discourse/spec/system/admin_about_config_area_spec.rb
Osama Sayegh eaa3f813c1
FIX: Don't secure the about banner image ()
Uploads that are linked to site settings shouldn't be flagged as secure in login-required sites that enable secure uploads. However, in order for site setting uploads to not be marked secured, the frontend uploader has to include 2 params in the upload request: `for_site_setting: true` and `type: "site_setting"`.

Since these 2 params are semantically identical, we want the `type: "site_setting"` param alone to make the upload correctly treated as a site setting upload. To achieve that, we need to include the `site_setting` type in the public types list because the `for_site_setting` param has the same effect — it marks the upload as a public type.

b138eaf9e5/lib/upload_security.rb (L128-L131)
2024-11-25 11:12:00 +03:00

216 lines
8.5 KiB
Ruby
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# frozen_string_literal: true
describe "Admin About Config Area Page", type: :system do
fab!(:admin)
fab!(:image_upload)
let(:config_area) { PageObjects::Pages::AdminAboutConfigArea.new }
before { sign_in(admin) }
context "when all fields have existing values" do
before do
SiteSetting.title = "my forums title"
SiteSetting.site_description = "this is a description for my forums"
SiteSetting.about_banner_image = image_upload
SiteSetting.extended_site_description = "this is an extended description for my forums"
SiteSetting.short_site_description = "short description for browser tab"
SiteSetting.community_owner = "kitty"
SiteSetting.contact_email = "kitty@litterbox.com"
SiteSetting.contact_url = "https://hello.com"
SiteSetting.site_contact_username = admin.username
SiteSetting.site_contact_group_name = admin.groups.first.name
SiteSetting.company_name = "kitty company inc."
SiteSetting.governing_law = "kitty jurisdiction"
SiteSetting.city_for_disputes = "no disputes allowed"
end
it "populates all input fields correctly" do
config_area.visit
expect(config_area.general_settings_section.community_name_input.value).to eq(
"my forums title",
)
expect(config_area.general_settings_section.community_summary_input.value).to eq(
"this is a description for my forums",
)
expect(config_area.general_settings_section.community_description_editor.value).to eq(
"this is an extended description for my forums",
)
expect(config_area.general_settings_section.community_title_input.value).to eq(
"short description for browser tab",
)
expect(config_area.general_settings_section.banner_image_uploader).to have_uploaded_image
expect(config_area.contact_information_section.community_owner_input.value).to eq("kitty")
expect(config_area.contact_information_section.contact_email_input.value).to eq(
"kitty@litterbox.com",
)
expect(config_area.contact_information_section.contact_url_input.value).to eq(
"https://hello.com",
)
expect(
config_area.contact_information_section.site_contact_user_selector,
).to have_selected_value(admin.username)
expect(
config_area.contact_information_section.site_contact_group_selector,
).to have_selected_value(admin.groups.first.id)
expect(config_area.your_organization_section.company_name_input.value).to eq(
"kitty company inc.",
)
expect(config_area.your_organization_section.governing_law_input.value).to eq(
"kitty jurisdiction",
)
expect(config_area.your_organization_section.city_for_disputes_input.value).to eq(
"no disputes allowed",
)
end
end
describe "the general settings card" do
it "can saves its fields to their corresponding site settings" do
config_area.visit
image_file = file_from_fixtures("logo.png", "images")
config_area.general_settings_section.community_name_input.fill_in("my community name")
config_area.general_settings_section.community_summary_input.fill_in(
"here's a bit of a summary",
)
config_area.general_settings_section.community_description_editor.fill_in(
"here's an extended description for the **community**",
)
config_area.general_settings_section.community_title_input.fill_in(
"here's a title for my site",
)
config_area.general_settings_section.banner_image_uploader.select_image(image_file.path)
expect(config_area.general_settings_section.banner_image_uploader).to have_uploaded_image
config_area.general_settings_section.submit
expect(config_area.general_settings_section).to have_saved_successfully
expect(SiteSetting.title).to eq("my community name")
expect(SiteSetting.site_description).to eq("here's a bit of a summary")
expect(SiteSetting.extended_site_description).to eq(
"here's an extended description for the **community**",
)
expect(SiteSetting.extended_site_description_cooked).to eq(
"<p>heres an extended description for the <strong>community</strong></p>",
)
expect(SiteSetting.short_site_description).to eq("here's a title for my site")
expect(SiteSetting.about_banner_image.sha1).to eq(Upload.generate_digest(image_file))
end
describe "the banner image field" do
it "can remove the uploaded image" do
SiteSetting.about_banner_image = image_upload
config_area.visit
config_area.general_settings_section.banner_image_uploader.remove_image
config_area.general_settings_section.submit
expect(config_area.general_settings_section).to have_saved_successfully
expect(SiteSetting.about_banner_image).to eq(nil)
end
it "can upload an image using keyboard nav" do
config_area.visit
image_file = file_from_fixtures("logo.png", "images")
config_area.general_settings_section.banner_image_uploader.select_image_with_keyboard(
image_file.path,
)
expect(config_area.general_settings_section.banner_image_uploader).to have_uploaded_image
end
it "can remove the uploaded image using keyboard nav" do
SiteSetting.about_banner_image = image_upload
config_area.visit
config_area.general_settings_section.banner_image_uploader.remove_image_with_keyboard
config_area.general_settings_section.submit
expect(config_area.general_settings_section).to have_saved_successfully
expect(SiteSetting.about_banner_image).to eq(nil)
end
context "when login_required is true" do
before { SiteSetting.login_required = true }
it "doesn't mark the banner image upload as secure" do
setup_or_skip_s3_system_test(enable_secure_uploads: true)
config_area.visit
image_file = file_from_fixtures("logo.png", "images")
config_area.general_settings_section.banner_image_uploader.select_image(image_file.path)
expect(config_area.general_settings_section.banner_image_uploader).to have_uploaded_image
config_area.general_settings_section.submit
expect(config_area.general_settings_section).to have_saved_successfully
expect(SiteSetting.about_banner_image.secure).to eq(false)
end
end
end
end
describe "the contact information card" do
it "can saves its fields to their corresponding site settings" do
config_area.visit
config_area.contact_information_section.community_owner_input.fill_in("awesome owner")
config_area.contact_information_section.contact_email_input.fill_in("owneremail@owner.com")
config_area.contact_information_section.contact_url_input.fill_in(
"https://website.owner.com/blah",
)
user_select_kit = config_area.contact_information_section.site_contact_user_selector
user_select_kit.expand
user_select_kit.search(admin.username)
user_select_kit.select_row_by_value(admin.username)
user_select_kit.collapse
group_select_kit = config_area.contact_information_section.site_contact_group_selector
group = admin.groups.first
group_select_kit.expand
group_select_kit.search(group.name)
group_select_kit.select_row_by_value(group.id)
group_select_kit.collapse
config_area.contact_information_section.submit
expect(config_area.contact_information_section).to have_saved_successfully
expect(SiteSetting.community_owner).to eq("awesome owner")
expect(SiteSetting.contact_email).to eq("owneremail@owner.com")
expect(SiteSetting.contact_url).to eq("https://website.owner.com/blah")
expect(SiteSetting.site_contact_username).to eq(admin.username)
expect(SiteSetting.site_contact_group_name).to eq(group.name)
end
end
describe "the your organization card" do
it "can saves its fields to their corresponding site settings" do
config_area.visit
config_area.your_organization_section.company_name_input.fill_in("lil' company")
config_area.your_organization_section.governing_law_input.fill_in("wild west law")
config_area.your_organization_section.city_for_disputes_input.fill_in("teeb el shouq")
config_area.your_organization_section.submit
expect(config_area.your_organization_section).to have_saved_successfully
expect(SiteSetting.company_name).to eq("lil' company")
expect(SiteSetting.governing_law).to eq("wild west law")
expect(SiteSetting.city_for_disputes).to eq("teeb el shouq")
end
end
end