2020-02-17 12:21:43 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
RSpec.describe "tasks/uploads" do
|
|
|
|
before do
|
|
|
|
Rake::Task.clear
|
|
|
|
Discourse::Application.load_tasks
|
2020-03-03 07:03:58 +08:00
|
|
|
SiteSetting.authorized_extensions += "|pdf"
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
|
|
|
|
2020-03-03 07:03:58 +08:00
|
|
|
describe "uploads:secure_upload_analyse_and_update" do
|
2020-02-17 12:21:43 +08:00
|
|
|
let!(:uploads) do
|
|
|
|
[
|
|
|
|
multi_post_upload1,
|
|
|
|
upload1,
|
2020-03-26 05:16:02 +08:00
|
|
|
upload2,
|
|
|
|
upload3
|
2020-02-17 12:21:43 +08:00
|
|
|
]
|
|
|
|
end
|
|
|
|
let(:multi_post_upload1) { Fabricate(:upload_s3) }
|
|
|
|
let(:upload1) { Fabricate(:upload_s3) }
|
|
|
|
let(:upload2) { Fabricate(:upload_s3) }
|
2020-03-26 05:16:02 +08:00
|
|
|
let(:upload3) { Fabricate(:upload_s3, original_filename: 'test.pdf', extension: 'pdf') }
|
2020-02-17 12:21:43 +08:00
|
|
|
|
|
|
|
let!(:post1) { Fabricate(:post) }
|
|
|
|
let!(:post2) { Fabricate(:post) }
|
|
|
|
let!(:post3) { Fabricate(:post) }
|
|
|
|
|
|
|
|
before do
|
2022-06-09 07:24:30 +08:00
|
|
|
UploadReference.create(target: post1, upload: multi_post_upload1)
|
|
|
|
UploadReference.create(target: post2, upload: multi_post_upload1)
|
|
|
|
UploadReference.create(target: post2, upload: upload1)
|
|
|
|
UploadReference.create(target: post3, upload: upload2)
|
|
|
|
UploadReference.create(target: post3, upload: upload3)
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def invoke_task
|
2020-02-20 12:47:47 +08:00
|
|
|
capture_stdout do
|
2020-03-03 07:03:58 +08:00
|
|
|
Rake::Task['uploads:secure_upload_analyse_and_update'].invoke
|
2020-02-20 12:47:47 +08:00
|
|
|
end
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
context "when the store is internal" do
|
|
|
|
it "does nothing; this is for external store only" do
|
|
|
|
Upload.expects(:transaction).never
|
2020-03-20 23:18:34 +08:00
|
|
|
expect { invoke_task }.to raise_error(SystemExit)
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when store is external" do
|
|
|
|
before do
|
2020-09-14 19:32:25 +08:00
|
|
|
setup_s3
|
|
|
|
uploads.each { |upload| stub_upload(upload) }
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
context "when secure media is enabled" do
|
|
|
|
before do
|
|
|
|
SiteSetting.secure_media = true
|
|
|
|
end
|
|
|
|
|
|
|
|
it "sets an access_control_post for each post upload, using the first linked post in the case of multiple links" do
|
|
|
|
invoke_task
|
|
|
|
expect(multi_post_upload1.reload.access_control_post).to eq(post1)
|
|
|
|
expect(upload1.reload.access_control_post).to eq(post2)
|
|
|
|
expect(upload2.reload.access_control_post).to eq(post3)
|
2020-03-03 07:03:58 +08:00
|
|
|
expect(upload3.reload.access_control_post).to eq(post3)
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
|
|
|
|
2022-05-23 11:14:11 +08:00
|
|
|
it "sets everything attached to a post as secure and rebakes all those posts if login is required" do
|
|
|
|
SiteSetting.login_required = true
|
|
|
|
freeze_time
|
|
|
|
|
|
|
|
post1.update_columns(baked_at: 1.week.ago)
|
|
|
|
post2.update_columns(baked_at: 1.week.ago)
|
|
|
|
post3.update_columns(baked_at: 1.week.ago)
|
|
|
|
|
|
|
|
invoke_task
|
|
|
|
|
|
|
|
expect(post1.reload.baked_at).not_to eq_time(1.week.ago)
|
|
|
|
expect(post2.reload.baked_at).not_to eq_time(1.week.ago)
|
|
|
|
expect(post3.reload.baked_at).not_to eq_time(1.week.ago)
|
|
|
|
expect(upload2.reload.secure).to eq(true)
|
|
|
|
expect(upload1.reload.secure).to eq(true)
|
|
|
|
expect(upload3.reload.secure).to eq(true)
|
|
|
|
end
|
|
|
|
|
2020-03-26 05:16:02 +08:00
|
|
|
it "sets the uploads that are media and attachments in the read restricted topic category to secure" do
|
2020-02-17 12:21:43 +08:00
|
|
|
post3.topic.update(category: Fabricate(:private_category, group: Fabricate(:group)))
|
|
|
|
invoke_task
|
|
|
|
expect(upload2.reload.secure).to eq(true)
|
|
|
|
expect(upload1.reload.secure).to eq(false)
|
2020-03-26 05:16:02 +08:00
|
|
|
expect(upload3.reload.secure).to eq(true)
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "sets the upload in the PM topic to secure" do
|
|
|
|
post3.topic.update(archetype: 'private_message', category: nil)
|
|
|
|
invoke_task
|
|
|
|
expect(upload2.reload.secure).to eq(true)
|
|
|
|
expect(upload1.reload.secure).to eq(false)
|
|
|
|
end
|
|
|
|
|
2020-03-26 11:31:39 +08:00
|
|
|
it "rebakes the posts attached for uploads that change secure status" do
|
|
|
|
post3.topic.update(category: Fabricate(:private_category, group: Fabricate(:group)))
|
|
|
|
freeze_time
|
|
|
|
|
|
|
|
post1.update_columns(baked_at: 1.week.ago)
|
|
|
|
post2.update_columns(baked_at: 1.week.ago)
|
|
|
|
post3.update_columns(baked_at: 1.week.ago)
|
2020-02-17 12:21:43 +08:00
|
|
|
|
|
|
|
invoke_task
|
|
|
|
|
2020-03-26 11:31:39 +08:00
|
|
|
expect(post1.reload.baked_at).to eq_time(1.week.ago)
|
|
|
|
expect(post2.reload.baked_at).to eq_time(1.week.ago)
|
|
|
|
expect(post3.reload.baked_at).not_to eq_time(1.week.ago)
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
2020-03-03 07:03:58 +08:00
|
|
|
|
|
|
|
context "for an upload that is already secure and does not need to change" do
|
|
|
|
before do
|
|
|
|
post3.topic.update(archetype: 'private_message', category: nil)
|
|
|
|
upload2.update(access_control_post: post3)
|
|
|
|
upload2.update_secure_status
|
2020-03-26 11:31:39 +08:00
|
|
|
upload3.update(access_control_post: post3)
|
|
|
|
upload3.update_secure_status
|
2020-03-03 07:03:58 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "does not rebake the associated post" do
|
2020-03-26 11:31:39 +08:00
|
|
|
freeze_time
|
|
|
|
|
|
|
|
post3.update_columns(baked_at: 1.week.ago)
|
2020-03-03 07:03:58 +08:00
|
|
|
invoke_task
|
2020-03-26 11:31:39 +08:00
|
|
|
|
|
|
|
expect(post3.reload.baked_at).to eq_time(1.week.ago)
|
2020-03-03 07:03:58 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "does not attempt to update the acl" do
|
|
|
|
Discourse.store.expects(:update_upload_ACL).with(upload2).never
|
|
|
|
invoke_task
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "for an upload that is already secure and is changing to not secure" do
|
|
|
|
it "changes the upload to not secure and updates the ACL" do
|
|
|
|
upload_to_mark_not_secure = Fabricate(:upload_s3, secure: true)
|
|
|
|
post_for_upload = Fabricate(:post)
|
2022-06-09 07:24:30 +08:00
|
|
|
UploadReference.create(target: post_for_upload, upload: upload_to_mark_not_secure)
|
2020-09-14 19:32:25 +08:00
|
|
|
|
|
|
|
setup_s3
|
|
|
|
uploads.each { |upload| stub_upload(upload) }
|
|
|
|
stub_upload(upload_to_mark_not_secure)
|
|
|
|
|
2020-03-03 07:03:58 +08:00
|
|
|
invoke_task
|
|
|
|
expect(upload_to_mark_not_secure.reload.secure).to eq(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "uploads:disable_secure_media" do
|
|
|
|
def invoke_task
|
|
|
|
capture_stdout do
|
|
|
|
Rake::Task['uploads:disable_secure_media'].invoke
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
2020-09-14 19:32:25 +08:00
|
|
|
setup_s3
|
|
|
|
uploads.each { |upload| stub_upload(upload) }
|
|
|
|
|
2020-03-03 07:03:58 +08:00
|
|
|
SiteSetting.secure_media = true
|
2022-06-09 07:24:30 +08:00
|
|
|
UploadReference.create(target: post1, upload: upload1)
|
|
|
|
UploadReference.create(target: post1, upload: upload2)
|
|
|
|
UploadReference.create(target: post2, upload: upload3)
|
|
|
|
UploadReference.create(target: post2, upload: upload4)
|
2020-03-03 07:03:58 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
let!(:uploads) do
|
|
|
|
[
|
|
|
|
upload1, upload2, upload3, upload4, upload5
|
|
|
|
]
|
|
|
|
end
|
|
|
|
let(:post1) { Fabricate(:post) }
|
|
|
|
let(:post2) { Fabricate(:post) }
|
|
|
|
let(:upload1) { Fabricate(:upload_s3, secure: true, access_control_post: post1) }
|
|
|
|
let(:upload2) { Fabricate(:upload_s3, secure: true, access_control_post: post1) }
|
|
|
|
let(:upload3) { Fabricate(:upload_s3, secure: true, access_control_post: post2) }
|
|
|
|
let(:upload4) { Fabricate(:upload_s3, secure: true, access_control_post: post2) }
|
|
|
|
let(:upload5) { Fabricate(:upload_s3, secure: false) }
|
|
|
|
|
|
|
|
it "disables the secure media setting" do
|
|
|
|
invoke_task
|
|
|
|
expect(SiteSetting.secure_media).to eq(false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "updates all secure uploads to secure: false" do
|
|
|
|
invoke_task
|
|
|
|
[upload1, upload2, upload3, upload4].each do |upl|
|
|
|
|
expect(upl.reload.secure).to eq(false)
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
|
|
|
end
|
2020-03-03 07:03:58 +08:00
|
|
|
|
|
|
|
it "rebakes the associated posts" do
|
2020-03-26 11:31:39 +08:00
|
|
|
freeze_time
|
|
|
|
|
|
|
|
post1.update_columns(baked_at: 1.week.ago)
|
|
|
|
post2.update_columns(baked_at: 1.week.ago)
|
2020-03-03 07:03:58 +08:00
|
|
|
invoke_task
|
2020-03-26 11:31:39 +08:00
|
|
|
|
|
|
|
expect(post1.reload.baked_at).not_to eq_time(1.week.ago)
|
|
|
|
expect(post2.reload.baked_at).not_to eq_time(1.week.ago)
|
2020-03-03 07:03:58 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "updates the affected ACLs" do
|
2022-05-23 11:14:11 +08:00
|
|
|
expect_enqueued_with(
|
|
|
|
job: :sync_acls_for_uploads,
|
|
|
|
args: { upload_ids: [upload1.id, upload2.id, upload3.id, upload4.id] },
|
|
|
|
) do
|
|
|
|
invoke_task
|
|
|
|
end
|
2020-03-03 07:03:58 +08:00
|
|
|
end
|
2020-02-17 12:21:43 +08:00
|
|
|
end
|
|
|
|
end
|