Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-08 12:06:51 +08:00
Code Packages Activity Actions 1
discourse/spec/components
History
Martin Brennan 7c32411881
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 
### General Changes and Duplication

* We now consider a post `with_secure_media?` if it is in a read-restricted category.
* When uploading we now set an upload's secure status straight away.
* When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. 
* Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is).
* When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload.

### Viewing Secure Media

* The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions
* If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor`

### Removed

We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled.

* We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context.
* We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 13:50:27 +10:00
..
active_record/connection_adapters DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
auth DEV: correct flaky spec 2020-01-06 10:54:18 +11:00
common_passwords DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
concern SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
email FIX: Ignore DMARC for emails sent to mailing list mirror 2019-12-06 13:29:39 +01:00
file_store FIX: parallel spec system needs a dedicated upload folder for each worker. (#8547) 2019-12-18 11:21:57 +05:30
freedom_patches DEV: correct spec failures in PG 12 2019-11-26 16:39:14 +11:00
guardian FIX: Disallow user self-delete when user posted in PMs 2019-08-10 12:30:16 +02:00
highlight_js DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
import DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
middleware FIX: crawler requests not tracked for non UTF-8 user agents 2019-12-09 17:43:51 +11:00
migration DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
onebox/engine FIX: prevents whitelisted_generic_onebox_spec to fail with zeitwerk (#8288) 2019-11-04 09:15:09 +11:00
plugin DEV: HTML Builders should respect if a plugin is enabled or not (#8454) 2019-12-04 12:26:23 -05:00
pretty_text SPEC: 'lookup_upload_urls' method should use cdn url if available. 2019-10-14 12:57:33 +05:30
rate_limiter DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
scheduler DEV: waiting for 10ms is hardly enough 2019-10-23 16:18:41 +11:00
site_settings DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheet FEATURE: Ability to add components to all themes (#8404) 2019-11-28 16:19:01 +11:00
svg_sprite FEATURE: Ability to add components to all themes (#8404) 2019-11-28 16:19:01 +11:00
theme_store DEV: correct flaky test 2019-12-12 16:54:22 +11:00
validators DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
wizard FIX: When running the wizard and using a custom theme, fallback to the color_scheme name if the base_scheme_id is nil (#8236) 2019-10-25 09:29:51 -03:00
admin_confirmation_spec.rb FEATURE: Add welcome message for admins. (#8293) 2019-11-05 18:15:55 +05:30
admin_user_index_query_spec.rb FEATURE: improve suspect user discovery 2019-12-02 16:39:28 +05:30
archetype_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
avatar_lookup_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
cache_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
category_badge_spec.rb FIX: Correctly escape category description text (#8107) 2019-10-01 12:04:39 -04:00
composer_messages_finder_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
content_buffer_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
cooked_post_processor_spec.rb FIX: Remove full nested quotes on direct reply (#8581) 2019-12-20 10:24:34 +02:00
crawler_detection_spec.rb FIX: Serve crawler view to Google PageSpeed 2019-11-27 22:15:34 +01:00
current_user_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
directory_helper_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
discourse_diff_spec.rb Remove focus from specs 2019-10-16 14:28:04 -04:00
discourse_event_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
discourse_hub_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
discourse_plugin_registry_spec.rb DEV: correct regression in registry test suite 2019-08-22 16:22:52 +10:00
discourse_plugin_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
discourse_redis_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
discourse_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
discourse_tagging_spec.rb FIX: prevents crash in discourse_tagging with empty term (#8548) 2019-12-17 10:55:06 +01:00
discourse_updates_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
distributed_memoizer_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
distributed_mutex_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
email_cook_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
email_updater_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
enum_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
excerpt_parser_spec.rb DEV: Add option to keep quoted content in post excerpt. 2020-01-04 18:56:52 +05:30
feed_element_installer_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
feed_item_accessor_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
file_helper_spec.rb DEV: properly clean up temp files in FileHelper spec 2019-05-28 11:33:08 +10:00
filter_best_posts_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
final_destination_spec.rb FIX: do not follow redirect on same host with path /login or /session 2019-08-07 16:26:55 +05:30
flag_settings_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
gaps_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
global_path_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
guardian_spec.rb PERF: Reduce DB queries when serializing ignore/mute information (#8629) 2020-01-02 13:04:08 +00:00
has_errors_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
hijack_spec.rb DEV: allow handling crawler reqs with no user agent 2019-12-09 18:40:10 +11:00
html_prettify_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
html_to_markdown_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
image_sizer_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
inline_oneboxer_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
js_locale_helper_spec.rb FEATURE: English locale with international date formats 2019-05-20 13:47:20 +02:00
json_error_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
letter_avatar_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
method_profiler_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
new_post_manager_spec.rb FEATURE: Allow viewing of raw emails for reviewable queued posts (#7910) 2019-07-19 11:56:14 -04:00
new_post_result_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
oneboxer_spec.rb FIX: Cache failed onebox URL request server-side (#8421) 2019-11-28 07:48:29 +10:00
onpdiff_spec.rb Remove focus from specs 2019-10-16 14:28:04 -04:00
pbkdf2_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
pinned_check_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
plain_text_to_markdown_spec.rb FIX: use URI.regexp to find URLs in plain text 2019-06-07 01:26:06 +02:00
post_action_creator_spec.rb FIX: Do not create a double like notification. (#7999) 2019-08-12 16:22:46 +03:00
post_creator_spec.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
post_destroyer_spec.rb FEATURE: Featured topic for user profile & card (#8461) 2019-12-09 11:15:47 -08:00
post_locker_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_merger_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
post_revisor_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
pretty_text_spec.rb UX: Include public groups in mentionable groups set (#8516) 2019-12-12 13:13:40 +02:00
promotion_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
quote_comparer_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
rate_limiter_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
redis_store_spec.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
retrieve_title_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
rtl_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
s3_helper_spec.rb FIX: Update S3 stubs for more aws-sdk API changes (#8534) 2019-12-11 11:26:52 -08:00
s3_inventory_spec.rb FIX: remove the tmp inventory files after the s3 uploads check. 2019-08-13 11:52:57 +05:30
score_calculator_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
search_spec.rb FEATURE: Modal for profile featured topic & admin wrench refactor (#8545) 2019-12-16 08:41:34 -08:00
secure_session_spec.rb DEV: correct implementation of expiry api 2019-11-11 11:18:12 +11:00
site_icon_manager_spec.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
site_setting_extension_spec.rb DEV: use Discourse.cache over Rails.cache 2019-11-27 12:36:19 +11:00
slug_spec.rb FIX: If a prettified slug is a number, return defaultt (#8554) 2019-12-17 10:34:20 +10:00
spam_handler_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
suggested_topics_builder_spec.rb DEV: Default to skipping creating a topic when fabricating categories (#7976) 2019-08-06 11:26:54 +01:00
system_message_spec.rb DEV: Refactor SystemMessage#create specs. 2019-05-30 07:56:36 +08:00
text_cleaner_spec.rb FEATURE: English locale with international date formats 2019-05-20 13:47:20 +02:00
text_sentinel_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
theme_settings_manager_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
theme_settings_parser_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
timeline_lookup_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
topic_creator_spec.rb FEATURE: categories can require topics have a tag from a tag group 2019-10-31 16:10:19 -04:00
topic_publisher_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_query_spec.rb FEATURE: Tag synonyms 2019-12-04 13:33:51 -05:00
topic_retriever_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
topic_view_spec.rb UX: Do not use avatars as fallback opengraph images for replies (#8605) 2019-12-20 13:17:14 +00:00
topics_bulk_action_spec.rb FIX: Unread topics not clearing when whisper is last post (#8271) 2019-11-01 09:19:43 +10:00
trashable_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
trust_level_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
unread_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
url_helper_spec.rb FIX: parallel spec system needs a dedicated upload folder for each worker. (#8547) 2019-12-18 11:21:57 +05:30
user_name_suggester_spec.rb FIX: Respect unicode whitelist when suggesting username 2019-10-01 20:33:09 +02:00
version_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00