discourse/spec/controllers/uploads_controller_spec.rb
OsamaSayegh f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364)
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
2018-02-19 10:44:24 +01:00

252 lines
7.4 KiB
Ruby

require 'rails_helper'
describe UploadsController do
context '.create' do
it 'requires you to be logged in' do
post :create, format: :json
expect(response.status).to eq(403)
end
context 'logged in' do
before { @user = log_in :user }
let(:logo) do
Rack::Test::UploadedFile.new(file_from_fixtures("logo.png"))
end
let(:fake_jpg) do
Rack::Test::UploadedFile.new(file_from_fixtures("fake.jpg"))
end
let(:text_file) do
Rack::Test::UploadedFile.new(File.new("#{Rails.root}/LICENSE.txt"))
end
it 'expects a type' do
expect do
post :create, params: { format: :json, file: logo }
end.to raise_error(ActionController::ParameterMissing)
end
it 'can look up long urls' do
upload = Fabricate(:upload)
post :lookup_urls, params: { short_urls: [upload.short_url], format: :json }
result = JSON.parse(response.body)
expect(result[0]["url"]).to eq(upload.url)
end
it 'is successful with an image' do
Jobs.expects(:enqueue).with(:create_avatar_thumbnails, anything)
post :create, params: { file: logo, type: "avatar", format: :json }
expect(response.status).to eq 200
expect(JSON.parse(response.body)["id"]).to be
end
it 'is successful with an attachment' do
SiteSetting.authorized_extensions = "*"
Jobs.expects(:enqueue).never
post :create, params: { file: text_file, type: "composer", format: :json }
expect(response.status).to eq 200
id = JSON.parse(response.body)["id"]
expect(id).to be
end
it 'is successful with synchronous api' do
SiteSetting.authorized_extensions = "*"
controller.stubs(:is_api?).returns(true)
Jobs.expects(:enqueue).with(:create_avatar_thumbnails, anything)
stub_request(:head, 'http://example.com/image.png')
stub_request(:get, "http://example.com/image.png").to_return(body: File.read('spec/fixtures/images/logo.png'))
post :create, params: {
url: 'http://example.com/image.png',
type: "avatar",
synchronous: true,
format: :json
}
json = ::JSON.parse(response.body)
expect(response.status).to eq 200
expect(json["id"]).to be
expect(json["short_url"]).to eq("upload://qUm0DGR49PAZshIi7HxMd3cAlzn.png")
end
it 'correctly sets retain_hours for admins' do
log_in :admin
Jobs.expects(:enqueue).with(:create_avatar_thumbnails, anything).never
post :create, params: {
file: logo,
retain_hours: 100,
type: "profile_background",
format: :json
}
id = JSON.parse(response.body)["id"]
expect(Upload.find(id).retain_hours).to eq(100)
end
it 'requires a file' do
Jobs.expects(:enqueue).never
post :create, params: { type: "composer", format: :json }
message = JSON.parse(response.body)
expect(response.status).to eq 422
expect(message["errors"]).to contain_exactly(I18n.t("upload.file_missing"))
end
it 'properly returns errors' do
SiteSetting.max_attachment_size_kb = 1
Jobs.expects(:enqueue).never
post :create, params: { file: text_file, type: "avatar", format: :json }
expect(response.status).to eq 422
errors = JSON.parse(response.body)["errors"]
expect(errors).to be
end
it 'ensures allow_uploaded_avatars is enabled when uploading an avatar' do
SiteSetting.allow_uploaded_avatars = false
post :create, params: { file: logo, type: "avatar", format: :json }
expect(response).to_not be_success
end
it 'ensures sso_overrides_avatar is not enabled when uploading an avatar' do
SiteSetting.sso_overrides_avatar = true
post :create, params: { file: logo, type: "avatar", format: :json }
expect(response).to_not be_success
end
it 'allows staff to upload any file in PM' do
SiteSetting.authorized_extensions = "jpg"
SiteSetting.allow_staff_to_upload_any_file_in_pm = true
@user.update_columns(moderator: true)
post :create, params: {
file: text_file,
type: "composer",
for_private_message: "true",
format: :json
}
expect(response).to be_success
id = JSON.parse(response.body)["id"]
expect(id).to be
end
it 'respects `authorized_extensions_for_staff` setting when staff upload file' do
SiteSetting.authorized_extensions = ""
SiteSetting.authorized_extensions_for_staff = "*"
@user.update_columns(moderator: true)
post :create, params: {
file: text_file,
type: "composer",
format: :json
}
expect(response).to be_success
data = JSON.parse(response.body)
expect(data["id"]).to be
end
it 'ignores `authorized_extensions_for_staff` setting when non-staff upload file' do
SiteSetting.authorized_extensions = ""
SiteSetting.authorized_extensions_for_staff = "*"
post :create, params: {
file: text_file,
type: "composer",
format: :json
}
data = JSON.parse(response.body)
expect(data["errors"].first).to eq(I18n.t("upload.unauthorized", authorized_extensions: ''))
end
it 'returns an error when it could not determine the dimensions of an image' do
Jobs.expects(:enqueue).with(:create_avatar_thumbnails, anything).never
post :create, params: { file: fake_jpg, type: "composer", format: :json }
expect(response.status).to eq 422
message = JSON.parse(response.body)["errors"]
expect(message).to contain_exactly(I18n.t("upload.images.size_not_found"))
end
end
end
context '.show' do
let(:site) { "default" }
let(:sha) { Digest::SHA1.hexdigest("discourse") }
it "returns 404 when using external storage" do
store = stub(internal?: false)
Discourse.stubs(:store).returns(store)
Upload.expects(:find_by).never
get :show, params: { site: site, sha: sha, extension: "pdf" }
expect(response.response_code).to eq(404)
end
it "returns 404 when the upload doesn't exist" do
Upload.stubs(:find_by).returns(nil)
get :show, params: { site: site, sha: sha, extension: "pdf" }
expect(response.response_code).to eq(404)
end
it 'uses send_file' do
upload = build(:upload)
Upload.expects(:find_by).with(sha1: sha).returns(upload)
controller.stubs(:render)
controller.expects(:send_file)
get :show, params: { site: site, sha: sha, extension: "zip" }
end
it "handles file without extension" do
SiteSetting.authorized_extensions = "*"
Fabricate(:upload, original_filename: "image_file", sha1: sha)
controller.stubs(:render)
controller.expects(:send_file)
get :show, params: { site: site, sha: sha, format: :json }
expect(response).to be_success
end
context "prevent anons from downloading files" do
before { SiteSetting.prevent_anons_from_downloading_files = true }
it "returns 404 when an anonymous user tries to download a file" do
Upload.expects(:find_by).never
get :show, params: { site: site, sha: sha, extension: "pdf", format: :json }
expect(response.response_code).to eq(404)
end
end
end
end