# frozen_string_literal: true RSpec.describe "tasks/uploads" do before do SiteSetting.authorized_extensions += "|pdf" STDIN.stubs(:gets).returns("y\n") end describe "uploads:secure_upload_analyse_and_update" do let!(:uploads) { [multi_post_upload_1, upload_1, upload_2, upload_3] } let(:multi_post_upload_1) { Fabricate(:upload_s3) } let(:upload_1) { Fabricate(:upload_s3) } let(:upload_2) { Fabricate(:upload_s3) } let(:upload_3) { Fabricate(:upload_s3, original_filename: "test.pdf", extension: "pdf") } let!(:post_1) { Fabricate(:post) } let!(:post_2) { Fabricate(:post) } let!(:post_3) { Fabricate(:post) } before do UploadReference.create(target: post_1, upload: multi_post_upload_1) UploadReference.create(target: post_2, upload: multi_post_upload_1) UploadReference.create(target: post_2, upload: upload_1) UploadReference.create(target: post_3, upload: upload_2) UploadReference.create(target: post_3, upload: upload_3) end def invoke_task capture_stdout { invoke_rake_task("uploads:secure_upload_analyse_and_update") } end context "when the store is internal" do it "does nothing; this is for external store only" do Upload.expects(:transaction).never expect { invoke_task }.to raise_error(SystemExit) end end context "when store is external" do before do setup_s3 uploads.each { |upload| stub_upload(upload) } end context "when secure upload is enabled" do before { SiteSetting.secure_uploads = true } it "sets an access_control_post for each post upload, using the first linked post in the case of multiple links" do invoke_task expect(multi_post_upload_1.reload.access_control_post).to eq(post_1) expect(upload_1.reload.access_control_post).to eq(post_2) expect(upload_2.reload.access_control_post).to eq(post_3) expect(upload_3.reload.access_control_post).to eq(post_3) end context "when login_required" do before { SiteSetting.login_required = true } after do if File.exist?("secure_upload_analyse_and_update_posts_for_rebake.json") File.delete("secure_upload_analyse_and_update_posts_for_rebake.json") end end it "sets everything attached to a post as secure" do invoke_task expect(upload_2.reload.secure).to eq(true) expect(upload_1.reload.secure).to eq(true) expect(upload_3.reload.secure).to eq(true) end it "writes a file with the post IDs to rebake" do invoke_task expect(File.exist?("secure_upload_analyse_and_update_posts_for_rebake.json")).to eq( true, ) expect( JSON.parse(File.read("secure_upload_analyse_and_update_posts_for_rebake.json")), ).to eq({ "post_ids" => [post_1.id, post_2.id, post_3.id] }) end it "sets the baked_version to NULL for affected posts" do invoke_task expect(post_1.reload.baked_version).to eq(nil) expect(post_2.reload.baked_version).to eq(nil) expect(post_3.reload.baked_version).to eq(nil) end context "when secure_uploads_pm_only" do before { SiteSetting.secure_uploads_pm_only = true } it "only sets everything attached to a private message post as secure and rebakes all those posts" do post_3.topic.update(archetype: "private_message", category: nil) invoke_task expect(post_1.reload.baked_version).not_to eq(nil) expect(post_2.reload.baked_version).not_to eq(nil) expect(post_3.reload.baked_version).to eq(nil) expect(upload_1.reload.secure).to eq(false) expect(upload_2.reload.secure).to eq(true) expect(upload_3.reload.secure).to eq(true) end end end context "when secure_uploads_pm_only" do before { SiteSetting.secure_uploads_pm_only = true } it "sets a non-PM post upload to not secure" do upload_2.update!(secure: true) invoke_task expect(upload_2.reload.secure).to eq(false) end end it "sets the uploads that are media and attachments in the read restricted topic category to secure" do post_3.topic.update(category: Fabricate(:private_category, group: Fabricate(:group))) invoke_task expect(upload_2.reload.secure).to eq(true) expect(upload_1.reload.secure).to eq(false) expect(upload_3.reload.secure).to eq(true) end it "sets the upload in the PM topic to secure" do post_3.topic.update(archetype: "private_message", category: nil) invoke_task expect(upload_2.reload.secure).to eq(true) expect(upload_1.reload.secure).to eq(false) end it "sets the baked_version version to NULL for the posts attached for uploads that change secure status" do post_3.topic.update(category: Fabricate(:private_category, group: Fabricate(:group))) invoke_task expect(post_1.reload.baked_version).not_to eq(nil) expect(post_2.reload.baked_version).not_to eq(nil) expect(post_3.reload.baked_version).to eq(nil) end context "for an upload that is already secure and does not need to change" do before do post_3.topic.update(archetype: "private_message", category: nil) upload_2.update(access_control_post: post_3) upload_2.update_secure_status upload_3.update(access_control_post: post_3) upload_3.update_secure_status end it "does not rebake the associated post" do freeze_time post_3.update_columns(baked_at: 1.week.ago) invoke_task expect(post_3.reload.baked_at).to eq_time(1.week.ago) end it "does not attempt to update the acl" do FileStore::S3Store.any_instance.expects(:update_upload_ACL).with(upload_2).never invoke_task end end context "for an upload that is already secure and is changing to not secure" do it "changes the upload to not secure and updates the ACL" do upload_to_mark_not_secure = Fabricate(:upload_s3, secure: true) post_for_upload = Fabricate(:post) UploadReference.create(target: post_for_upload, upload: upload_to_mark_not_secure) setup_s3 uploads.each { |upload| stub_upload(upload) } stub_upload(upload_to_mark_not_secure) invoke_task expect(upload_to_mark_not_secure.reload.secure).to eq(false) end end end end end describe "uploads:disable_secure_uploads" do def invoke_task capture_stdout { invoke_rake_task("uploads:disable_secure_uploads") } end before do setup_s3 uploads.each { |upload| stub_upload(upload) } SiteSetting.secure_uploads = true UploadReference.create(target: post_1, upload: upload_1) UploadReference.create(target: post_1, upload: upload_2) UploadReference.create(target: post_2, upload: upload_3) UploadReference.create(target: post_2, upload: upload4) end after do if File.exist?("secure_upload_analyse_and_update_posts_for_rebake.json") File.delete("secure_upload_analyse_and_update_posts_for_rebake.json") end end let!(:uploads) { [upload_1, upload_2, upload_3, upload4, upload5] } let(:post_1) { Fabricate(:post) } let(:post_2) { Fabricate(:post) } let(:upload_1) { Fabricate(:upload_s3, secure: true, access_control_post: post_1) } let(:upload_2) { Fabricate(:upload_s3, secure: true, access_control_post: post_1) } let(:upload_3) { Fabricate(:upload_s3, secure: true, access_control_post: post_2) } let(:upload4) { Fabricate(:upload_s3, secure: true, access_control_post: post_2) } let(:upload5) { Fabricate(:upload_s3, secure: false) } it "disables the secure upload setting" do invoke_task expect(SiteSetting.secure_uploads).to eq(false) end it "updates all secure uploads to secure: false" do invoke_task [upload_1, upload_2, upload_3, upload4].each { |upl| expect(upl.reload.secure).to eq(false) } end it "sets the baked_version to NULL for affected posts" do invoke_task expect(post_1.reload.baked_version).to eq(nil) expect(post_2.reload.baked_version).to eq(nil) end it "writes a file with the post IDs to rebake" do invoke_task expect(File.exist?("secure_upload_analyse_and_update_posts_for_rebake.json")).to eq(true) expect(JSON.parse(File.read("secure_upload_analyse_and_update_posts_for_rebake.json"))).to eq( { "post_ids" => [post_1.id, post_2.id] }, ) end it "updates the affected ACLs via the SyncAclsForUploads job" do invoke_task expect(Jobs::SyncAclsForUploads.jobs.last["args"][0]["upload_ids"]).to match_array( [upload_1.id, upload_2.id, upload_3.id, upload4.id], ) end end describe "uploads:downsize" do def invoke_task capture_stdout { invoke_rake_task("uploads:downsize") } end before { STDIN.stubs(:beep) } fab!(:upload) { Fabricate(:image_upload, width: 200, height: 200) } it "corrects upload attributes" do upload.update!(thumbnail_height: 0) expect { invoke_task }.to change { upload.reload.thumbnail_height }.to(200) end it "updates attributes of uploads that are over the size limit" do upload.update!(thumbnail_height: 0) SiteSetting.max_image_size_kb = 1 expect { invoke_task }.to change { upload.reload.thumbnail_height }.to(200) end end end