2020-06-01 11:49:27 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2022-07-28 10:27:38 +08:00
|
|
|
RSpec.describe Jobs::OldKeysReminder do
|
2020-06-01 11:49:27 +08:00
|
|
|
let!(:google_secret) do
|
|
|
|
|
SiteSetting.create!(name: "google_oauth2_client_secret", value: "123", data_type: 1)
|
2023-01-09 19:18:21 +08:00
|
|
|
end
|
2020-10-30 11:39:56 +08:00
|
|
|
let!(:github_secret) do
|
|
|
|
|
SiteSetting.create!(name: "github_client_secret", value: "123", data_type: 1)
|
2023-01-09 19:18:21 +08:00
|
|
|
end
|
2020-06-01 11:49:27 +08:00
|
|
|
let!(:api_key) { Fabricate(:api_key, description: "api key description") }
|
|
|
|
|
let!(:admin) { Fabricate(:admin) }
|
|
|
|
|
let!(:another_admin) { Fabricate(:admin) }
|
|
|
|
|
|
|
|
|
|
let!(:recent_twitter_secret) do
|
|
|
|
|
SiteSetting.create!(
|
|
|
|
|
name: "twitter_consumer_secret",
|
|
|
|
|
value: "123",
|
|
|
|
|
data_type: 1,
|
|
|
|
|
updated_at: 2.years.from_now,
|
|
|
|
|
)
|
2023-01-09 19:18:21 +08:00
|
|
|
end
|
2020-06-01 11:49:27 +08:00
|
|
|
let!(:recent_api_key) do
|
|
|
|
|
Fabricate(
|
|
|
|
|
:api_key,
|
|
|
|
|
description: "recent api key description",
|
|
|
|
|
created_at: 2.years.from_now,
|
|
|
|
|
user_id: admin.id,
|
|
|
|
|
)
|
2023-01-09 19:18:21 +08:00
|
|
|
end
|
2020-06-01 11:49:27 +08:00
|
|
|
|
|
|
|
|
it "is disabled be default" do
|
|
|
|
|
freeze_time 2.years.from_now
|
|
|
|
|
expect { described_class.new.execute({}) }.not_to change { Post.count }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "sends message to admin with old credentials" do
|
|
|
|
|
SiteSetting.send_old_credential_reminder_days = "365"
|
|
|
|
|
freeze_time 2.years.from_now
|
|
|
|
|
expect { described_class.new.execute({}) }.to change { Post.count }.by(1)
|
|
|
|
|
post = Post.last
|
|
|
|
|
expect(post.archetype).to eq(Archetype.private_message)
|
|
|
|
|
expect(post.topic.topic_allowed_users.map(&:user_id).sort).to eq(
|
|
|
|
|
[Discourse.system_user.id, admin.id, another_admin.id].sort,
|
|
|
|
|
)
|
|
|
|
|
expect(post.topic.title).to eq("Reminder about old credentials")
|
DEV: Correctly tag heredocs (#16061)
This allows text editors to use correct syntax coloring for the heredoc sections.
Heredoc tag names we use:
languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
2022-03-01 03:50:55 +08:00
|
|
|
expect(post.raw).to eq(<<~TEXT.rstrip)
|
|
|
|
|
Hello! This is a routine yearly security reminder from your Discourse instance.
|
2020-06-01 11:49:27 +08:00
|
|
|
|
DEV: Correctly tag heredocs (#16061)
This allows text editors to use correct syntax coloring for the heredoc sections.
Heredoc tag names we use:
languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
2022-03-01 03:50:55 +08:00
|
|
|
As a courtesy, we wanted to let you know that the following credentials used on your Discourse instance have not been updated in more than two years:
|
2020-06-01 11:49:27 +08:00
|
|
|
|
2022-03-21 22:28:52 +08:00
|
|
|
google_oauth2_client_secret - #{google_secret.updated_at.to_date.to_fs(:db)}
|
|
|
|
|
github_client_secret - #{github_secret.updated_at.to_date.to_fs(:db)}
|
|
|
|
|
api key description - #{api_key.created_at.to_date.to_fs(:db)}
|
2020-06-01 11:49:27 +08:00
|
|
|
|
DEV: Correctly tag heredocs (#16061)
This allows text editors to use correct syntax coloring for the heredoc sections.
Heredoc tag names we use:
languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
2022-03-01 03:50:55 +08:00
|
|
|
No action is required at this time, however, it is considered good security practice to cycle all your important credentials every few years.
|
|
|
|
|
TEXT
|
2020-06-01 11:49:27 +08:00
|
|
|
|
|
|
|
|
post.topic.destroy
|
|
|
|
|
freeze_time 4.years.from_now
|
|
|
|
|
described_class.new.execute({})
|
|
|
|
|
post = Post.last
|
|
|
|
|
expect(post.topic.title).to eq("Reminder about old credentials")
|
DEV: Correctly tag heredocs (#16061)
This allows text editors to use correct syntax coloring for the heredoc sections.
Heredoc tag names we use:
languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
2022-03-01 03:50:55 +08:00
|
|
|
expect(post.raw).to eq(<<~TEXT.rstrip)
|
|
|
|
|
Hello! This is a routine yearly security reminder from your Discourse instance.
|
2020-06-01 11:49:27 +08:00
|
|
|
|
DEV: Correctly tag heredocs (#16061)
This allows text editors to use correct syntax coloring for the heredoc sections.
Heredoc tag names we use:
languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
2022-03-01 03:50:55 +08:00
|
|
|
As a courtesy, we wanted to let you know that the following credentials used on your Discourse instance have not been updated in more than two years:
|
2020-06-01 11:49:27 +08:00
|
|
|
|
2022-03-21 22:28:52 +08:00
|
|
|
google_oauth2_client_secret - #{google_secret.updated_at.to_date.to_fs(:db)}
|
|
|
|
|
github_client_secret - #{github_secret.updated_at.to_date.to_fs(:db)}
|
|
|
|
|
twitter_consumer_secret - #{recent_twitter_secret.updated_at.to_date.to_fs(:db)}
|
|
|
|
|
api key description - #{api_key.created_at.to_date.to_fs(:db)}
|
|
|
|
|
recent api key description - #{admin.username} - #{recent_api_key.created_at.to_date.to_fs(:db)}
|
2020-06-01 11:49:27 +08:00
|
|
|
|
DEV: Correctly tag heredocs (#16061)
This allows text editors to use correct syntax coloring for the heredoc sections.
Heredoc tag names we use:
languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
2022-03-01 03:50:55 +08:00
|
|
|
No action is required at this time, however, it is considered good security practice to cycle all your important credentials every few years.
|
|
|
|
|
TEXT
|
2020-06-01 11:49:27 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "does not send message when send_old_credential_reminder_days is set to 0 or no old keys" do
|
2022-07-19 22:03:03 +08:00
|
|
|
expect { described_class.new.execute({}) }.not_to change { Post.count }
|
2020-06-01 11:49:27 +08:00
|
|
|
SiteSetting.send_old_credential_reminder_days = "0"
|
|
|
|
|
freeze_time 2.years.from_now
|
2022-07-19 22:03:03 +08:00
|
|
|
expect { described_class.new.execute({}) }.not_to change { Post.count }
|
2020-06-01 11:49:27 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "does not send a message if already exists" do
|
|
|
|
|
SiteSetting.send_old_credential_reminder_days = "367"
|
|
|
|
|
freeze_time 2.years.from_now
|
|
|
|
|
expect { described_class.new.execute({}) }.to change { Post.count }.by(1)
|
|
|
|
|
Topic.last.trash!
|
2022-07-19 22:03:03 +08:00
|
|
|
expect { described_class.new.execute({}) }.not_to change { Post.count }
|
2020-06-01 11:49:27 +08:00
|
|
|
freeze_time 1.years.from_now
|
2022-07-19 22:03:03 +08:00
|
|
|
expect { described_class.new.execute({}) }.not_to change { Post.count }
|
2020-06-01 11:49:27 +08:00
|
|
|
freeze_time 3.days.from_now
|
|
|
|
|
expect { described_class.new.execute({}) }.to change { Post.count }.by(1)
|
|
|
|
|
end
|
|
|
|
|
end
|
