github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 23:54:16 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
8371c96b7e
discourse/spec/lib/upload_creator_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

677 lines
22 KiB
Ruby
Raw Normal View History

DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction
2019-04-30 08:27:42 +08:00
# frozen_string_literal: true
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
require 'rails_helper'
FEATURE: Add S3 etag value to uploads table (#6795)
2019-01-04 14:16:22 +08:00
require 'file_store/s3_store'
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
RSpec.describe UploadCreator do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-07 11:12:20 +08:00
fab!(:user) { Fabricate(:user) }
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
describe '#create_for' do
describe 'when upload is not an image' do
before do
FIX: Be able to handle long file extensions (#12375) * FIX: Be able to handle long file extensions Some applications have really long file extensions, but if we truncate them weird behavior ensues. This commit changes the file extension size from 10 characters to 255 characters instead. See: https://meta.discourse.org/t/182824 * Keep truncation at 10, but allow uppercase and dashes
2021-03-18 02:01:29 +08:00
SiteSetting.authorized_extensions = 'txt|long-FileExtension'
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end
let(:filename) { "utf-8.txt" }
let(:file) { file_from_fixtures(filename, "encodings") }
it 'should store the upload with the right extension' do
expect do
FIX: only allow printable characters in uploads filename
2018-08-22 00:11:01 +08:00
UploadCreator.new(file, "utf-8\n.txt").create_for(user.id)
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end.to change { Upload.count }.by(1)
upload = Upload.last
expect(upload.extension).to eq('txt')
expect(File.extname(upload.url)).to eq('.txt')
expect(upload.original_filename).to eq('utf-8.txt')
SECURITY: only allow picking of avatars created by self (#6417) * SECURITY: only allow picking of avatars created by self Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-20 13:33:10 +08:00
expect(user.user_uploads.count).to eq(1)
expect(upload.user_uploads.count).to eq(1)
user2 = Fabricate(:user)
expect do
UploadCreator.new(file, "utf-8\n.txt").create_for(user2.id)
end.to change { Upload.count }.by(0)
expect(user.user_uploads.count).to eq(1)
expect(user2.user_uploads.count).to eq(1)
expect(upload.user_uploads.count).to eq(2)
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end
FIX: Be able to handle long file extensions (#12375) * FIX: Be able to handle long file extensions Some applications have really long file extensions, but if we truncate them weird behavior ensues. This commit changes the file extension size from 10 characters to 255 characters instead. See: https://meta.discourse.org/t/182824 * Keep truncation at 10, but allow uppercase and dashes
2021-03-18 02:01:29 +08:00
let(:longextension) { "fake.long-FileExtension" }
let(:file2) { file_from_fixtures(longextension) }
it 'should truncate long extension names' do
expect do
UploadCreator.new(file2, "fake.long-FileExtension").create_for(user.id)
end.to change { Upload.count }.by(1)
upload = Upload.last
expect(upload.extension).to eq('long-FileE')
end
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end
FEATURE: Upload Site Settings. (#6573)
2018-11-14 15:03:02 +08:00
describe 'when image is not authorized' do
describe 'when image is for site setting' do
let(:filename) { 'logo.png' }
let(:file) { file_from_fixtures(filename) }
before do
SiteSetting.authorized_extensions = 'jpg'
end
it 'should create the right upload' do
upload = UploadCreator.new(file, filename,
for_site_setting: true
).create_for(Discourse.system_user.id)
expect(upload.persisted?).to eq(true)
expect(upload.original_filename).to eq(filename)
end
end
end
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
describe 'when image has the wrong extension' do
FIX: always test and coerce to image on upload In the past the filename of the origin was used as the source for the extension of the file when optimizing on upload. We now use the actual calculated extension based on upload data.
2018-08-20 10:18:49 +08:00
let(:filename) { "png_as.bin" }
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
let(:file) { file_from_fixtures(filename) }
it 'should store the upload with the right extension' do
expect do
Update `UploadCreator` specs to include cropping code path.
2018-08-17 15:22:12 +08:00
UploadCreator.new(file, filename,
force_optimize: true,
type: UploadCreator::TYPES_TO_CROP.first
).create_for(user.id)
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end.to change { Upload.count }.by(1)
upload = Upload.last
expect(upload.extension).to eq('png')
expect(File.extname(upload.url)).to eq('.png')
correct regression around file renaming
2018-08-20 14:08:05 +08:00
expect(upload.original_filename).to eq('png_as.png')
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end
Drop `tif`, `tiff`, `webp` and `bmp` from supported images. https://meta.discourse.org/t/cr2-raw-files-are-being-treated-as-tiff-files/96775/3?u=tgxworld
2018-09-10 10:49:01 +08:00
FIX: Consider webp a supported image format for upload (#9015) * Also fixes an issue where if webp was a downloaded hotlinked image and then secure + sent in an email, it was not being redacted because webp was not a supported media format in FileHelper * Webp originally removed as an image format in https://github.com/discourse/discourse/pull/6377 and there was a spec to make sure a .bin webp file did not get renamed from its type to webp. However we want to support webp images now to make sure they are properly redacted if secure media is on, so change the example in the spec to use tiff, another banned format, instead
2020-02-21 11:08:02 +08:00
describe 'for tiff format' do
Drop `tif`, `tiff`, `webp` and `bmp` from supported images. https://meta.discourse.org/t/cr2-raw-files-are-being-treated-as-tiff-files/96775/3?u=tgxworld
2018-09-10 10:49:01 +08:00
before do
FIX: Consider webp a supported image format for upload (#9015) * Also fixes an issue where if webp was a downloaded hotlinked image and then secure + sent in an email, it was not being redacted because webp was not a supported media format in FileHelper * Webp originally removed as an image format in https://github.com/discourse/discourse/pull/6377 and there was a spec to make sure a .bin webp file did not get renamed from its type to webp. However we want to support webp images now to make sure they are properly redacted if secure media is on, so change the example in the spec to use tiff, another banned format, instead
2020-02-21 11:08:02 +08:00
SiteSetting.authorized_extensions = '.tiff|.bin'
Drop `tif`, `tiff`, `webp` and `bmp` from supported images. https://meta.discourse.org/t/cr2-raw-files-are-being-treated-as-tiff-files/96775/3?u=tgxworld
2018-09-10 10:49:01 +08:00
end
FIX: Consider webp a supported image format for upload (#9015) * Also fixes an issue where if webp was a downloaded hotlinked image and then secure + sent in an email, it was not being redacted because webp was not a supported media format in FileHelper * Webp originally removed as an image format in https://github.com/discourse/discourse/pull/6377 and there was a spec to make sure a .bin webp file did not get renamed from its type to webp. However we want to support webp images now to make sure they are properly redacted if secure media is on, so change the example in the spec to use tiff, another banned format, instead
2020-02-21 11:08:02 +08:00
let(:filename) { "tiff_as.bin" }
Drop `tif`, `tiff`, `webp` and `bmp` from supported images. https://meta.discourse.org/t/cr2-raw-files-are-being-treated-as-tiff-files/96775/3?u=tgxworld
2018-09-10 10:49:01 +08:00
let(:file) { file_from_fixtures(filename) }
it 'should not correct the coerce filename' do
expect do
UploadCreator.new(file, filename).create_for(user.id)
end.to change { Upload.count }.by(1)
upload = Upload.last
expect(upload.extension).to eq('bin')
expect(File.extname(upload.url)).to eq('.bin')
FIX: Consider webp a supported image format for upload (#9015) * Also fixes an issue where if webp was a downloaded hotlinked image and then secure + sent in an email, it was not being redacted because webp was not a supported media format in FileHelper * Webp originally removed as an image format in https://github.com/discourse/discourse/pull/6377 and there was a spec to make sure a .bin webp file did not get renamed from its type to webp. However we want to support webp images now to make sure they are properly redacted if secure media is on, so change the example in the spec to use tiff, another banned format, instead
2020-02-21 11:08:02 +08:00
expect(upload.original_filename).to eq('tiff_as.bin')
Drop `tif`, `tiff`, `webp` and `bmp` from supported images. https://meta.discourse.org/t/cr2-raw-files-are-being-treated-as-tiff-files/96775/3?u=tgxworld
2018-09-10 10:49:01 +08:00
end
end
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end
FEATURE: Humanize file size error messages (#14398) The file size error messages for max_image_size_kb and max_attachment_size_kb are shown to the user in the KB format, regardless of how large the limit is. Since we are going to support uploading much larger files soon, this KB-based limit soon becomes unfriendly to the end user. For example, if the max attachment size is set to 512000 KB, this is what the user sees: > Sorry, the file you are trying to upload is too big (maximum size is 512000KB) This makes the user do math. In almost all file explorers that a regular user would be familiar width, the file size is shown in a format based on the maximum increment (e.g. KB, MB, GB). This commit changes the behaviour to output a humanized file size instead of the raw KB. For the above example, it would now say: > Sorry, the file you are trying to upload is too big (maximum size is 512 MB) This humanization also handles decimals, e.g. 1536KB = 1.5 MB
2021-09-22 05:59:45 +08:00
context "when image is too big" do
let(:filename) { 'logo.png' }
let(:file) { file_from_fixtures(filename) }
it "adds an error to the upload" do
SiteSetting.max_image_size_kb = 1
upload = UploadCreator.new(
file, filename, force_optimize: true
).create_for(Discourse.system_user.id)
expect(upload.errors.full_messages.first).to eq(
"#{I18n.t("upload.images.too_large_humanized", max_size: "1 KB")}"
)
end
end
FEATURE: introduce lossy color optimization on resized pngs This feature ensures optimized images run via pngquant, this results extreme amounts of savings for resized images. Effectively the only impact is that the color palette on small resized images is reduced to 256. To ensure safety we only apply this optimisation to images smaller than 500k. This commit also makes a bunch of image specs less fragile.
2019-01-02 14:19:52 +08:00
describe 'pngquant' do
let(:filename) { "pngquant.png" }
let(:file) { file_from_fixtures(filename) }
it 'should apply pngquant to optimized images' do
upload = UploadCreator.new(file, filename,
pasted: true,
force_optimize: true
).create_for(user.id)
# no optimisation possible without losing details
expect(upload.filesize).to eq(9558)
thumbnail_size = upload.get_optimized_image(upload.width, upload.height, {}).filesize
# pngquant will lose some colors causing some extra size reduction
expect(thumbnail_size).to be < 7500
end
end
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
describe 'converting to jpeg' do
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-24 00:38:28 +08:00
def image_quality(path)
local_path = File.join(Rails.root, 'public', path)
Discourse::Utils.execute_command("identify", "-format", "%Q", local_path).to_i
end
FEATURE: do not switch to JPEG unless you meet 75k byte savings This also adjusts the algorithm to expect - 30% saving for JPEG conversion AND - Minimum of 75K bytes saved The reasoning for increase of saving requirements is cause PNG may have been uploaded unoptimized, 30% saving on PNG is very possible
2018-11-21 08:00:52 +08:00
let(:filename) { "should_be_jpeg.png" }
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
let(:file) { file_from_fixtures(filename) }
FEATURE: do not switch to JPEG unless you meet 75k byte savings This also adjusts the algorithm to expect - 30% saving for JPEG conversion AND - Minimum of 75K bytes saved The reasoning for increase of saving requirements is cause PNG may have been uploaded unoptimized, 30% saving on PNG is very possible
2018-11-21 08:00:52 +08:00
let(:small_filename) { "logo.png" }
let(:small_file) { file_from_fixtures(small_filename) }
FIX: should_alter_quality should respect png_to_jpg_quality (#12055) `convert_to_jpeg!` is only called if `convert_png_to_jpeg?` and/or `should_alter_quality?` is true. `convert_png_to_jpeg?` can be disabled by setting `SiteSetting.png_to_jpg_quality` to 100. However, `should_alter_quality?` could be true if `SiteSetting.recompress_original_jpg_quality` was lower than the quality of the uploaded file, regardless of file type. This commits changes `should_alter_quality?` so that uploaded png files will use the `SiteSetting.png_to_jpg_quality` value, rather than ``SiteSetting.recompress_original_jpg_quality` value.
2021-02-13 02:37:35 +08:00
let(:large_filename) { "large_and_unoptimized.png" }
let(:large_file) { file_from_fixtures(large_filename) }
FIX - don't attempt to optimized animated images (#11031) * FIX - don't attempt to optimized animated images * ensure_safe_paths before calling ImageMagick
2020-10-27 03:10:19 +08:00
let(:animated_filename) { "animated.gif" }
let(:animated_file) { file_from_fixtures(animated_filename) }
FIX: Use ImageMagick to detect animated images (#11702) This is a fallback when FastImage cannot be used (animated WEBP images).
2021-01-14 01:01:30 +08:00
let(:animated_webp_filename) { "animated.webp" }
let(:animated_webp_file) { file_from_fixtures(animated_webp_filename) }
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
before do
SiteSetting.png_to_jpg_quality = 1
end
FEATURE: do not switch to JPEG unless you meet 75k byte savings This also adjusts the algorithm to expect - 30% saving for JPEG conversion AND - Minimum of 75K bytes saved The reasoning for increase of saving requirements is cause PNG may have been uploaded unoptimized, 30% saving on PNG is very possible
2018-11-21 08:00:52 +08:00
it 'should not store file as jpeg if it does not meet absolute byte saving requirements' do
# logo.png is 2297 bytes, converting to jpeg saves 30% but does not meet
# the absolute savings required of 25_000 bytes, if you save less than that
# skip this
expect do
UploadCreator.new(small_file, small_filename,
pasted: true,
force_optimize: true
).create_for(user.id)
end.to change { Upload.count }.by(1)
upload = Upload.last
expect(upload.extension).to eq('png')
expect(File.extname(upload.url)).to eq('.png')
expect(upload.original_filename).to eq('logo.png')
end
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
it 'should store the upload with the right extension' do
expect do
UploadCreator.new(file, filename,
pasted: true,
force_optimize: true
).create_for(user.id)
end.to change { Upload.count }.by(1)
upload = Upload.last
FEATURE: Support converting HEIF images to JPEG (#10079)
2020-07-23 09:40:09 +08:00
expect(upload.extension).to eq('jpeg')
expect(File.extname(upload.url)).to eq('.jpeg')
expect(upload.original_filename).to eq('should_be_jpeg.jpg')
end
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-24 00:38:28 +08:00
FIX: do not convert format for site setting uploads (#12410)
2021-03-16 22:44:41 +08:00
it "should not convert to jpeg when the image is uploaded from site setting" do
upload = UploadCreator.new(large_file, large_filename, for_site_setting: true, force_optimize: true).create_for(user.id)
expect(upload.extension).to eq('png')
expect(File.extname(upload.url)).to eq('.png')
expect(upload.original_filename).to eq('large_and_unoptimized.png')
end
FIX - don't attempt to optimized animated images (#11031) * FIX - don't attempt to optimized animated images * ensure_safe_paths before calling ImageMagick
2020-10-27 03:10:19 +08:00
context "jpeg image quality settings" do
before do
SiteSetting.png_to_jpg_quality = 75
SiteSetting.recompress_original_jpg_quality = 40
SiteSetting.image_preview_jpg_quality = 10
end
it 'should alter the image quality' do
upload = UploadCreator.new(file, filename, force_optimize: true).create_for(user.id)
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-24 00:38:28 +08:00
FIX - don't attempt to optimized animated images (#11031) * FIX - don't attempt to optimized animated images * ensure_safe_paths before calling ImageMagick
2020-10-27 03:10:19 +08:00
expect(image_quality(upload.url)).to eq(SiteSetting.recompress_original_jpg_quality)
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-24 00:38:28 +08:00
FIX - don't attempt to optimized animated images (#11031) * FIX - don't attempt to optimized animated images * ensure_safe_paths before calling ImageMagick
2020-10-27 03:10:19 +08:00
upload.create_thumbnail!(100, 100)
upload.reload
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-24 00:38:28 +08:00
FIX - don't attempt to optimized animated images (#11031) * FIX - don't attempt to optimized animated images * ensure_safe_paths before calling ImageMagick
2020-10-27 03:10:19 +08:00
expect(image_quality(upload.optimized_images.first.url)).to eq(SiteSetting.image_preview_jpg_quality)
end
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-24 00:38:28 +08:00
FIX - don't attempt to optimized animated images (#11031) * FIX - don't attempt to optimized animated images * ensure_safe_paths before calling ImageMagick
2020-10-27 03:10:19 +08:00
it 'should not convert animated images' do
expect do
UploadCreator.new(animated_file, animated_filename,
force_optimize: true
).create_for(user.id)
end.to change { Upload.count }.by(1)
upload = Upload.last
expect(upload.extension).to eq('gif')
expect(File.extname(upload.url)).to eq('.gif')
expect(upload.original_filename).to eq('animated.gif')
end
FIX: Use ImageMagick to detect animated images (#11702) This is a fallback when FastImage cannot be used (animated WEBP images).
2021-01-14 01:01:30 +08:00
FIX: should_alter_quality should respect png_to_jpg_quality (#12055) `convert_to_jpeg!` is only called if `convert_png_to_jpeg?` and/or `should_alter_quality?` is true. `convert_png_to_jpeg?` can be disabled by setting `SiteSetting.png_to_jpg_quality` to 100. However, `should_alter_quality?` could be true if `SiteSetting.recompress_original_jpg_quality` was lower than the quality of the uploaded file, regardless of file type. This commits changes `should_alter_quality?` so that uploaded png files will use the `SiteSetting.png_to_jpg_quality` value, rather than ``SiteSetting.recompress_original_jpg_quality` value.
2021-02-13 02:37:35 +08:00
context "png image quality settings" do
before do
SiteSetting.png_to_jpg_quality = 100
SiteSetting.recompress_original_jpg_quality = 90
SiteSetting.image_preview_jpg_quality = 10
end
it "should not convert to jpeg when png_to_jpg_quality is 100" do
upload = UploadCreator.new(large_file, large_filename, force_optimize: true).create_for(user.id)
expect(upload.extension).to eq('png')
expect(File.extname(upload.url)).to eq('.png')
expect(upload.original_filename).to eq('large_and_unoptimized.png')
end
end
FIX: Use ImageMagick to detect animated images (#11702) This is a fallback when FastImage cannot be used (animated WEBP images).
2021-01-14 01:01:30 +08:00
it 'should not convert animated WEBP images' do
expect do
UploadCreator.new(animated_webp_file, animated_webp_filename,
force_optimize: true
).create_for(user.id)
end.to change { Upload.count }.by(1)
upload = Upload.last
expect(upload.extension).to eq('webp')
expect(File.extname(upload.url)).to eq('.webp')
expect(upload.original_filename).to eq('animated.webp')
end
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-24 00:38:28 +08:00
end
FEATURE: Support converting HEIF images to JPEG (#10079)
2020-07-23 09:40:09 +08:00
end
describe 'converting HEIF to jpeg' do
let(:filename) { "should_be_jpeg.heic" }
let(:file) { file_from_fixtures(filename, "images") }
it 'should store the upload with the right extension' do
expect do
UploadCreator.new(file, filename).create_for(user.id)
end.to change { Upload.count }.by(1)
upload = Upload.last
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
expect(upload.extension).to eq('jpeg')
expect(File.extname(upload.url)).to eq('.jpeg')
FEATURE: do not switch to JPEG unless you meet 75k byte savings This also adjusts the algorithm to expect - 30% saving for JPEG conversion AND - Minimum of 75K bytes saved The reasoning for increase of saving requirements is cause PNG may have been uploaded unoptimized, 30% saving on PNG is very possible
2018-11-21 08:00:52 +08:00
expect(upload.original_filename).to eq('should_be_jpeg.jpg')
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end
end
FEATURE: Add S3 etag value to uploads table (#6795)
2019-01-04 14:16:22 +08:00
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
describe 'secure attachments' do
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
let(:filename) { "small.pdf" }
let(:file) { file_from_fixtures(filename, "pdf") }
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-21 07:35:16 +08:00
let(:opts) { { type: "composer" } }
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 19:32:25 +08:00
setup_s3
stub_s3_store
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-21 07:35:16 +08:00
SiteSetting.secure_media = true
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
SiteSetting.authorized_extensions = 'pdf|svg|jpg'
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
it 'should mark attachments as secure' do
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-21 07:35:16 +08:00
upload = UploadCreator.new(file, filename, opts).create_for(user.id)
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
stored_upload = Upload.last
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
expect(stored_upload.secure?).to eq(true)
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
it 'should not mark theme uploads as secure' do
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
fname = "custom-theme-icon-sprite.svg"
upload = UploadCreator.new(file_from_fixtures(fname), fname, for_theme: true).create_for(-1)
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
expect(upload.secure?).to eq(false)
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
end
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
context 'uploading to s3' do
FEATURE: Add S3 etag value to uploads table (#6795)
2019-01-04 14:16:22 +08:00
let(:filename) { "should_be_jpeg.png" }
let(:file) { file_from_fixtures(filename) }
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
let(:pdf_filename) { "small.pdf" }
let(:pdf_file) { file_from_fixtures(pdf_filename, "pdf") }
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-21 07:35:16 +08:00
let(:opts) { { type: "composer" } }
FEATURE: Add S3 etag value to uploads table (#6795)
2019-01-04 14:16:22 +08:00
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 19:32:25 +08:00
setup_s3
stub_s3_store
FEATURE: Add S3 etag value to uploads table (#6795)
2019-01-04 14:16:22 +08:00
end
it 'should store the file and return etag' do
expect {
UploadCreator.new(file, filename).create_for(user.id)
}.to change { Upload.count }.by(1)
upload = Upload.last
expect(upload.etag).to eq('ETag')
end
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
it 'should return signed URL for secure attachments in S3' do
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
SiteSetting.authorized_extensions = 'pdf'
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-21 07:35:16 +08:00
SiteSetting.secure_media = true
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009) * Attachments (non media files) were being marked as secure if just SiteSetting.prevent_anons_from_downloading_files was enabled. this was not correct as nothing should be marked as actually "secure" in the DB without that site setting enabled * Also add a proper standalone spec file for the upload security class
2020-02-21 07:35:16 +08:00
upload = UploadCreator.new(pdf_file, pdf_filename, opts).create_for(user.id)
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
stored_upload = Upload.last
signed_url = Discourse.store.url_for(stored_upload)
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
expect(stored_upload.secure?).to eq(true)
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-06 11:27:24 +08:00
expect(stored_upload.url).not_to eq(signed_url)
expect(signed_url).to match(/Amz-Credential/)
end
FEATURE: Add S3 etag value to uploads table (#6795)
2019-01-04 14:16:22 +08:00
end
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
context "when the upload already exists based on the sha1" do
let(:filename) { "small.pdf" }
let(:file) { file_from_fixtures(filename, "pdf") }
let!(:existing_upload) { Fabricate(:upload, sha1: Upload.generate_digest(file)) }
let(:result) { UploadCreator.new(file, filename).create_for(user.id) }
it "returns the existing upload" do
expect(result).to eq(existing_upload)
end
it "does not set an original_sha1 normally" do
expect(result.original_sha1).to eq(nil)
end
it "creates a userupload record" do
result
expect(UserUpload.exists?(user_id: user.id, upload_id: existing_upload.id)).to eq(true)
end
context "when the existing upload URL is blank (it has failed)" do
before do
existing_upload.update(url: '')
end
it "destroys the existing upload" do
result
expect(Upload.find_by(id: existing_upload.id)).to eq(nil)
end
end
context "when SiteSetting.secure_media is enabled" do
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 19:32:25 +08:00
setup_s3
stub_s3_store
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
SiteSetting.secure_media = true
end
it "does not return the existing upload, as duplicate uploads are allowed" do
expect(result).not_to eq(existing_upload)
end
end
end
context "secure media functionality" do
let(:filename) { "logo.jpg" }
let(:file) { file_from_fixtures(filename) }
let(:opts) { {} }
let(:result) { UploadCreator.new(file, filename, opts).create_for(user.id) }
context "when SiteSetting.secure_media enabled" do
before do
DEV: Clean up S3 specs, stubs, and helpers Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-14 19:32:25 +08:00
setup_s3
stub_s3_store
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
SiteSetting.secure_media = true
end
it "sets an original_sha1 on the upload created because the sha1 column is securerandom in this case" do
expect(result.original_sha1).not_to eq(nil)
end
FIX: Change additional public uploads to not be secure (#8738) Custom emoji, profile background, and card background were being set to secure, which we do not want as they are always in a public context and result in a 403 error from the ACL if linked directly.
2020-01-17 11:16:27 +08:00
context "when uploading in a public context (theme, site setting, avatar, custom_emoji, profile_background, card_background)" do
def expect_no_public_context_uploads_to_be_secure
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
upload = UploadCreator.new(file_from_fixtures(filename), filename, for_site_setting: true).create_for(user.id)
expect(upload.secure).to eq(false)
upload.destroy!
FIX: Change additional public uploads to not be secure (#8738) Custom emoji, profile background, and card background were being set to secure, which we do not want as they are always in a public context and result in a 403 error from the ACL if linked directly.
2020-01-17 11:16:27 +08:00
upload = UploadCreator.new(file_from_fixtures(filename), filename, for_gravatar: true).create_for(user.id)
expect(upload.secure).to eq(false)
upload.destroy!
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
upload = UploadCreator.new(file_from_fixtures(filename), filename, for_theme: true).create_for(user.id)
expect(upload.secure).to eq(false)
upload.destroy!
upload = UploadCreator.new(file_from_fixtures(filename), filename, type: "avatar").create_for(user.id)
expect(upload.secure).to eq(false)
upload.destroy!
FIX: Change additional public uploads to not be secure (#8738) Custom emoji, profile background, and card background were being set to secure, which we do not want as they are always in a public context and result in a 403 error from the ACL if linked directly.
2020-01-17 11:16:27 +08:00
upload = UploadCreator.new(file_from_fixtures(filename), filename, type: "custom_emoji").create_for(user.id)
expect(upload.secure).to eq(false)
upload.destroy!
upload = UploadCreator.new(file_from_fixtures(filename), filename, type: "profile_background").create_for(user.id)
expect(upload.secure).to eq(false)
upload.destroy!
upload = UploadCreator.new(file_from_fixtures(filename), filename, type: "card_background").create_for(user.id)
expect(upload.secure).to eq(false)
upload.destroy!
end
it "does not set the upload to secure" do
expect_no_public_context_uploads_to_be_secure
end
context "when login required" do
before do
SiteSetting.login_required = true
end
it "does not set the upload to secure" do
expect_no_public_context_uploads_to_be_secure
end
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
end
end
context "if type of upload is in the composer" do
let(:opts) { { type: "composer" } }
it "sets the upload to secure and sets the original_sha1 column, because we don't know the context of the composer" do
expect(result.secure).to eq(true)
expect(result.original_sha1).not_to eq(nil)
end
end
context "if the upload is for a PM" do
let(:opts) { { for_private_message: true } }
it "sets the upload to secure and sets the original_sha1" do
expect(result.secure).to eq(true)
expect(result.original_sha1).not_to eq(nil)
end
end
FIX: Change additional public uploads to not be secure (#8738) Custom emoji, profile background, and card background were being set to secure, which we do not want as they are always in a public context and result in a 403 error from the ACL if linked directly.
2020-01-17 11:16:27 +08:00
context "if the upload is for a group message" do
let(:opts) { { for_group_message: true } }
it "sets the upload to secure and sets the original_sha1" do
expect(result.secure).to eq(true)
expect(result.original_sha1).not_to eq(nil)
end
end
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
context "if SiteSetting.login_required" do
before do
SiteSetting.login_required = true
end
it "sets the upload to secure and sets the original_sha1" do
expect(result.secure).to eq(true)
expect(result.original_sha1).not_to eq(nil)
end
end
end
end
FIX: Do not optimize uploaded custom emoji (#11203) Animated emojis were converted to static images. This commit moves the responsability on site admins to optimize their animated emojis before uploading them (gifsicle is no longer used).
2020-11-12 08:22:38 +08:00
context 'custom emojis' do
let(:animated_filename) { "animated.gif" }
let(:animated_file) { file_from_fixtures(animated_filename) }
it 'should not be cropped if animated' do
upload = UploadCreator.new(animated_file, animated_filename,
force_optimize: true,
type: 'custom_emoji'
).create_for(user.id)
expect(upload.animated).to eq(true)
expect(FastImage.size(Discourse.store.path_for(upload))).to eq([320, 320])
end
end
FEATURE: add support for "skip_validations" option in UploadCreator (#13094) FIX: do not validate uploads when running `uploads:fix_missing_s3` task
2021-05-19 23:24:52 +08:00
describe 'skip validations' do
let(:filename) { "small.pdf" }
let(:file) { file_from_fixtures(filename, "pdf") }
before do
SiteSetting.authorized_extensions = 'png|jpg'
end
it 'creates upload when skip_validations is true' do
upload = UploadCreator.new(file, filename,
skip_validations: true
).create_for(user.id)
expect(upload.persisted?).to eq(true)
expect(upload.original_filename).to eq(filename)
end
it 'does not create upload when skip_validations is false' do
upload = UploadCreator.new(file, filename,
skip_validations: false
).create_for(user.id)
expect(upload.persisted?).to eq(false)
end
end
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end
SECURITY: Remove event handlers from SVG files
2019-12-11 22:28:35 +08:00
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
describe '#clean_svg!' do
DEV: Add SVG tests for 31e31ef44 (#10205)
2020-07-10 05:02:25 +08:00
let(:b64) do
Base64.encode64('<svg onmouseover="alert(alert)" />')
end
SECURITY: Remove event handlers from SVG files
2019-12-11 22:28:35 +08:00
let(:file) do
file = Tempfile.new
file.write(<<~XML)
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="200px" height="200px" onload="alert(location)">
DEV: Add SVG tests for 31e31ef44 (#10205)
2020-07-10 05:02:25 +08:00
<defs>
<path id="pathdef" d="m0 0h100v100h-77z" stroke="#000" />
</defs>
<g>
DEV: Remove xlink hrefs (#15059)
2021-11-25 12:22:43 +08:00
<use id="valid-use" x="123" href="#pathdef" />
DEV: Add SVG tests for 31e31ef44 (#10205)
2020-07-10 05:02:25 +08:00
</g>
<use id="invalid-use1" href="https://svg.example.com/evil.svg" />
DEV: Remove xlink hrefs (#15059)
2021-11-25 12:22:43 +08:00
<use id="invalid-use2" href="data:image/svg+xml;base64,#{b64}" />
SECURITY: Remove event handlers from SVG files
2019-12-11 22:28:35 +08:00
</svg>
XML
file.rewind
file
end
it 'removes event handlers' do
begin
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
UploadCreator.new(file, 'file.svg').clean_svg!
DEV: Add SVG tests for 31e31ef44 (#10205)
2020-07-10 05:02:25 +08:00
file_content = file.read
expect(file_content).not_to include('onload')
expect(file_content).to include('#pathdef')
expect(file_content).not_to include('evil.svg')
expect(file_content).not_to include(b64)
SECURITY: Remove event handlers from SVG files
2019-12-11 22:28:35 +08:00
ensure
file.unlink
end
end
end
FIX: Do not downsize or crop GIF images (#10989) It was a problem because during this operation only the first frame is kept. This commit removes the alternative solution to check if a GIF image is animated.
2021-01-12 23:07:07 +08:00
FIX: Allow SVG uploads if dimensions are a fraction of a unit (#13409) * FIX: Allow SVG uploads if dimensions are a fraction of a unit `UploadCreator` counts the number of pixels in an file to determine if it is valid. `pixels` is calculated by multiplying the width and height of the image, as determined by FastImage. SVG files can have their width/height expressed in a variety of different units of measurement. For example, ‘px’, ‘in’, ‘cm’, ‘mm’, ‘pt’, ‘pc’, etc are all valid within SVG files. If an image has a width of `0.5in`, FastImage may interpret this as being a width of `0`, meaning it will report the `size` as being `0`. However, we don’t need to concern ourselves with the number of ‘pixels’ in a SVG files, as that is irrelevant for this file format, so we can skip over the check for `pixels == 0` when processing this file type. * DEV: Speed up getting SVG dimensions The `-ping` flag prevents the entire image from being rasterized before a result is returned. See: https://imagemagick.org/script/command-line-options.php#ping
2021-06-18 03:56:11 +08:00
describe "svg sizes expressed in units other than pixels" do
let(:tiny_svg_filename) { "tiny.svg" }
let(:tiny_svg_file) { file_from_fixtures(tiny_svg_filename) }
FIX - use ImageMagick to determine size of svg images (#12230) SVG files can have dimensions expressed in inches, centimeters, etc., which may lead to the dimensions being misinterpreted (e.g. “8in” ends up as 8 pixels). If the file type is `svg`, ask ImageMagick to work out what size the SVG file should be rendered on screen. NOTE: The `pencil.svg` file was obtained from https://freesvg.org/1534028868, which has placed the file in to the public domain.
2021-03-02 00:44:00 +08:00
FIX: Allow SVG uploads if dimensions are a fraction of a unit (#13409) * FIX: Allow SVG uploads if dimensions are a fraction of a unit `UploadCreator` counts the number of pixels in an file to determine if it is valid. `pixels` is calculated by multiplying the width and height of the image, as determined by FastImage. SVG files can have their width/height expressed in a variety of different units of measurement. For example, ‘px’, ‘in’, ‘cm’, ‘mm’, ‘pt’, ‘pc’, etc are all valid within SVG files. If an image has a width of `0.5in`, FastImage may interpret this as being a width of `0`, meaning it will report the `size` as being `0`. However, we don’t need to concern ourselves with the number of ‘pixels’ in a SVG files, as that is irrelevant for this file format, so we can skip over the check for `pixels == 0` when processing this file type. * DEV: Speed up getting SVG dimensions The `-ping` flag prevents the entire image from being rasterized before a result is returned. See: https://imagemagick.org/script/command-line-options.php#ping
2021-06-18 03:56:11 +08:00
let(:massive_svg_filename) { "massive.svg" }
let(:massive_svg_file) { file_from_fixtures(massive_svg_filename) }
let(:zero_sized_svg_filename) { "zero_sized.svg" }
let(:zero_sized_svg_file) { file_from_fixtures(zero_sized_svg_filename) }
it "should be viewable when a dimension is a fraction of a unit" do
upload = UploadCreator.new(tiny_svg_file, tiny_svg_filename,
force_optimize: true,
).create_for(user.id)
expect(upload.width).to be > 50
expect(upload.height).to be > 50
expect(upload.thumbnail_width).to be <= SiteSetting.max_image_width
expect(upload.thumbnail_height).to be <= SiteSetting.max_image_height
end
it "should not be larger than the maximum thumbnail size" do
upload = UploadCreator.new(massive_svg_file, massive_svg_filename,
FIX - use ImageMagick to determine size of svg images (#12230) SVG files can have dimensions expressed in inches, centimeters, etc., which may lead to the dimensions being misinterpreted (e.g. “8in” ends up as 8 pixels). If the file type is `svg`, ask ImageMagick to work out what size the SVG file should be rendered on screen. NOTE: The `pencil.svg` file was obtained from https://freesvg.org/1534028868, which has placed the file in to the public domain.
2021-03-02 00:44:00 +08:00
force_optimize: true,
).create_for(user.id)
FIX: Allow SVG uploads if dimensions are a fraction of a unit (#13409) * FIX: Allow SVG uploads if dimensions are a fraction of a unit `UploadCreator` counts the number of pixels in an file to determine if it is valid. `pixels` is calculated by multiplying the width and height of the image, as determined by FastImage. SVG files can have their width/height expressed in a variety of different units of measurement. For example, ‘px’, ‘in’, ‘cm’, ‘mm’, ‘pt’, ‘pc’, etc are all valid within SVG files. If an image has a width of `0.5in`, FastImage may interpret this as being a width of `0`, meaning it will report the `size` as being `0`. However, we don’t need to concern ourselves with the number of ‘pixels’ in a SVG files, as that is irrelevant for this file format, so we can skip over the check for `pixels == 0` when processing this file type. * DEV: Speed up getting SVG dimensions The `-ping` flag prevents the entire image from being rasterized before a result is returned. See: https://imagemagick.org/script/command-line-options.php#ping
2021-06-18 03:56:11 +08:00
expect(upload.width).to be > 50
expect(upload.height).to be > 50
expect(upload.thumbnail_width).to be <= SiteSetting.max_image_width
expect(upload.thumbnail_height).to be <= SiteSetting.max_image_height
end
it "should handle zero dimension files" do
upload = UploadCreator.new(zero_sized_svg_file, zero_sized_svg_filename,
force_optimize: true,
).create_for(user.id)
expect(upload.width).to be > 50
expect(upload.height).to be > 50
expect(upload.thumbnail_width).to be <= SiteSetting.max_image_width
expect(upload.thumbnail_height).to be <= SiteSetting.max_image_height
FIX - use ImageMagick to determine size of svg images (#12230) SVG files can have dimensions expressed in inches, centimeters, etc., which may lead to the dimensions being misinterpreted (e.g. “8in” ends up as 8 pixels). If the file type is `svg`, ask ImageMagick to work out what size the SVG file should be rendered on screen. NOTE: The `pencil.svg` file was obtained from https://freesvg.org/1534028868, which has placed the file in to the public domain.
2021-03-02 00:44:00 +08:00
end
end
FIX: Do not downsize or crop GIF images (#10989) It was a problem because during this operation only the first frame is kept. This commit removes the alternative solution to check if a GIF image is animated.
2021-01-12 23:07:07 +08:00
describe '#should_downsize?' do
context "GIF image" do
let(:gif_file) { file_from_fixtures("animated.gif") }
before do
SiteSetting.max_image_size_kb = 1
end
it "is not downsized" do
creator = UploadCreator.new(gif_file, "animated.gif")
creator.extract_image_info!
expect(creator.should_downsize?).to eq(false)
end
end
end
FIX: Validate upload is still valid after calling the "before_upload_creation" event (#13091) Since we use the event to perform additional validations on the file, we should check if it added any errors to the upload before saving it. This change makes the UploadCreator more consistent since we no longer have to rely on exceptions.
2021-06-15 21:10:03 +08:00
describe 'before_upload_creation event' do
let(:filename) { "logo.jpg" }
let(:file) { file_from_fixtures(filename) }
before do
setup_s3
stub_s3_store
end
it 'does not save the upload if an event added errors to the upload' do
error = 'This upload is invalid'
event = Proc.new do |file, is_image, upload|
upload.errors.add(:base, error)
end
DiscourseEvent.on(:before_upload_creation, &event)
created_upload = UploadCreator.new(file, filename).create_for(user.id)
expect(created_upload.persisted?).to eq(false)
expect(created_upload.errors).to contain_exactly(error)
DiscourseEvent.off(:before_upload_creation, &event)
end
end
FIX: Converting PNG to JPEG does not set the correct extension.
2018-08-17 11:41:30 +08:00
end
Reference in New Issue Copy Permalink