IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

DEV: Upload and secure media retroactive rake task improvements (#9027)

Browse Source 
* Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security

* Improved uploads:disable_secure_media to be more efficient and provide better messages to the user.

* Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL

* Many improvements to uploads:secure_upload_analyse_and_update

* Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload.

* Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
This commit is contained in:
Martin Brennan
2020-03-03 10:03:58 +11:00
committed by GitHub
parent 8a696a4ffc
commit 0388653a4d
7 changed files with 271 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
spec/jobs/regular/update_private_uploads_acl_spec.rb
View File

@@ -24,9 +24,9 @@ describe Jobs::UpdatePrivateUploadsAcl do
before do
SiteSetting.login_required = true
SiteSetting.prevent_anons_from_downloading_files = true
SiteSetting::Upload.stubs(:enable_s3_uploads).returns(true)
Discourse.stubs(:store).returns(stub(external?: false))
SiteSetting.stubs(:secure_media?).returns(true)
enable_s3_uploads([upload])
SiteSetting.secure_media = true
end
it "changes the upload to secure" do
@@ -35,4 +35,20 @@ describe Jobs::UpdatePrivateUploadsAcl do
end
end
end
def enable_s3_uploads(uploads)
SiteSetting.enable_s3_uploads = true
SiteSetting.s3_upload_bucket = "s3-upload-bucket"
SiteSetting.s3_access_key_id = "some key"
SiteSetting.s3_secret_access_key = "some secrets3_region key"
stub_request(:head, "https://#{SiteSetting.s3_upload_bucket}.s3.amazonaws.com/")
uploads.each do |upload|
stub_request(
:put,
"https://#{SiteSetting.s3_upload_bucket}.s3.amazonaws.com/original/1X/#{upload.sha1}.#{upload.extension}?acl"
)
end
end
end