized_extensions = "*"
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
SiteSetting.secure_media = true
end
it "should return 404 for anonymous requests requests" do
get secure_url
expect(response.status).to eq(404)
end
it "should return signed url for legitimate request" do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
sign_in(user)
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
get secure_url
expect(response.status).to eq(302)
expect(response.redirect_url).to match("Amz-Expires")
end
it "should return secure media URL when looking up urls" do
upload.update_column(:secure, true)
sign_in(user)
post "/uploads/lookup-urls.json", params: { short_urls: [upload.short_url] }
expect(response.status).to eq(200)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
result = response.parsed_body
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
expect(result[0]["url"]).to match("secure-media-uploads")
end
FEATURE: Add rake task to disable secure media (#8669) * Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed. * Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
2020-01-06 21:27:24 -05:00
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
context "when the upload cannot be found from the URL" do
it "returns a 404" do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
sign_in(user)
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
upload.update(sha1: 'test')
get secure_url
expect(response.status).to eq(404)
end
end
context "when the access_control_post_id has been set for the upload" do
let(:post) { Fabricate(:post) }
let!(:private_category) { Fabricate(:private_category, group: Fabricate(:group)) }
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
sign_in(user)
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
upload.update(access_control_post_id: post.id)
end
context "when the user has access to the post via guardian" do
it "should return signed url for legitimate request" do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
sign_in(user)
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
get secure_url
expect(response.status).to eq(302)
expect(response.redirect_url).to match("Amz-Expires")
end
end
context "when the user does not have access to the post via guardian" do
before do
post.topic.change_category_to_id(private_category.id)
end
it "returns a 403" do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
sign_in(user)
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
get secure_url
expect(response.status).to eq(403)
end
end
end
FIX: Change secure media to encompass attachments as well (#9271) If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”. This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-25 17:16:02 -04:00
context "when the upload is an attachment file" do
before do
upload.update(original_filename: 'test.pdf')
end
it "redirects to the signed_url_for_path" do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
sign_in(user)
FIX: Change secure media to encompass attachments as well (#9271) If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”. This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-25 17:16:02 -04:00
get secure_url
expect(response.status).to eq(302)
expect(response.redirect_url).to match("Amz-Expires")
end
context "when the user does not have access to the access control post via guardian" do
let(:post) { Fabricate(:post) }
let!(:private_category) { Fabricate(:private_category, group: Fabricate(:group)) }
before do
post.topic.change_category_to_id(private_category.id)
upload.update(access_control_post_id: post.id)
end
it "returns a 403" do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
sign_in(user)
FIX: Change secure media to encompass attachments as well (#9271) If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”. This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-25 17:16:02 -04:00
get secure_url
expect(response.status).to eq(403)
end
end
context "when the prevent_anons_from_downloading_files setting is enabled and the user is anon" do
before do
SiteSetting.prevent_anons_from_downloading_files = true
end
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
FIX: Change secure media to encompass attachments as well (#9271) If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”. This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-25 17:16:02 -04:00
it "returns a 404" do
delete "/session/#{user.username}.json"
get secure_url
expect(response.status).to eq(404)
end
end
end
FEATURE: Add rake task to disable secure media (#8669) * Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed. * Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
2020-01-06 21:27:24 -05:00
context "when secure media is disabled" do
before do
SiteSetting.secure_media = false
end
Still redirect to signed URL for secure uploads if SiteSetting.secure_media is disabled we still want to redirect to the signed url for uploads that are marked as secure because their ACLs are probably still private
2020-01-06 23:02:17 -05:00
context "if the upload is secure false, meaning the ACL is probably public" do
before do
upload.update(secure: false)
end
FEATURE: Add rake task to disable secure media (#8669) * Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed. * Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
2020-01-06 21:27:24 -05:00
Still redirect to signed URL for secure uploads if SiteSetting.secure_media is disabled we still want to redirect to the signed url for uploads that are marked as secure because their ACLs are probably still private
2020-01-06 23:02:17 -05:00
it "should redirect to the regular show route" do
secure_url = upload.url.sub(SiteSetting.Upload.absolute_base_url, "/secure-media-uploads")
sign_in(user)
get secure_url
expect(response.status).to eq(302)
expect(response.redirect_url).to eq(Discourse.store.cdn_url(upload.url))
end
end
context "if the upload is secure true, meaning the ACL is probably private" do
before do
upload.update(secure: true)
end
it "should redirect to the presigned URL still otherwise we will get a 403" do
secure_url = upload.url.sub(SiteSetting.Upload.absolute_base_url, "/secure-media-uploads")
sign_in(user)
get secure_url
expect(response.status).to eq(302)
expect(response.redirect_url).to match("Amz-Expires")
end
FEATURE: Add rake task to disable secure media (#8669) * Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed. * Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
2020-01-06 21:27:24 -05:00
end
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
end
end
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
describe '#lookup_urls' do
it 'can look up long urls' do
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
sign_in(user)
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
upload = Fabricate(:upload)
post "/uploads/lookup-urls.json", params: { short_urls: [upload.short_url] }
expect(response.status).to eq(200)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
result = response.parsed_body
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
expect(result[0]["url"]).to eq(upload.url)
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
expect(result[0]["short_path"]).to eq(upload.short_path)
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
describe 'secure media' do
let(:upload) { Fabricate(:upload_s3, secure: true) }
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 07:32:25 -04:00
setup_s3
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
SiteSetting.authorized_extensions = "pdf|png"
SiteSetting.secure_media = true
end
it 'returns secure url for a secure media upload' do
sign_in(user)
post "/uploads/lookup-urls.json", params: { short_urls: [upload.short_url] }
expect(response.status).to eq(200)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
result = response.parsed_body
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
expect(result[0]["url"]).to match("/secure-media-uploads")
expect(result[0]["short_path"]).to eq(upload.short_path)
end
FIX: Use full URL for secure attachments when secure media enabled (#9037) When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
2020-03-03 18:11:08 -05:00
it 'returns secure urls for non-media uploads' do
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
upload.update!(original_filename: "not-an-image.pdf", extension: "pdf")
sign_in(user)
post "/uploads/lookup-urls.json", params: { short_urls: [upload.short_url] }
expect(response.status).to eq(200)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
result = response.parsed_body
FIX: Use full URL for secure attachments when secure media enabled (#9037) When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
2020-03-03 18:11:08 -05:00
expect(result[0]["url"]).to match("/secure-media-uploads")
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
expect(result[0]["short_path"]).to eq(upload.short_path)
end
end
REFACTOR: uploads controller specs to requests (#5907)
2018-06-03 23:13:52 -04:00
end
UX: Lightbox support for image uploader. (#7034)
2019-02-20 21:13:37 -05:00
describe '#metadata' do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-06 23:12:20 -04:00
fab!(:upload) { Fabricate(:upload) }
UX: Lightbox support for image uploader. (#7034)
2019-02-20 21:13:37 -05:00
describe 'when url is missing' do
it 'should return the right response' do
post "/uploads/lookup-metadata.json"
expect(response.status).to eq(403)
end
end
describe 'when not signed in' do
it 'should return the right response' do
post "/uploads/lookup-metadata.json", params: { url: upload.url }
expect(response.status).to eq(403)
end
end
describe 'when signed in' do
before do
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
sign_in(user)
UX: Lightbox support for image uploader. (#7034)
2019-02-20 21:13:37 -05:00
end
describe 'when url is invalid' do
it 'should return the right response' do
post "/uploads/lookup-metadata.json", params: { url: 'abc' }
expect(response.status).to eq(404)
end
end
it "should return the right response" do
post "/uploads/lookup-metadata.json", params: { url: upload.url }
expect(response.status).to eq(200)
DEV: Use `response.parsed_body` in specs (#9615) Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 11:04:12 -04:00
result = response.parsed_body
UX: Lightbox support for image uploader. (#7034)
2019-02-20 21:13:37 -05:00
expect(result["original_filename"]).to eq(upload.original_filename)
expect(result["width"]).to eq(upload.width)
expect(result["height"]).to eq(upload.height)
expect(result["human_filesize"]).to eq(upload.human_filesize)
end
end
end
FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787) This adds a few different things to allow for direct S3 uploads using uppy. **These changes are still not the default.** There are hidden `enable_experimental_image_uploader` and `enable_direct_s3_uploads` settings that must be turned on for any of this code to be used, and even if they are turned on only the User Card Background for the user profile actually uses uppy-image-uploader. A new `ExternalUploadStub` model and database table is introduced in this pull request. This is used to keep track of uploads that are uploaded to a temporary location in S3 with the direct to S3 code, and they are eventually deleted a) when the direct upload is completed and b) after a certain time period of not being used. ### Starting a direct S3 upload When an S3 direct upload is initiated with uppy, we first request a presigned PUT URL from the new `generate-presigned-put` endpoint in `UploadsController`. This generates an S3 key in the `temp` folder inside the correct bucket path, along with any metadata from the clientside (e.g. the SHA1 checksum described below). This will also create an `ExternalUploadStub` and store the details of the temp object key and the file being uploaded. Once the clientside has this URL, uppy will upload the file direct to S3 using the presigned URL. Once the upload is complete we go to the next stage. ### Completing a direct S3 upload Once the upload to S3 is done we call the new `complete-external-upload` route with the unique identifier of the `ExternalUploadStub` created earlier. Only the user who made the stub can complete the external upload. One of two paths is followed via the `ExternalUploadManager`. 1. If the object in S3 is too large (currently 100mb defined by `ExternalUploadManager::DOWNLOAD_LIMIT`) we do not download and generate the SHA1 for that file. Instead we create the `Upload` record via `UploadCreator` and simply copy it to its final destination on S3 then delete the initial temp file. Several modifications to `UploadCreator` have been made to accommodate this. 2. If the object in S3 is small enough, we download it. When the temporary S3 file is downloaded, we compare the SHA1 checksum generated by the browser with the actual SHA1 checksum of the file generated by ruby. The browser SHA1 checksum is stored on the object in S3 with metadata, and is generated via the `UppyChecksum` plugin. Keep in mind that some browsers will not generate this due to compatibility or other issues. We then follow the normal `UploadCreator` path with one exception. To cut down on having to re-upload the file again, if there are no changes (such as resizing etc) to the file in `UploadCreator` we follow the same copy + delete temp path that we do for files that are too large. 3. Finally we return the serialized upload record back to the client There are several errors that could happen that are handled by `UploadsController` as well. Also in this PR is some refactoring of `displayErrorForUpload` to handle both uppy and jquery file uploader errors.
2021-07-27 18:42:25 -04:00
describe "#generate_presigned_put" do
before do
sign_in(user)
end
context "when the store is external" do
before do
SiteSetting.enable_direct_s3_uploads = true
setup_s3
end
it "errors if the correct params are not provided" do
post "/uploads/generate-presigned-put.json", params: { file_name: "test.png" }
expect(response.status).to eq(400)
post "/uploads/generate-presigned-put.json", params: { type: "card_background" }
expect(response.status).to eq(400)
end
it "generates a presigned URL and creates an external upload stub" do
post "/uploads/generate-presigned-put.json", params: { file_name: "test.png", type: "card_background" }
expect(response.status).to eq(200)
result = response.parsed_body
external_upload_stub = ExternalUploadStub.where(
unique_identifier: result["unique_identifier"],
original_filename: "test.png",
created_by: user,
upload_type: "card_background"
)
expect(external_upload_stub.exists?).to eq(true)
expect(result["key"]).to include(FileStore::S3Store::TEMPORARY_UPLOAD_PREFIX)
expect(result["url"]).to include(FileStore::S3Store::TEMPORARY_UPLOAD_PREFIX)
expect(result["url"]).to include("Amz-Expires")
end
it "includes accepted metadata in the presigned url when provided" do
post "/uploads/generate-presigned-put.json", {
params: {
file_name: "test.png",
type: "card_background",
metadata: {
"sha1-checksum" => "testing",
"blah" => "wontbeincluded"
}
}
}
expect(response.status).to eq(200)
result = response.parsed_body
expect(result['url']).to include("&x-amz-meta-sha1-checksum=testing")
expect(result['url']).not_to include("&x-amz-meta-blah=wontbeincluded")
end
it "rate limits" do
RateLimiter.enable
stub_const(UploadsController, "PRESIGNED_PUT_RATE_LIMIT_PER_MINUTE", 1) do
post "/uploads/generate-presigned-put.json", params: { file_name: "test.png", type: "card_background" }
post "/uploads/generate-presigned-put.json", params: { file_name: "test.png", type: "card_background" }
end
expect(response.status).to eq(429)
end
end
context "when the store is not external" do
it "returns 404" do
post "/uploads/generate-presigned-put.json", params: { file_name: "test.png", type: "card_background" }
expect(response.status).to eq(404)
end
end
end
describe "#complete_external_upload" do
before do
sign_in(user)
end
context "when the store is external" do
fab!(:external_upload_stub) { Fabricate(:external_upload_stub, created_by: user) }
let(:upload) { Fabricate(:upload) }
before do
SiteSetting.enable_direct_s3_uploads = true
SiteSetting.enable_upload_debug_mode = true
setup_s3
end
it "returns 404 when the upload stub does not exist" do
post "/uploads/complete-external-upload.json", params: { unique_identifier: "unknown" }
expect(response.status).to eq(404)
end
it "returns 404 when the upload stub does not belong to the user" do
external_upload_stub.update!(created_by: Fabricate(:user))
post "/uploads/complete-external-upload.json", params: { unique_identifier: external_upload_stub.unique_identifier }
expect(response.status).to eq(404)
end
it "handles ChecksumMismatchError" do
ExternalUploadManager.any_instance.stubs(:promote_to_upload!).raises(ExternalUploadManager::ChecksumMismatchError)
post "/uploads/complete-external-upload.json", params: { unique_identifier: external_upload_stub.unique_identifier }
expect(response.status).to eq(422)
expect(response.parsed_body["errors"].first).to eq(I18n.t("upload.failed"))
end
it "handles CannotPromoteError" do
ExternalUploadManager.any_instance.stubs(:promote_to_upload!).raises(ExternalUploadManager::CannotPromoteError)
post "/uploads/complete-external-upload.json", params: { unique_identifier: external_upload_stub.unique_identifier }
expect(response.status).to eq(422)
expect(response.parsed_body["errors"].first).to eq(I18n.t("upload.failed"))
end
it "handles DownloadFailedError and Aws::S3::Errors::NotFound" do
ExternalUploadManager.any_instance.stubs(:promote_to_upload!).raises(ExternalUploadManager::DownloadFailedError)
post "/uploads/complete-external-upload.json", params: { unique_identifier: external_upload_stub.unique_identifier }
expect(response.status).to eq(422)
expect(response.parsed_body["errors"].first).to eq(I18n.t("upload.failed"))
ExternalUploadManager.any_instance.stubs(:promote_to_upload!).raises(Aws::S3::Errors::NotFound.new("error", "not found"))
post "/uploads/complete-external-upload.json", params: { unique_identifier: external_upload_stub.unique_identifier }
expect(response.status).to eq(422)
expect(response.parsed_body["errors"].first).to eq(I18n.t("upload.failed"))
end
it "handles a generic upload failure" do
ExternalUploadManager.any_instance.stubs(:promote_to_upload!).raises(StandardError)
post "/uploads/complete-external-upload.json", params: { unique_identifier: external_upload_stub.unique_identifier }
expect(response.status).to eq(422)
expect(response.parsed_body["errors"].first).to eq(I18n.t("upload.failed"))
end
it "handles validation errors on the upload" do
upload.errors.add(:base, "test error")
ExternalUploadManager.any_instance.stubs(:promote_to_upload!).returns(upload)
post "/uploads/complete-external-upload.json", params: { unique_identifier: external_upload_stub.unique_identifier }
expect(response.status).to eq(422)
expect(response.parsed_body["errors"]).to eq(["test error"])
end
it "deletes the stub and returns the serialized upload when complete" do
ExternalUploadManager.any_instance.stubs(:promote_to_upload!).returns(upload)
post "/uploads/complete-external-upload.json", params: { unique_identifier: external_upload_stub.unique_identifier }
expect(ExternalUploadStub.exists?(id: external_upload_stub.id)).to eq(false)
expect(response.status).to eq(200)
expect(response.parsed_body).to eq(UploadsController.serialize_upload(upload))
end
end
context "when the store is not external" do
it "returns 404" do
post "/uploads/generate-presigned-put.json", params: { file_name: "test.png", type: "card_background" }
expect(response.status).to eq(404)
end
end
end
add UploadsController specs
2013-04-02 19:17:17 -04:00
end