github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 23:54:16 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
5dc45b5dcf
discourse/spec/lib
History
Martin Brennan 5dc45b5dcf
FIX: Secure upload post processing race condition (#23968) 
* FIX: Secure upload post processing race condition

This commit fixes a couple of issues.

A little background -- when uploads are created in the composer
for posts, regardless of whether the upload will eventually be
marked secure or not, if secure_uploads is enabled we always mark
the upload secure at first. This is so the upload is by default
protected, regardless of post type (regular or PM) or category.

This was causing issues in some rare occasions though because
of the order of operations of our post creation and processing
pipeline. When creating a post, we enqueue a sidekiq job to
post-process the post which does various things including
converting images to lightboxes. We were also enqueuing a job
to update the secure status for all uploads in that post.

Sometimes the secure status job would run before the post process
job, marking uploads as _not secure_ in the background and changing
their ACL before the post processor ran, which meant the users
would see a broken image in their posts. This commit fixes that issue
by always running the upload security changes inline _within_ the
cooked_post_processor job.

The other issue was that the lightbox wrapper link for images in
the post would end up with a URL like this:

```
href="/secure-uploads/original/2X/4/4e1f00a40b6c952198bbdacae383ba77932fc542.jpeg"
```

Since we weren't actually using the `upload.url` to pass to
`UrlHelper.cook_url` here, we weren't converting this href to the CDN
URL if the post was not in a secure context (the UrlHelper does not
know how to convert a secure-uploads URL to a CDN one). Now we
always end up with the correct lightbox href. This was less of an issue
than the other one, since the secure-uploads URL works even when the
upload has become non-secure, but it was a good inconsistency to fix
anyway.
2023-10-18 23:48:01 +00:00
..
auth DEV: Fix random typos (#22804) 2023-07-26 12:45:35 +02:00
backup_restore DEV: Fix redis.sadd warnings (#23244) 2023-08-28 12:58:47 +08:00
common_passwords DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
compression DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
concern WIP: Rename Webauthn to DiscourseWebauthn (#23077) 2023-08-18 08:39:10 -04:00
content_security_policy DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_webauthn DEV: Update webauthn authentication documentation (#23787) 2023-10-05 15:22:43 -04:00
email FIX: Secure upload post processing race condition (#23968) 2023-10-18 23:48:01 +00:00
file_store FEATURE: allow S3 ACLs to be disabled (#21769) 2023-06-06 15:47:40 +10:00
final_destination DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
freedom_patches DEV: Update TranslateAccelerator missing translation string (#22158) 2023-06-16 15:28:03 +01:00
guardian Revert "FIX: Allow category moderators to move topics to their categories" (#23810) 2023-10-06 09:00:22 +08:00
highlight_js DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
i18n DEV: Update I18n to 1.13.0 (#21685) 2023-05-24 08:59:37 +08:00
imap DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
import DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
middleware DEV: Seperate concerns of tracking GC stat from MethodProfiler (#22921) 2023-08-02 10:46:37 +08:00
migration DEV: Allow DROP NOT NULL in pre-deploy migrations (#20775) 2023-03-22 14:43:32 +00:00
onebox DEV: Replace custom Onebox symbolize_keys implementation with ActiveSupport (#23828) 2023-10-09 09:32:09 +02:00
plugin DEV: Add meta_topic_id plugin metadata (#23838) 2023-10-10 10:16:13 +10:00
pretty_text DEV: Remove enable_experimental_hashtag_autocomplete logic (#22820) 2023-08-08 11:18:55 +10:00
rate_limiter DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
scheduler DEV: Prevent defer stats exception when thread aborted (#19863) 2023-01-16 09:08:44 +11:00
second_factor DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
seed_data FIX: Use category hashtag instead of link in discourse_welcome_topic.body (#22875) 2023-08-01 13:53:23 +02:00
site_settings DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
stylesheet DEV: Eliminate flakiness in specs that depend on plugins from fixtures (#21912) 2023-06-05 08:06:00 +08:00
summarization FIX: TopicSummarization workaround for Postgres' discrete range types (#23105) 2023-08-15 14:16:06 -03:00
svg_sprite DEV: Bump max theme sprite size to 1MB (#23556) 2023-09-13 15:00:26 +10:00
theme_store DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_query FEATURE: Only list watching group messages in messages notifications panel (#20630) 2023-03-13 08:09:38 +08:00
validators FEATURE: support a description attribute on form template fields (#23744) 2023-10-04 17:51:53 -03:00
wizard DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
admin_confirmation_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
admin_user_index_query_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
archetype_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
bookmark_manager_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
bookmark_query_spec.rb SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
bookmark_reminder_notification_handler_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
browser_detection_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
cache_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
category_badge_spec.rb FIX: do not escape slash for category text description (#20460) 2023-02-27 12:48:48 +11:00
category_guardian_spec.rb Revert "FIX: Allow category moderators to move topics to their categories" (#23810) 2023-10-06 09:00:22 +08:00
color_math_spec.rb UX: Calculate missing hover/selected colors from existing colors (#20105) 2023-02-01 09:55:21 +00:00
composer_messages_finder_spec.rb DEV: Ensure don't feed the trolls feature considers active flags only (#22774) 2023-07-25 15:12:22 +08:00
content_buffer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
content_security_policy_spec.rb SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
cooked_post_processor_spec.rb FIX: Secure upload post processing race condition (#23968) 2023-10-18 23:48:01 +00:00
crawler_detection_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
current_user_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
db_helper_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
directory_helper_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_diff_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_event_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_hub_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_js_processor_spec.rb DEV: Use esbuild to make DiscourseJsProcessor (#23223) 2023-08-24 16:36:22 +02:00
discourse_plugin_registry_spec.rb FEATURE: Add hooks for email poller plugins (#21384) 2023-06-26 13:16:03 +08:00
discourse_redis_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_sourcemapping_url_processor_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_spec.rb FEATURE: reduce avatar sizes to 6 from 20 (#21319) 2023-06-01 10:00:01 +10:00
discourse_tagging_spec.rb FIX: List parent/child tags correctly for categories restricted to tag groups (#23708) 2023-10-10 17:30:24 +00:00
discourse_updates_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
distributed_cache_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
distributed_memoizer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
distributed_mutex_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
email_cook_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
email_updater_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
ember_cli_spec.rb DEV: Improve strategy for identifying ember-cli JS chunks (#23382) 2023-09-04 13:56:34 +01:00
encodings_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
enum_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
excerpt_parser_spec.rb FIX: Internal oneboxes with github links (#22829) 2023-07-28 09:07:53 -06:00
feed_element_installer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
feed_item_accessor_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
file_helper_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
filter_best_posts_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
final_destination_spec.rb DEV: Add S3 upload system specs using minio (#22975) 2023-08-23 11:18:33 +10:00
flag_settings_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
gaps_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
gc_stat_instrumenter_spec.rb DEV: Seperate concerns of tracking GC stat from MethodProfiler (#22921) 2023-08-02 10:46:37 +08:00
git_repo_spec.rb FEATURE: display commit hash for each plugin on /admin/plugins page. (#22176) 2023-06-26 10:09:57 +05:30
git_url_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
global_path_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
group_email_credentials_check_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
group_lookup_spec.rb FEATURE: display PM participant group names in the topics list. (#21677) 2023-05-31 19:32:06 +05:30
guardian_spec.rb FIX: Admins not able to convert topics if they aren't in personal_message_enabled_groups (#23399) 2023-09-06 09:17:40 +10:00
has_errors_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
hijack_spec.rb SECURITY: Don't allow a particular site to monopolize the defer queue 2023-07-28 12:53:51 +01:00
html_prettify_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
html_to_markdown_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
image_sizer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
inline_oneboxer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
js_locale_helper_spec.rb DEV: convert I18n pseudo package into real package (discourse-i18n) (#23867) 2023-10-12 14:44:01 +01:00
json_error_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
letter_avatar_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
message_id_service_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
method_profiler_spec.rb DEV: Seperate concerns of tracking GC stat from MethodProfiler (#22921) 2023-08-02 10:46:37 +08:00
mini_sql_multisite_connection_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
mobile_detection_spec.rb Drop support for iOS < 15.7 (#19847) 2023-01-16 17:28:59 +00:00
new_post_manager_spec.rb DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
new_post_result_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
onebox_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
oneboxer_spec.rb DEV: Remove enable_experimental_hashtag_autocomplete logic (#22820) 2023-08-08 11:18:55 +10:00
onpdiff_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
password_hasher_spec.rb FEATURE: Persist password hashing algorithm/params in database (#20980) 2023-04-11 10:16:28 +01:00
pbkdf2_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
pinned_check_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
plain_text_to_markdown_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_action_creator_spec.rb DEV: Add hooks to allow overriding notify_user behavior (#23850) 2023-10-10 12:21:57 -05:00
post_action_destroyer_spec.rb DEV: Enhance post action handler events (#23027) 2023-08-09 13:55:00 -04:00
post_creator_spec.rb FIX: Secure upload post processing race condition (#23968) 2023-10-18 23:48:01 +00:00
post_destroyer_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
post_jobs_enqueuer_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
post_locker_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_merger_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_revisor_spec.rb FIX: Secure upload post processing race condition (#23968) 2023-10-18 23:48:01 +00:00
presence_channel_spec.rb FIX: Ensure PresenceChannel does not raise error during readonly (#22899) 2023-08-01 09:34:57 +01:00
pretty_text_spec.rb DEV: Remove enable_experimental_hashtag_autocomplete logic (#22820) 2023-08-08 11:18:55 +10:00
promotion_spec.rb FIX: Do not validate email in TL promotion (#20892) 2023-03-30 13:52:10 +10:00
quote_comparer_spec.rb DEV: Correct Style/RedundantReturn rubocop issues (#23052) 2023-08-10 02:03:38 +02:00
quote_rewriter_spec.rb DEV: Update display name in new quote format - Part 2 (#22104) 2023-06-26 11:01:59 +08:00
rate_limiter_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
retrieve_title_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
rtl_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
s3_cors_rulesets_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
s3_helper_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
s3_inventory_multisite_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
s3_inventory_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
score_calculator_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
scss_checker_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
search_spec.rb FEATURE: allow consumers to parse a search string (#23528) 2023-09-12 16:21:01 +10:00
secure_session_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
shrink_uploaded_image_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
sidebar_section_links_updater_spec.rb FIX: Seed all categories and tags configured as defaults for nav menu (#22793) 2023-07-27 10:52:33 +08:00
site_icon_manager_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
site_setting_extension_multisite_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
site_setting_extension_spec.rb DEV: Add auto _map extensions for list site settings with no type (#23331) 2023-08-30 16:14:06 +10:00
slug_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
spam_handler_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
suggested_topics_builder_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
system_message_spec.rb FIX: Send TL2 promotion message to correct user (#21978) 2023-06-07 22:51:24 +03:00
text_cleaner_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
text_sentinel_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
theme_flag_modifier_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
theme_javascript_compiler_spec.rb DEV: Add gjs support for themes (#23473) 2023-10-02 12:36:06 +02:00
theme_settings_manager_spec.rb FIX: Use the default value correctly for theme settings of type uploads (#20541) 2023-03-06 11:41:47 +03:00
theme_settings_parser_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
timeline_lookup_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
tiny_japanese_segmenter_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_creator_spec.rb SECURITY: Prevent arbitrary topic custom fields from being set 2023-10-16 10:34:35 -04:00
topic_publisher_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_query_spec.rb FIX: Respect default category sort when filter=default (#23411) 2023-09-05 19:05:30 +01:00
topic_retriever_spec.rb FEATURE: Update topic/comment embedding parameters (#20181) 2023-02-28 14:31:59 +02:00
topic_upload_security_manager_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
topic_view_spec.rb DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
topics_bulk_action_spec.rb SECURITY: Prevent dismissal of topics that user can't see (#22086) 2023-06-13 11:08:55 -06:00
topics_filter_spec.rb DEV: Add order:title filter to experimental /filter route (#22293) 2023-06-28 06:21:56 +08:00
trashable_spec.rb DEV: Added .only_deleted scope in the Trashable module (#20196) 2023-02-07 15:28:59 -03:00
truncate_logs_formatter_spec.rb SECURITY: Add a default limit as to when logs should be truncated 2023-10-16 10:34:38 -04:00
trust_level_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
twitter_api_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
unread_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
upload_creator_spec.rb DEV: allow using CDN URL for all s3 uploads (#20755) 2023-07-12 12:06:49 +08:00
upload_markdown_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
upload_recovery_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
upload_security_spec.rb FEATURE: Secure uploads in PMs only (#23398) 2023-09-06 09:39:09 +10:00
url_helper_spec.rb SECURITY: Limit URL length for theme remote (#20787) 2023-03-23 12:01:04 +00:00
user_comm_screener_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
user_lookup_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_name_suggester_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
version_spec.rb SECURITY: Add limits for themes and theme assets 2023-09-12 15:31:31 -03:00
work_queue_spec.rb SECURITY: Don't allow a particular site to monopolize the defer queue 2023-07-28 12:53:51 +01:00