Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/models
History
Martin Brennan 7c32411881
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 
### General Changes and Duplication

* We now consider a post `with_secure_media?` if it is in a read-restricted category.
* When uploading we now set an upload's secure status straight away.
* When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. 
* Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is).
* When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload.

### Viewing Secure Media

* The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions
* If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor`

### Removed

We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled.

* We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context.
* We no longer have to set `secure: false` for uploads when uploading for a theme component.
 		2020-01-16 13:50:27 +10:00
..
about_spec.rb PERF: speed up about page render time and limit category mods (#8112) 2019-10-03 21:48:56 +03:00
admin_dashboard_problem_spec.rb DEV: introduce new API to look up dynamic site setting 2019-05-07 11:00:30 +10:00
api_key_spec.rb FEATURE: Hash API keys in the database (#8438) 2019-12-12 11:45:00 +00:00
application_request_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
badge_spec.rb FIX: Badge and user title interaction fixes (#8282) 2019-11-08 15:34:24 +10:00
badge_type_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
category_featured_topic_spec.rb FEATURE: remove support for 'suppress_from_latest' category setting. (#8308) 2019-11-18 12:28:35 +05:30
category_group_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
category_list_spec.rb FEATURE: support to mute all categories by default. (#8295) 2019-11-08 08:28:11 +05:30
category_spec.rb FIX: Update topic/post counter correctly when category has zero topics (#8600) 2019-12-30 11:20:44 +00:00
category_user_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
child_theme_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
color_scheme_color_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
color_scheme_spec.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
developer_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
digest_email_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
directory_item_spec.rb DEV: improve flaky spec 2019-10-04 11:11:03 +10:00
discourse_single_sign_on_spec.rb FEATURE: ban any SSO attempts with invalid external id 2019-06-11 10:04:26 +10:00
draft_sequence_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
draft_spec.rb FIX: under some conditions draft would say it was saving when not 2019-10-31 17:15:58 +11:00
email_change_request_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
email_log_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
email_token_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
embeddable_host_spec.rb DEV: Remove RSS feed polling in favor of plugin (#8233) 2019-11-12 09:49:02 -06:00
emoji_spec.rb FIX: allows replacement of digits and symbols emojis (#7978) 2019-08-07 11:38:58 +02:00
given_daily_like_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
global_setting_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
group_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
group_spec.rb DEV: adds event hook when add/remove user to group (#8038) 2019-09-10 11:58:08 -05:00
group_user_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
incoming_link_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
incoming_links_report_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
invite_redeemer_spec.rb FIX: Use updated_at date to denote expired invites (#8521) 2019-12-17 10:13:49 -05:00
invite_spec.rb FIX: Use updated_at date to denote expired invites (#8521) 2019-12-17 10:13:49 -05:00
javascript_cache_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
locale_site_setting_spec.rb DEV: clean up potential locale leak 2019-06-03 12:42:29 +10:00
mailing_list_mode_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
notification_spec.rb DEV: handle all notification consolidations in new 'NotificationConsolidator' class. 2019-12-05 14:36:06 +05:30
optimized_image_spec.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
permalink_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
plugin_store_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_action_spec.rb DEV: handle all notification consolidations in new 'NotificationConsolidator' class. 2019-12-05 14:36:06 +05:30
post_action_type_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_analyzer_spec.rb FIX: Improve Onebox detection (#8019) 2019-09-10 13:59:48 +03:00
post_detail_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_mover_spec.rb Fix the build - take 3. 2019-12-05 20:35:39 +05:30
post_reply_key_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_reply_spec.rb DEV: update dependencies and add notes about exceptions 2019-12-06 13:00:28 +11:00
post_spec.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
post_timing_spec.rb FIX: Decrement posts read count when destroying post timings (#8172) 2019-10-08 15:39:23 -03:00
post_upload_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
quoted_post_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
remote_theme_spec.rb FIX: Allow importing themes with subdirectories in extra_js 2019-11-13 23:45:09 +00:00
report_spec.rb DEV: Improved performance of report spec (#8642) 2020-01-06 17:17:07 +11:00
reviewable_claimed_topic_spec.rb FIX: Don't log a claimed topic database error during tests 2020-01-09 12:32:05 -05:00
reviewable_flagged_post_spec.rb Spec should not depend on aliases 2019-10-01 18:33:53 -03:00
reviewable_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
reviewable_queued_post_spec.rb DEV: Allow specifying button class in reviewable action definitions (#8093) 2019-09-18 11:28:59 +01:00
reviewable_score_spec.rb FIX: Bots accuracy should be zero (#8654) 2020-01-02 13:24:24 -03:00
reviewable_spec.rb FIX: The 'reviewed' status filter should include deleted elements (#8630) 2019-12-30 14:56:17 -03:00
reviewable_user_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
s3_region_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
screened_email_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
screened_ip_address_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
screened_url_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
search_log_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_setting_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
site_spec.rb FEATURE: support to mute all categories by default. (#8295) 2019-11-08 08:28:11 +05:30
skipped_email_log_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
stylesheet_cache_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
tag_group_spec.rb FEATURE: Tag synonyms 2019-12-04 13:33:51 -05:00
tag_spec.rb FEATURE: Tag synonyms 2019-12-04 13:33:51 -05:00
tag_user_spec.rb FEATURE: Tag synonyms 2019-12-04 13:33:51 -05:00
theme_field_spec.rb DEV: Display a warning when themes hard-code optimized image links (#8304) 2019-11-12 14:30:19 +00:00
theme_spec.rb FEATURE: Ability to add components to all themes (#8404) 2019-11-28 16:19:01 +11:00
top_menu_item_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
top_topic_spec.rb DEV: correct spec failures in PG 12 2019-11-26 16:39:14 +11:00
topic_allowed_user_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_converter_spec.rb FIX: Update S3 stubs for more aws-sdk API changes (#8534) 2019-12-11 11:26:52 -08:00
topic_embed_spec.rb FIX: embedding topics would fail with some HTML 2019-08-07 12:45:55 +10:00
topic_featured_users_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_group_spec.rb FIX: Constraint error when inserting the same topic group twice 2019-12-12 13:10:46 -05:00
topic_invite_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_link_click_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_link_spec.rb FIX: inbound link when the only slug available (#8457) 2019-12-04 17:13:20 +11:00
topic_list_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_participants_summary_spec.rb DEV: Better topic participants summary spec 2019-11-18 09:43:14 -05:00
topic_posters_summary_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_spec.rb FEATURE: Featured topic for user profile & card (#8461) 2019-12-09 11:15:47 -08:00
topic_tag_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_timer_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_tracking_state_spec.rb FIX: topic_tracking_state when mute_all_categories_by_default is enabled 2020-01-06 18:22:42 +00:00
topic_user_spec.rb FIX: properly set notification levels on group invite 2019-08-16 18:23:51 +10:00
topic_view_item_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
translation_override_spec.rb FIX: Display site text overrides for non '_MF' keys (#8189) 2019-10-17 18:34:07 +02:00
trust_level3_requirements_spec.rb FEATURE: allow TL3 promotions for overturned penalties 2019-12-20 15:25:21 -08:00
unsubscribe_key_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
upload_spec.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
user_action_spec.rb Fix broken spec in 405ba00c08. 2019-05-08 15:45:25 +08:00
user_api_key_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_archived_message_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_auth_token_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_avatar_spec.rb FIX: Gravatar uploads being dependent on authorized_extensions. 2019-08-01 16:24:09 +08:00
user_badge_spec.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_email_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
user_export_spec.rb REVERT: DEV: should ignore missing post uploads when a user export destroyed 2019-07-25 19:41:25 +05:30
user_field_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_open_id_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_option_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
user_profile_spec.rb Revert "FIX: Add missing unique index on user_id for user_profiles." 2019-05-24 12:58:36 +08:00
user_profile_view_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_search_spec.rb SECURITY: Check permissions when autocompleting mentions 2019-10-28 11:01:47 +00:00
user_second_factor_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_spec.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_stat_spec.rb PERF: Cache user badge count in user_stats table (#8610) 2019-12-30 11:19:59 +00:00
user_summary_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_visit_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
username_validator_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
watched_word_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
web_crawler_request_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
web_hook_event_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
web_hook_spec.rb DEV: Remove code deprecated by the new Reviewable API (#8023) 2019-08-26 10:33:26 -03:00