2015-10-11 17:41:23 +08:00
|
|
|
require 'rails_helper'
|
2013-04-03 07:17:17 +08:00
|
|
|
|
|
|
|
describe UploadsController do
|
|
|
|
|
2013-09-07 01:18:42 +08:00
|
|
|
context '.create' do
|
2013-04-03 07:17:17 +08:00
|
|
|
|
2013-09-07 01:18:42 +08:00
|
|
|
it 'requires you to be logged in' do
|
2018-01-12 11:15:10 +08:00
|
|
|
post :create, format: :json
|
|
|
|
expect(response.status).to eq(403)
|
2013-04-03 07:17:17 +08:00
|
|
|
end
|
|
|
|
|
2013-09-07 01:18:42 +08:00
|
|
|
context 'logged in' do
|
|
|
|
|
|
|
|
before { @user = log_in :user }
|
2013-04-03 07:17:17 +08:00
|
|
|
|
2013-06-15 15:54:49 +08:00
|
|
|
let(:logo) do
|
2017-08-31 12:06:56 +08:00
|
|
|
Rack::Test::UploadedFile.new(file_from_fixtures("logo.png"))
|
2013-04-03 07:17:17 +08:00
|
|
|
end
|
|
|
|
|
2015-12-21 23:08:14 +08:00
|
|
|
let(:fake_jpg) do
|
2017-08-31 12:06:56 +08:00
|
|
|
Rack::Test::UploadedFile.new(file_from_fixtures("fake.jpg"))
|
2015-12-21 23:08:14 +08:00
|
|
|
end
|
|
|
|
|
2013-06-15 15:54:49 +08:00
|
|
|
let(:text_file) do
|
2017-08-31 12:06:56 +08:00
|
|
|
Rack::Test::UploadedFile.new(File.new("#{Rails.root}/LICENSE.txt"))
|
2013-06-15 15:54:49 +08:00
|
|
|
end
|
2013-04-03 07:17:17 +08:00
|
|
|
|
2017-05-18 18:13:13 +08:00
|
|
|
it 'expects a type' do
|
2017-08-31 12:06:56 +08:00
|
|
|
expect do
|
|
|
|
post :create, params: { format: :json, file: logo }
|
|
|
|
end.to raise_error(ActionController::ParameterMissing)
|
2017-05-18 18:13:13 +08:00
|
|
|
end
|
2016-12-19 07:16:18 +08:00
|
|
|
|
2017-08-23 04:40:01 +08:00
|
|
|
it 'can look up long urls' do
|
|
|
|
upload = Fabricate(:upload)
|
2017-08-31 12:06:56 +08:00
|
|
|
post :lookup_urls, params: { short_urls: [upload.short_url], format: :json }
|
2017-08-23 04:40:01 +08:00
|
|
|
result = JSON.parse(response.body)
|
|
|
|
expect(result[0]["url"]).to eq(upload.url)
|
|
|
|
end
|
|
|
|
|
2015-05-20 07:39:58 +08:00
|
|
|
it 'is successful with an image' do
|
2017-05-11 06:16:57 +08:00
|
|
|
Jobs.expects(:enqueue).with(:create_avatar_thumbnails, anything)
|
2015-05-25 23:59:00 +08:00
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
post :create, params: { file: logo, type: "avatar", format: :json }
|
2013-07-24 06:54:18 +08:00
|
|
|
|
2015-05-20 07:39:58 +08:00
|
|
|
expect(response.status).to eq 200
|
2017-11-27 09:43:18 +08:00
|
|
|
expect(JSON.parse(response.body)["id"]).to be
|
2015-05-20 07:39:58 +08:00
|
|
|
end
|
2014-04-30 01:12:35 +08:00
|
|
|
|
2015-05-20 07:39:58 +08:00
|
|
|
it 'is successful with an attachment' do
|
2017-06-13 04:41:29 +08:00
|
|
|
SiteSetting.authorized_extensions = "*"
|
2015-05-25 23:59:00 +08:00
|
|
|
|
|
|
|
Jobs.expects(:enqueue).never
|
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
post :create, params: { file: text_file, type: "composer", format: :json }
|
2014-04-30 01:12:35 +08:00
|
|
|
|
2015-05-20 07:39:58 +08:00
|
|
|
expect(response.status).to eq 200
|
2017-11-27 09:43:18 +08:00
|
|
|
id = JSON.parse(response.body)["id"]
|
|
|
|
expect(id).to be
|
2015-06-21 19:52:52 +08:00
|
|
|
end
|
|
|
|
|
2018-02-24 19:35:57 +08:00
|
|
|
it 'is successful with api' do
|
2017-04-15 12:11:02 +08:00
|
|
|
SiteSetting.authorized_extensions = "*"
|
2015-06-21 19:52:52 +08:00
|
|
|
controller.stubs(:is_api?).returns(true)
|
|
|
|
|
2018-02-24 19:35:57 +08:00
|
|
|
FinalDestination.stubs(:lookup_ip).returns("1.2.3.4")
|
|
|
|
|
2017-05-11 06:16:57 +08:00
|
|
|
Jobs.expects(:enqueue).with(:create_avatar_thumbnails, anything)
|
2017-05-26 15:19:09 +08:00
|
|
|
|
2018-02-24 19:35:57 +08:00
|
|
|
url = "http://example.com/image.png"
|
|
|
|
png = File.read(Rails.root + "spec/fixtures/images/logo.png")
|
|
|
|
|
|
|
|
stub_request(:get, url).to_return(status: 200, body: png)
|
2015-06-21 19:52:52 +08:00
|
|
|
|
2018-02-24 19:35:57 +08:00
|
|
|
post :create, params: { url: url, type: "avatar", format: :json }
|
2015-06-21 19:52:52 +08:00
|
|
|
|
|
|
|
json = ::JSON.parse(response.body)
|
|
|
|
|
|
|
|
expect(response.status).to eq 200
|
|
|
|
expect(json["id"]).to be
|
2017-08-23 04:40:01 +08:00
|
|
|
expect(json["short_url"]).to eq("upload://qUm0DGR49PAZshIi7HxMd3cAlzn.png")
|
2015-05-20 07:39:58 +08:00
|
|
|
end
|
2014-04-30 01:12:35 +08:00
|
|
|
|
2015-05-20 07:39:58 +08:00
|
|
|
it 'correctly sets retain_hours for admins' do
|
|
|
|
log_in :admin
|
2017-05-11 06:16:57 +08:00
|
|
|
Jobs.expects(:enqueue).with(:create_avatar_thumbnails, anything).never
|
2014-04-30 01:12:35 +08:00
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
post :create, params: {
|
|
|
|
file: logo,
|
|
|
|
retain_hours: 100,
|
|
|
|
type: "profile_background",
|
|
|
|
format: :json
|
|
|
|
}
|
2014-04-30 01:12:35 +08:00
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
id = JSON.parse(response.body)["id"]
|
2015-05-20 07:39:58 +08:00
|
|
|
expect(Upload.find(id).retain_hours).to eq(100)
|
2013-06-15 15:54:49 +08:00
|
|
|
end
|
2013-04-03 07:17:17 +08:00
|
|
|
|
2015-08-18 17:39:51 +08:00
|
|
|
it 'requires a file' do
|
|
|
|
Jobs.expects(:enqueue).never
|
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
post :create, params: { type: "composer", format: :json }
|
2015-08-18 17:39:51 +08:00
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
message = JSON.parse(response.body)
|
|
|
|
expect(response.status).to eq 422
|
|
|
|
expect(message["errors"]).to contain_exactly(I18n.t("upload.file_missing"))
|
2015-08-18 17:39:51 +08:00
|
|
|
end
|
|
|
|
|
2015-05-20 07:39:58 +08:00
|
|
|
it 'properly returns errors' do
|
2017-06-13 04:41:29 +08:00
|
|
|
SiteSetting.max_attachment_size_kb = 1
|
2013-04-03 07:17:17 +08:00
|
|
|
|
2015-05-25 23:59:00 +08:00
|
|
|
Jobs.expects(:enqueue).never
|
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
post :create, params: { file: text_file, type: "avatar", format: :json }
|
2013-04-03 07:17:17 +08:00
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
expect(response.status).to eq 422
|
|
|
|
errors = JSON.parse(response.body)["errors"]
|
|
|
|
expect(errors).to be
|
2013-04-03 07:17:17 +08:00
|
|
|
end
|
|
|
|
|
2015-11-12 17:26:45 +08:00
|
|
|
it 'ensures allow_uploaded_avatars is enabled when uploading an avatar' do
|
2017-06-13 04:41:29 +08:00
|
|
|
SiteSetting.allow_uploaded_avatars = false
|
2017-08-31 12:06:56 +08:00
|
|
|
post :create, params: { file: logo, type: "avatar", format: :json }
|
2015-11-12 17:26:45 +08:00
|
|
|
expect(response).to_not be_success
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'ensures sso_overrides_avatar is not enabled when uploading an avatar' do
|
2017-06-13 04:41:29 +08:00
|
|
|
SiteSetting.sso_overrides_avatar = true
|
2017-08-31 12:06:56 +08:00
|
|
|
post :create, params: { file: logo, type: "avatar", format: :json }
|
2015-11-12 17:26:45 +08:00
|
|
|
expect(response).to_not be_success
|
|
|
|
end
|
|
|
|
|
2017-06-13 04:41:29 +08:00
|
|
|
it 'allows staff to upload any file in PM' do
|
|
|
|
SiteSetting.authorized_extensions = "jpg"
|
|
|
|
SiteSetting.allow_staff_to_upload_any_file_in_pm = true
|
|
|
|
@user.update_columns(moderator: true)
|
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
post :create, params: {
|
|
|
|
file: text_file,
|
|
|
|
type: "composer",
|
|
|
|
for_private_message: "true",
|
|
|
|
format: :json
|
|
|
|
}
|
2017-06-13 04:41:29 +08:00
|
|
|
|
|
|
|
expect(response).to be_success
|
2017-11-27 09:43:18 +08:00
|
|
|
id = JSON.parse(response.body)["id"]
|
|
|
|
expect(id).to be
|
2017-06-13 04:41:29 +08:00
|
|
|
end
|
|
|
|
|
2018-02-19 17:44:24 +08:00
|
|
|
it 'respects `authorized_extensions_for_staff` setting when staff upload file' do
|
|
|
|
SiteSetting.authorized_extensions = ""
|
|
|
|
SiteSetting.authorized_extensions_for_staff = "*"
|
|
|
|
@user.update_columns(moderator: true)
|
|
|
|
|
|
|
|
post :create, params: {
|
|
|
|
file: text_file,
|
|
|
|
type: "composer",
|
|
|
|
format: :json
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response).to be_success
|
|
|
|
data = JSON.parse(response.body)
|
|
|
|
expect(data["id"]).to be
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'ignores `authorized_extensions_for_staff` setting when non-staff upload file' do
|
|
|
|
SiteSetting.authorized_extensions = ""
|
|
|
|
SiteSetting.authorized_extensions_for_staff = "*"
|
|
|
|
|
|
|
|
post :create, params: {
|
|
|
|
file: text_file,
|
|
|
|
type: "composer",
|
|
|
|
format: :json
|
|
|
|
}
|
|
|
|
|
|
|
|
data = JSON.parse(response.body)
|
|
|
|
expect(data["errors"].first).to eq(I18n.t("upload.unauthorized", authorized_extensions: ''))
|
|
|
|
end
|
|
|
|
|
2015-12-21 23:08:14 +08:00
|
|
|
it 'returns an error when it could not determine the dimensions of an image' do
|
2017-05-11 06:16:57 +08:00
|
|
|
Jobs.expects(:enqueue).with(:create_avatar_thumbnails, anything).never
|
2015-12-21 23:08:14 +08:00
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
post :create, params: { file: fake_jpg, type: "composer", format: :json }
|
2015-12-21 23:08:14 +08:00
|
|
|
|
2017-11-27 09:43:18 +08:00
|
|
|
expect(response.status).to eq 422
|
|
|
|
message = JSON.parse(response.body)["errors"]
|
|
|
|
expect(message).to contain_exactly(I18n.t("upload.images.size_not_found"))
|
2015-12-21 23:08:14 +08:00
|
|
|
end
|
|
|
|
|
2013-04-03 07:17:17 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2013-09-07 01:18:42 +08:00
|
|
|
context '.show' do
|
|
|
|
|
2015-05-19 18:31:12 +08:00
|
|
|
let(:site) { "default" }
|
|
|
|
let(:sha) { Digest::SHA1.hexdigest("discourse") }
|
|
|
|
|
2013-09-07 01:18:42 +08:00
|
|
|
it "returns 404 when using external storage" do
|
|
|
|
store = stub(internal?: false)
|
|
|
|
Discourse.stubs(:store).returns(store)
|
2014-05-06 21:41:59 +08:00
|
|
|
Upload.expects(:find_by).never
|
2015-05-19 18:31:12 +08:00
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
get :show, params: { site: site, sha: sha, extension: "pdf" }
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response.response_code).to eq(404)
|
2013-09-07 01:18:42 +08:00
|
|
|
end
|
|
|
|
|
2016-12-20 02:39:04 +08:00
|
|
|
it "returns 404 when the upload doesn't exist" do
|
2015-05-20 21:32:31 +08:00
|
|
|
Upload.stubs(:find_by).returns(nil)
|
2014-09-23 13:50:26 +08:00
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
get :show, params: { site: site, sha: sha, extension: "pdf" }
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response.response_code).to eq(404)
|
2013-09-07 01:18:42 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'uses send_file' do
|
2014-04-15 04:55:57 +08:00
|
|
|
upload = build(:upload)
|
2015-05-19 18:31:12 +08:00
|
|
|
Upload.expects(:find_by).with(sha1: sha).returns(upload)
|
2014-04-15 04:55:57 +08:00
|
|
|
|
2013-09-07 01:18:42 +08:00
|
|
|
controller.stubs(:render)
|
|
|
|
controller.expects(:send_file)
|
2014-04-15 04:55:57 +08:00
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
get :show, params: { site: site, sha: sha, extension: "zip" }
|
2013-09-07 01:18:42 +08:00
|
|
|
end
|
|
|
|
|
2016-12-20 02:39:04 +08:00
|
|
|
it "handles file without extension" do
|
|
|
|
SiteSetting.authorized_extensions = "*"
|
2017-05-24 01:31:20 +08:00
|
|
|
Fabricate(:upload, original_filename: "image_file", sha1: sha)
|
2016-12-20 02:39:04 +08:00
|
|
|
controller.stubs(:render)
|
|
|
|
controller.expects(:send_file)
|
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
get :show, params: { site: site, sha: sha, format: :json }
|
2016-12-20 02:39:04 +08:00
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
|
2014-09-10 00:40:11 +08:00
|
|
|
context "prevent anons from downloading files" do
|
|
|
|
|
2017-06-13 04:41:29 +08:00
|
|
|
before { SiteSetting.prevent_anons_from_downloading_files = true }
|
2014-09-10 00:40:11 +08:00
|
|
|
|
|
|
|
it "returns 404 when an anonymous user tries to download a file" do
|
|
|
|
Upload.expects(:find_by).never
|
2015-05-19 18:31:12 +08:00
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
get :show, params: { site: site, sha: sha, extension: "pdf", format: :json }
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response.response_code).to eq(404)
|
2014-09-10 00:40:11 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2013-09-07 01:18:42 +08:00
|
|
|
end
|
|
|
|
|
2013-04-03 07:17:17 +08:00
|
|
|
end
|