FIX: Gravatar uploads being dependent on authorized_extensions.

2019-07-31 11:16:03 +08:00 · 2019-07-31 11:16:03 +08:00 · 7bd93eba3e
parent 20bc4a38a5
commit 7bd93eba3e
6 changed files with 23 additions and 3 deletions
--- a/app/models/upload.rb
+++ b/app/models/upload.rb
@ -29,6 +29,7 @@ class Upload < ActiveRecord::Base
  attr_accessor :for_private_message
  attr_accessor :for_export
  attr_accessor :for_site_setting
+  attr_accessor :for_gravatar

  validates_presence_of :filesize
  validates_presence_of :original_filename
--- a/app/models/user_avatar.rb
+++ b/app/models/user_avatar.rb
@ -43,7 +43,8 @@ class UserAvatar < ActiveRecord::Base
            tempfile,
            "gravatar#{ext}",
            origin: gravatar_url,
-            type: "avatar"
+            type: "avatar",
+            for_gravatar: true
          ).create_for(user_id)

          if gravatar_upload_id != upload.id
--- a/lib/file_helper.rb
+++ b/lib/file_helper.rb
@ -124,6 +124,10 @@ class FileHelper
    (@memoized ||= {})[args] ||= yield
  end

+  def self.supported_gravatar_extensions
+    @@supported_gravatar_images ||= Set.new(%w{jpg jpeg png gif})
+  end
+
  def self.supported_images
    @@supported_images ||= Set.new %w{jpg jpeg png gif svg ico}
  end
--- a/lib/upload_creator.rb
+++ b/lib/upload_creator.rb
@ -21,6 +21,7 @@ class UploadCreator
  #  - for_private_message (boolean)
  #  - pasted (boolean)
  #  - for_export (boolean)
+  #  - for_gravatar (boolean)
  def initialize(file, filename, opts = {})
    @file = file
    @filename = (filename || "").gsub(/[^[:print:]]/, "")
@ -116,6 +117,7 @@ class UploadCreator
      @upload.for_theme           = true if @opts[:for_theme]
      @upload.for_export          = true if @opts[:for_export]
      @upload.for_site_setting    = true if @opts[:for_site_setting]
+      @upload.for_gravatar        = true if @opts[:for_gravatar]

      return @upload unless @upload.save

--- a/lib/validators/upload_validator.rb
+++ b/lib/validators/upload_validator.rb
@ -26,6 +26,13 @@ class Validators::UploadValidator < ActiveModel::Validator
      return true
    end

+    if upload.for_gravatar &&
+       FileHelper.supported_gravatar_extensions.include?(extension)
+
+      maximum_image_file_size(upload)
+      return true
+    end
+
    if is_authorized?(upload, extension)
      if FileHelper.is_supported_image?(upload.original_filename)
        authorized_image_extension(upload, extension)
--- a/spec/models/user_avatar_spec.rb
+++ b/spec/models/user_avatar_spec.rb
@ -15,7 +15,7 @@ describe UserAvatar do
      before do
        temp.binmode
        # tiny valid png
-        temp.write(Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw=="))
+        temp.write(Base64.decode64("iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg=="))
        temp.rewind
        FileHelper.expects(:download).returns(temp)
      end
@ -28,7 +28,6 @@ describe UserAvatar do
        freeze_time Time.now

        expect { avatar.update_gravatar! }.to change { Upload.count }.by(1)
-
        expect(avatar.gravatar_upload).to eq(Upload.last)
        expect(avatar.last_gravatar_download_attempt).to eq(Time.now)
        expect(user.reload.uploaded_avatar).to eq(nil)
@ -36,7 +35,13 @@ describe UserAvatar do
        expect do
          avatar.destroy
        end.to_not change { Upload.count }
+      end

+      it "updates gravatars even if uploads have been disabled" do
+        SiteSetting.authorized_extensions = ""
+
+        expect { avatar.update_gravatar! }.to change { Upload.count }.by(1)
+        expect(avatar.gravatar_upload).to eq(Upload.last)
      end

      describe 'when user has an existing custom upload' do