discourse/test/javascripts/unit/lib/uploads-test.js

import I18n from "I18n";
import {
  validateUploadedFiles,
  authorizedExtensions,
  isImage,
  allowsImages,
  allowsAttachments,
  getUploadMarkdown,
} from "discourse/lib/uploads";
import * as Utilities from "discourse/lib/utilities";
import User from "discourse/models/user";
import { discourseModule } from "helpers/qunit-helpers";
import bootbox from "bootbox";

discourseModule("lib:uploads");

QUnit.test("validateUploadedFiles", function (assert) {
  assert.not(
    validateUploadedFiles(null, { siteSettings: this.siteSettings }),
    "no files are invalid"
  );
  assert.not(
    validateUploadedFiles(undefined, { siteSettings: this.siteSettings }),
    "undefined files are invalid"
  );
  assert.not(
    validateUploadedFiles([], { siteSettings: this.siteSettings }),
    "empty array of files is invalid"
  );
});

QUnit.test("uploading one file", function (assert) {
  sandbox.stub(bootbox, "alert");

  assert.not(
    validateUploadedFiles([1, 2], { siteSettings: this.siteSettings })
  );
  assert.ok(bootbox.alert.calledWith(I18n.t("post.errors.too_many_uploads")));
});

QUnit.test("new user cannot upload images", function (assert) {
  this.siteSettings.newuser_max_embedded_media = 0;
  sandbox.stub(bootbox, "alert");

  assert.not(
    validateUploadedFiles([{ name: "image.png" }], {
      user: User.create(),
      siteSettings: this.siteSettings,
    }),
    "the upload is not valid"
  );
  assert.ok(
    bootbox.alert.calledWith(
      I18n.t("post.errors.image_upload_not_allowed_for_new_user")
    ),
    "the alert is called"
  );
});

QUnit.test("new user can upload images if allowed", function (assert) {
  this.siteSettings.newuser_max_embedded_media = 1;
  this.siteSettings.default_trust_level = 0;
  sandbox.stub(bootbox, "alert");

  assert.ok(
    validateUploadedFiles([{ name: "image.png" }], {
      user: User.create(),
      siteSettings: this.siteSettings,
    })
  );
});

QUnit.test("TL1 can upload images", function (assert) {
  this.siteSettings.newuser_max_embedded_media = 0;
  sandbox.stub(bootbox, "alert");

  assert.ok(
    validateUploadedFiles([{ name: "image.png" }], {
      user: User.create({ trust_level: 1 }),
      siteSettings: this.siteSettings,
    })
  );
});

QUnit.test("new user cannot upload attachments", function (assert) {
  this.siteSettings.newuser_max_attachments = 0;
  sandbox.stub(bootbox, "alert");

  assert.not(
    validateUploadedFiles([{ name: "roman.txt" }], {
      user: User.create(),
      siteSettings: this.siteSettings,
    })
  );
  assert.ok(
    bootbox.alert.calledWith(
      I18n.t("post.errors.attachment_upload_not_allowed_for_new_user")
    )
  );
});

QUnit.test("ensures an authorized upload", function (assert) {
  sandbox.stub(bootbox, "alert");
  assert.not(
    validateUploadedFiles([{ name: "unauthorized.html" }], {
      siteSettings: this.siteSettings,
    })
  );
  assert.ok(
    bootbox.alert.calledWith(
      I18n.t("post.errors.upload_not_authorized", {
        authorized_extensions: authorizedExtensions(false, this.siteSettings),
      })
    )
  );
});

QUnit.test("skipping validation works", function (assert) {
  const files = [{ name: "backup.tar.gz" }];
  sandbox.stub(bootbox, "alert");

  assert.not(
    validateUploadedFiles(files, {
      skipValidation: false,
      siteSettings: this.siteSettings,
    })
  );
  assert.ok(
    validateUploadedFiles(files, {
      skipValidation: true,
      siteSettings: this.siteSettings,
    })
  );
});

QUnit.test("staff can upload anything in PM", function (assert) {
  const files = [{ name: "some.docx" }];
  this.siteSettings.authorized_extensions = "jpeg";
  sandbox.stub(bootbox, "alert");

  let user = User.create({ moderator: true });
  assert.not(
    validateUploadedFiles(files, { user, siteSettings: this.siteSettings })
  );
  assert.ok(
    validateUploadedFiles(files, {
      isPrivateMessage: true,
      allowStaffToUploadAnyFileInPm: true,
      siteSettings: this.siteSettings,
      user,
    })
  );
});

const imageSize = 10 * 1024;

const dummyBlob = function () {
  const BlobBuilder =
    window.BlobBuilder ||
    window.WebKitBlobBuilder ||
    window.MozBlobBuilder ||
    window.MSBlobBuilder;
  if (BlobBuilder) {
    let bb = new BlobBuilder();
    bb.append([new Int8Array(imageSize)]);
    return bb.getBlob("image/png");
  } else {
    return new Blob([new Int8Array(imageSize)], { type: "image/png" });
  }
};

QUnit.test("allows valid uploads to go through", function (assert) {
  sandbox.stub(bootbox, "alert");

  let user = User.create({ trust_level: 1 });

  // image
  let image = { name: "image.png", size: imageSize };
  assert.ok(
    validateUploadedFiles([image], { user, siteSettings: this.siteSettings })
  );
  // pasted image
  let pastedImage = dummyBlob();
  assert.ok(
    validateUploadedFiles([pastedImage], {
      user,
      siteSettings: this.siteSettings,
    })
  );

  assert.not(bootbox.alert.calledOnce);
});

QUnit.test("isImage", (assert) => {
  ["png", "webp", "jpg", "jpeg", "gif", "ico"].forEach((extension) => {
    var image = "image." + extension;
    assert.ok(isImage(image), image + " is recognized as an image");
    assert.ok(
      isImage("http://foo.bar/path/to/" + image),
      image + " is recognized as an image"
    );
  });
  assert.not(isImage("file.txt"));
  assert.not(isImage("http://foo.bar/path/to/file.txt"));
  assert.not(isImage(""));
});

QUnit.test("allowsImages", function (assert) {
  this.siteSettings.authorized_extensions = "jpg|jpeg|gif";
  assert.ok(allowsImages(false, this.siteSettings), "works");

  this.siteSettings.authorized_extensions = ".jpg|.jpeg|.gif";
  assert.ok(
    allowsImages(false, this.siteSettings),
    "works with old extensions syntax"
  );

  this.siteSettings.authorized_extensions = "txt|pdf|*";
  assert.ok(
    allowsImages(false, this.siteSettings),
    "images are allowed when all extensions are allowed"
  );

  this.siteSettings.authorized_extensions = "json|jpg|pdf|txt";
  assert.ok(
    allowsImages(false, this.siteSettings),
    "images are allowed when at least one extension is an image extension"
  );
});

QUnit.test("allowsAttachments", function (assert) {
  this.siteSettings.authorized_extensions = "jpg|jpeg|gif";
  assert.not(
    allowsAttachments(false, this.siteSettings),
    "no attachments allowed by default"
  );

  this.siteSettings.authorized_extensions = "jpg|jpeg|gif|*";
  assert.ok(
    allowsAttachments(false, this.siteSettings),
    "attachments are allowed when all extensions are allowed"
  );

  this.siteSettings.authorized_extensions = "jpg|jpeg|gif|pdf";
  assert.ok(
    allowsAttachments(false, this.siteSettings),
    "attachments are allowed when at least one extension is not an image extension"
  );

  this.siteSettings.authorized_extensions = ".jpg|.jpeg|.gif|.pdf";
  assert.ok(
    allowsAttachments(false, this.siteSettings),
    "works with old extensions syntax"
  );
});

function testUploadMarkdown(filename, opts = {}) {
  return getUploadMarkdown(
    Object.assign(
      {
        original_filename: filename,
        filesize: 42,
        thumbnail_width: 100,
        thumbnail_height: 200,
        url: "/uploads/123/abcdef.ext",
      },
      opts
    )
  );
}

QUnit.test("getUploadMarkdown", (assert) => {
  assert.equal(
    testUploadMarkdown("lolcat.gif"),
    "![lolcat|100x200](/uploads/123/abcdef.ext)"
  );
  assert.equal(
    testUploadMarkdown("[foo|bar].png"),
    "![foobar|100x200](/uploads/123/abcdef.ext)"
  );
  assert.equal(
    testUploadMarkdown("file name with space.png"),
    "![file name with space|100x200](/uploads/123/abcdef.ext)"
  );

  assert.equal(
    testUploadMarkdown("image.file.name.with.dots.png"),
    "![image.file.name.with.dots|100x200](/uploads/123/abcdef.ext)"
  );

  const short_url = "uploads://asdaasd.ext";

  assert.equal(
    testUploadMarkdown("important.txt", { short_url }),
    `[important.txt|attachment](${short_url}) (42 Bytes)`
  );
});

QUnit.test(
  "getUploadMarkdown - replaces GUID in image alt text on iOS",
  (assert) => {
    assert.equal(
      testUploadMarkdown("8F2B469B-6B2C-4213-BC68-57B4876365A0.jpeg"),
      "![8F2B469B-6B2C-4213-BC68-57B4876365A0|100x200](/uploads/123/abcdef.ext)"
    );

    sandbox.stub(Utilities, "isAppleDevice").returns(true);
    assert.equal(
      testUploadMarkdown("8F2B469B-6B2C-4213-BC68-57B4876365A0.jpeg"),
      "![image|100x200](/uploads/123/abcdef.ext)"
    );
  }
);