github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 09:42:07 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
2ec7455c89
discourse/spec/system/s3_uploads_spec.rb
Martin Brennan c532f6eb3d
FEATURE: Secure uploads in PMs only (#23398) 
This adds a new secure_uploads_pm_only site setting. When secure_uploads
is true with this setting, only uploads created in PMs will be marked
secure; no uploads in secure categories will be marked as secure, and
the login_required site setting has no bearing on upload security
either.

This is meant to be a stopgap solution to prevent secure uploads
in a single place (private messages) for sensitive admin data exports.
Ideally we would want a more comprehensive way of saying that certain
upload types get secured which is a hybrid/mixed mode secure uploads,
but for now this will do the trick.
2023-09-06 09:39:09 +10:00

56 lines
1.7 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
describe "Uploading files in the composer to S3", type: :system do
fab!(:current_user) { Fabricate(:admin) }
let(:modal) { PageObjects::Modals::Base.new }
let(:composer) { PageObjects::Components::Composer.new }
let(:topic) { PageObjects::Pages::Topic.new }
describe "direct S3 uploads" do
describe "single part uploads" do
it "uploads custom avatars to S3" do
skip_unless_s3_system_specs_enabled!
setup_s3_system_test
sign_in(current_user)
visit "/my/preferences/account"
find("#edit-avatar").click
find("#uploaded-avatar").click
attach_file(File.absolute_path(file_from_fixtures("logo.jpg"))) do
find("#avatar-uploader").click
end
expect(page).to have_css(".avatar-uploader label[data-uploaded]")
modal.click_primary_button
expect(modal).to be_closed
expect(page).to have_css(
"#user-avatar-uploads[data-custom-avatar-upload-id]",
visible: false,
)
expect(current_user.reload.uploaded_avatar_id).to eq(
find("#user-avatar-uploads", visible: false)["data-custom-avatar-upload-id"].to_i,
)
end
end
describe "multipart uploads" do
it "uploads a file in the post composer" do
skip_unless_s3_system_specs_enabled!
setup_s3_system_test
sign_in(current_user)
topic.open_new_topic
file_path = file_from_fixtures("logo.png", "images").path
attach_file(file_path) { composer.click_toolbar_button("upload") }
expect(page).to have_no_css("#file-uploading")
expect(composer.preview).to have_css(".image-wrapper")
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink