Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""

This reverts commit 20780a1eee. * SECURITY: re-adds accidentally reverted commit: 03d26cd6: ensure embed_url contains valid http(s) uri * when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on instead of the 03d26cd6 parent (which contains security fixes)
2025-02-25 18:55:32 -06:00 · 2020-05-23 00:56:13 -04:00
parent 20780a1eee
commit d9a02d1336
236 changed files with 1031 additions and 715 deletions
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@@ -237,7 +237,7 @@ describe Auth::DefaultCurrentUserProvider do
    end

    after do
-      Discourse.redis.flushall
+      Discourse.redis.flushdb
    end

    it "should not update last seen for suspended users" do
--- a/spec/components/discourse_redis_spec.rb
+++ b/spec/components/discourse_redis_spec.rb
@@ -21,11 +21,11 @@ describe DiscourseRedis do
    let(:raw_redis) { Redis.new(DiscourseRedis.config) }

    before do
-      raw_redis.flushall
+      raw_redis.flushdb
    end

    after do
-      raw_redis.flushall
+      raw_redis.flushdb
    end

    describe 'when namespace is enabled' do
--- a/spec/components/email/processor_spec.rb
+++ b/spec/components/email/processor_spec.rb
@@ -5,7 +5,7 @@ require "email/processor"

 describe Email::Processor do
  after do
-    Discourse.redis.flushall
+    Discourse.redis.flushdb
  end

  let(:from) { "foo@bar.com" }
--- a/spec/components/file_store/s3_store_spec.rb
+++ b/spec/components/file_store/s3_store_spec.rb
@@ -251,7 +251,7 @@ describe FileStore::S3Store do

      before do
        optimized_image.update!(
-          url: "//s3-upload-bucket.s3.dualstack.us-west-1.amazonaws.com#{image_path}"
+          url: "//s3-upload-bucket.s3.dualstack.us-west-1.amazonaws.com/#{image_path}"
        )
      end

@@ -272,6 +272,12 @@ describe FileStore::S3Store do
          SiteSetting.s3_upload_bucket = "s3-upload-bucket/discourse-uploads"
        end

+        before do
+          optimized_image.update!(
+            url: "//s3-upload-bucket.s3.dualstack.us-west-1.amazonaws.com/discourse-uploads/#{image_path}"
+          )
+        end
+
        it "removes the file from s3 with the right paths" do
          s3_helper.expects(:s3_bucket).returns(s3_bucket).at_least_once
          s3_object = stub
@@ -298,6 +304,15 @@ describe FileStore::S3Store do

  describe ".has_been_uploaded?" do

+    it "doesn't crash for invalid URLs" do
+      expect(store.has_been_uploaded?("https://site.discourse.com/#bad#6")).to eq(false)
+    end
+
+    it "doesn't crash if URL contains non-ascii characters" do
+      expect(store.has_been_uploaded?("//s3-upload-bucket.s3.dualstack.us-east-1.amazonaws.com/漢1337.png")).to eq(true)
+      expect(store.has_been_uploaded?("//s3-upload-bucket.s3.amazonaws.com/漢1337.png")).to eq(false)
+    end
+
    it "identifies S3 uploads" do
      expect(store.has_been_uploaded?("//s3-upload-bucket.s3.dualstack.us-east-1.amazonaws.com/1337.png")).to eq(true)
    end
--- a/spec/components/guardian/user_guardian_spec.rb
+++ b/spec/components/guardian/user_guardian_spec.rb
@@ -25,13 +25,13 @@ describe UserGuardian do
  end

  let :already_uploaded do
-    u = Upload.new(user_id: 999, id: 2)
+    u = Upload.new(user_id: 9999, id: 2)
    user_avatar.custom_upload_id = u.id
    u
  end

  let :not_my_upload do
-    Upload.new(user_id: 999, id: 3)
+    Upload.new(user_id: 9999, id: 3)
  end

  let(:moderator_upload) do
--- a/spec/components/pretty_text_spec.rb
+++ b/spec/components/pretty_text_spec.rb
@@ -508,7 +508,7 @@ describe PrettyText do
        ['apple', 'banana'].each { |w| Fabricate(:watched_word, word: w, action: WatchedWord.actions[:censor]) }
        expect(PrettyText.cook("# banana")).not_to include('banana')
      ensure
-        Discourse.redis.flushall
+        Discourse.redis.flushdb
      end
    end
  end
@@ -1166,7 +1166,7 @@ HTML
  end

  describe "censoring" do
-    after(:all) { Discourse.redis.flushall }
+    after(:all) { Discourse.redis.flushdb }

    def expect_cooked_match(raw, expected_cooked)
      expect(PrettyText.cook(raw)).to eq(expected_cooked)
--- a/spec/components/search_spec.rb
+++ b/spec/components/search_spec.rb
@@ -444,7 +444,7 @@ describe Search do
      end

      let(:expected_blurb) do
-        "...to satisfy any test conditions that require content longer than the typical test post raw content. elephant"
+        "...quire content longer than the typical test post raw content. It really is some long content, folks. elephant"
      end

      it 'returns the post' do
--- a/spec/fabricators/post_fabricator.rb
+++ b/spec/fabricators/post_fabricator.rb
@@ -10,7 +10,7 @@ end
 Fabricator(:post_with_long_raw_content, from: :post) do
  raw 'This is a sample post with semi-long raw content. The raw content is also more than
      two hundred characters to satisfy any test conditions that require content longer
-      than the typical test post raw content.'
+      than the typical test post raw content. It really is some long content, folks.'
 end

 Fabricator(:post_with_youtube, from: :post) do
--- a/spec/fabricators/web_hook_fabricator.rb
+++ b/spec/fabricators/web_hook_fabricator.rb
@@ -71,22 +71,6 @@ Fabricator(:tag_web_hook, from: :web_hook) do
  end
 end

-Fabricator(:flag_web_hook, from: :web_hook) do
-  transient flag_hook: WebHookEventType.find_by(name: 'flag')
-
-  after_build do |web_hook, transients|
-    web_hook.web_hook_event_types = [transients[:flag_hook]]
-  end
-end
-
-Fabricator(:queued_post_web_hook, from: :web_hook) do
-  transient queued_post_hook: WebHookEventType.find_by(name: 'queued_post')
-
-  after_build do |web_hook, transients|
-    web_hook.web_hook_event_types = [transients[:queued_post_hook]]
-  end
-end
-
 Fabricator(:reviewable_web_hook, from: :web_hook) do
  transient reviewable_hook: WebHookEventType.find_by(name: 'reviewable')

--- a/spec/integration/email_style_spec.rb
+++ b/spec/integration/email_style_spec.rb
@@ -3,128 +3,139 @@
 require "rails_helper"

 describe EmailStyle do
-  before do
-    SiteSetting.email_custom_template = "<body><h1>FOR YOU</h1><div>%{email_content}</div></body>"
-    SiteSetting.email_custom_css = 'h1 { color: red; } div.body { color: #FAB; }'
-    SiteSetting.email_custom_css_compiled = SiteSetting.email_custom_css
-  end

-  after do
-    SiteSetting.remove_override!(:email_custom_template)
-    SiteSetting.remove_override!(:email_custom_css)
-  end
-
-  context 'invite' do
-    fab!(:invite) { Fabricate(:invite) }
-    let(:invite_mail) { InviteMailer.send_invite(invite) }
-
-    subject(:mail_html) { Email::Renderer.new(invite_mail).html }
-
-    it 'applies customizations' do
-      expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
-      expect(mail_html).to match("#{Discourse.base_url}/invites/#{invite.invite_key}")
-    end
-
-    it 'applies customizations if compiled is missing' do
-      SiteSetting.remove_override!(:email_custom_css_compiled)
-      expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
-      expect(mail_html).to match("#{Discourse.base_url}/invites/#{invite.invite_key}")
-    end
-
-    it 'can apply RTL attrs' do
-      SiteSetting.default_locale = 'he'
-      body_attrs = mail_html.match(/<body ([^>])+/)
-      expect(body_attrs[0]&.downcase).to match(/text-align:\s*right/)
-      expect(body_attrs[0]&.downcase).to include('dir="rtl"')
+  context "ERB evaluation" do
+    it "does not evaluate ERB outside of the email itself" do
+      SiteSetting.email_custom_template = "<div>%{email_content}</div><%= (111 * 333) %>"
+      html = Email::Renderer.new(UserNotifications.signup(Fabricate(:user))).html
+      expect(html).not_to match("36963")
    end
  end

-  context 'user_replied' do
-    let(:response_by_user) { Fabricate(:user, name: "John Doe") }
-    let(:category) { Fabricate(:category, name: 'India') }
-    let(:topic) { Fabricate(:topic, category: category, title: "Super cool topic") }
-    let(:post) { Fabricate(:post, topic: topic, raw: 'This is My super duper cool topic') }
-    let(:response) { Fabricate(:basic_reply, topic: post.topic, user: response_by_user) }
-    let(:user) { Fabricate(:user) }
-    let(:notification) { Fabricate(:replied_notification, user: user, post: response) }
-
-    let(:mail) do
-      UserNotifications.user_replied(
-        user,
-        post: response,
-        notification_type: notification.notification_type,
-        notification_data_hash: notification.data_hash
-      )
+  context "with a custom template" do
+    before do
+      SiteSetting.email_custom_template = "<body><h1>FOR YOU</h1><div>%{email_content}</div></body>"
+      SiteSetting.email_custom_css = 'h1 { color: red; } div.body { color: #FAB; }'
+      SiteSetting.email_custom_css_compiled = SiteSetting.email_custom_css
    end

-    subject(:mail_html) { Email::Renderer.new(mail).html }
-
-    it "customizations are applied to html part of emails" do
-      expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
-      matches = mail_html.match(/<div style="([^"]+)">#{post.raw}/)
-      expect(matches[1]).to include('color: #FAB;') # custom
-      expect(matches[1]).to include('padding-top:5px;') # div.body
+    after do
+      SiteSetting.remove_override!(:email_custom_template)
+      SiteSetting.remove_override!(:email_custom_css)
    end

-    # TODO: translation override
-  end
+    context 'invite' do
+      fab!(:invite) { Fabricate(:invite) }
+      let(:invite_mail) { InviteMailer.send_invite(invite) }

-  context 'signup' do
-    let(:signup_mail) { UserNotifications.signup(Fabricate(:user)) }
-    subject(:mail_html) { Email::Renderer.new(signup_mail).html }
+      subject(:mail_html) { Email::Renderer.new(invite_mail).html }

-    it "customizations are applied to html part of emails" do
-      expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
-      expect(mail_html).to include('activate-account')
+      it 'applies customizations' do
+        expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
+        expect(mail_html).to match("#{Discourse.base_url}/invites/#{invite.invite_key}")
+      end
+
+      it 'applies customizations if compiled is missing' do
+        SiteSetting.remove_override!(:email_custom_css_compiled)
+        expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
+        expect(mail_html).to match("#{Discourse.base_url}/invites/#{invite.invite_key}")
+      end
+
+      it 'can apply RTL attrs' do
+        SiteSetting.default_locale = 'he'
+        body_attrs = mail_html.match(/<body ([^>])+/)
+        expect(body_attrs[0]&.downcase).to match(/text-align:\s*right/)
+        expect(body_attrs[0]&.downcase).to include('dir="rtl"')
+      end
    end

-    context 'translation override' do
-      before do
-        TranslationOverride.upsert!(
-          'en',
-          'user_notifications.signup.text_body_template',
-          "CLICK THAT LINK: %{base_url}/u/activate-account/%{email_token}"
+    context 'user_replied' do
+      let(:response_by_user) { Fabricate(:user, name: "John Doe") }
+      let(:category) { Fabricate(:category, name: 'India') }
+      let(:topic) { Fabricate(:topic, category: category, title: "Super cool topic") }
+      let(:post) { Fabricate(:post, topic: topic, raw: 'This is My super duper cool topic') }
+      let(:response) { Fabricate(:basic_reply, topic: post.topic, user: response_by_user) }
+      let(:user) { Fabricate(:user) }
+      let(:notification) { Fabricate(:replied_notification, user: user, post: response) }
+
+      let(:mail) do
+        UserNotifications.user_replied(
+          user,
+          post: response,
+          notification_type: notification.notification_type,
+          notification_data_hash: notification.data_hash
        )
      end

-      after do
-        TranslationOverride.revert!('en', ['user_notifications.signup.text_body_template'])
+      subject(:mail_html) { Email::Renderer.new(mail).html }
+
+      it "customizations are applied to html part of emails" do
+        expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
+        matches = mail_html.match(/<div style="([^"]+)">#{post.raw}/)
+        expect(matches[1]).to include('color: #FAB;') # custom
+        expect(matches[1]).to include('padding-top:5px;') # div.body
      end

-      it "applies customizations when translation override exists" do
-        expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
-        expect(mail_html.scan('CLICK THAT LINK').count).to eq(1)
-      end
+      # TODO: translation override
    end

-    context 'with some bad css' do
-      before do
-        SiteSetting.email_custom_css = '@import "nope.css"; h1 {{{ size: really big; '
-        SiteSetting.email_custom_css_compiled = SiteSetting.email_custom_css
-      end
+    context 'signup' do
+      let(:signup_mail) { UserNotifications.signup(Fabricate(:user)) }
+      subject(:mail_html) { Email::Renderer.new(signup_mail).html }

-      it "can render the html" do
-        expect(mail_html.scan(/<h1\s*(?:style=""){0,1}>FOR YOU<\/h1>/).count).to eq(1)
+      it "customizations are applied to html part of emails" do
+        expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
        expect(mail_html).to include('activate-account')
      end
-    end
-  end

-  context 'digest' do
-    fab!(:popular_topic) { Fabricate(:topic, user: Fabricate(:coding_horror), created_at: 1.hour.ago) }
-    let(:summary_email) { UserNotifications.digest(Fabricate(:user)) }
-    subject(:mail_html) { Email::Renderer.new(summary_email).html }
+      context 'translation override' do
+        before do
+          TranslationOverride.upsert!(
+            'en',
+            'user_notifications.signup.text_body_template',
+            "CLICK THAT LINK: %{base_url}/u/activate-account/%{email_token}"
+          )
+        end

-    it "customizations are applied to html part of emails" do
-      expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
-      expect(mail_html).to include(popular_topic.title)
+        after do
+          TranslationOverride.revert!('en', ['user_notifications.signup.text_body_template'])
+        end
+
+        it "applies customizations when translation override exists" do
+          expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
+          expect(mail_html.scan('CLICK THAT LINK').count).to eq(1)
+        end
+      end
+
+      context 'with some bad css' do
+        before do
+          SiteSetting.email_custom_css = '@import "nope.css"; h1 {{{ size: really big; '
+          SiteSetting.email_custom_css_compiled = SiteSetting.email_custom_css
+        end
+
+        it "can render the html" do
+          expect(mail_html.scan(/<h1\s*(?:style=""){0,1}>FOR YOU<\/h1>/).count).to eq(1)
+          expect(mail_html).to include('activate-account')
+        end
+      end
    end

-    it "doesn't apply customizations if apply_custom_styles_to_digest is disabled" do
-      SiteSetting.apply_custom_styles_to_digest = false
-      expect(mail_html).to_not include('<h1 style="color: red;">FOR YOU</h1>')
-      expect(mail_html).to_not include('FOR YOU')
-      expect(mail_html).to include(popular_topic.title)
+    context 'digest' do
+      fab!(:popular_topic) { Fabricate(:topic, user: Fabricate(:coding_horror), created_at: 1.hour.ago) }
+      let(:summary_email) { UserNotifications.digest(Fabricate(:user)) }
+      subject(:mail_html) { Email::Renderer.new(summary_email).html }
+
+      it "customizations are applied to html part of emails" do
+        expect(mail_html.scan('<h1 style="color: red;">FOR YOU</h1>').count).to eq(1)
+        expect(mail_html).to include(popular_topic.title)
+      end
+
+      it "doesn't apply customizations if apply_custom_styles_to_digest is disabled" do
+        SiteSetting.apply_custom_styles_to_digest = false
+        expect(mail_html).to_not include('<h1 style="color: red;">FOR YOU</h1>')
+        expect(mail_html).to_not include('FOR YOU')
+        expect(mail_html).to include(popular_topic.title)
+      end
    end
  end
 end
--- a/spec/integration/topic_thumbnail_spec.rb
+++ b/spec/integration/topic_thumbnail_spec.rb
@@ -10,7 +10,7 @@ describe "Topic Thumbnails" do

  context 'latest' do
    def get_topic
-      Discourse.redis.del(topic.thumbnail_job_redis_key([]))
+      Discourse.redis.del(topic.thumbnail_job_redis_key(Topic.thumbnail_sizes))
      get '/latest.json'
      response.parsed_body["topic_list"]["topics"][0]
    end
@@ -84,5 +84,38 @@ describe "Topic Thumbnails" do
        expect(thumbnails.length).to eq(5)
      end
    end
+
+    context "with a plugin" do
+      before do
+        plugin = Plugin::Instance.new
+        plugin.register_topic_thumbnail_size [512, 512]
+      end
+
+      after do
+        DiscoursePluginRegistry.reset!
+      end
+
+      it "includes the theme specified resolutions" do
+        topic_json = nil
+
+        expect do
+          topic_json = get_topic
+        end.to change { Jobs::GenerateTopicThumbnails.jobs.size }.by(1)
+
+        # Run the job
+        args = Jobs::GenerateTopicThumbnails.jobs.last["args"].first
+        Jobs::GenerateTopicThumbnails.new.execute(args.with_indifferent_access)
+
+        # Request again
+        expect do
+          topic_json = get_topic
+        end.to change { Jobs::GenerateTopicThumbnails.jobs.size }.by(0)
+
+        thumbnails = topic_json["thumbnails"]
+
+        # Original + Optimized + 1 plugin request
+        expect(thumbnails.length).to eq(3)
+      end
+    end
  end
 end
--- a/spec/jobs/bookmark_reminder_notifications_spec.rb
+++ b/spec/jobs/bookmark_reminder_notifications_spec.rb
@@ -22,7 +22,7 @@ RSpec.describe Jobs::BookmarkReminderNotifications do
    bookmark1.update_column(:reminder_at, five_minutes_ago - 10.minutes)
    bookmark2.update_column(:reminder_at, five_minutes_ago - 5.minutes)
    bookmark3.update_column(:reminder_at, five_minutes_ago)
-    Discourse.redis.flushall
+    Discourse.redis.flushdb
  end

  it "sends every reminder and marks the reminder_at to nil for all bookmarks, as well as last sent date" do
--- a/spec/lib/bookmark_reminder_notification_handler_spec.rb
+++ b/spec/lib/bookmark_reminder_notification_handler_spec.rb
@@ -8,7 +8,7 @@ RSpec.describe BookmarkReminderNotificationHandler do
  fab!(:user) { Fabricate(:user) }

  before do
-    Discourse.redis.flushall
+    Discourse.redis.flushdb
  end

  describe "#send_notification" do
--- a/spec/models/post_spec.rb
+++ b/spec/models/post_spec.rb
@@ -1158,6 +1158,25 @@ describe Post do
    expect(post.custom_fields).to eq("Tommy" => "Hanks", "Vincent" => "Vega")
  end

+  describe "#excerpt_for_topic" do
+    it "returns a topic excerpt, defaulting to 220 chars" do
+      expected_excerpt = "This is a sample post with semi-long raw content. The raw content is also more than \ntwo hundred characters to satisfy any test conditions that require content longer \nthan the typical test post raw content. It really is&hellip;"
+      post = Fabricate(:post_with_long_raw_content)
+      post.rebake!
+      excerpt = post.excerpt_for_topic
+      expect(excerpt).to eq(expected_excerpt)
+    end
+
+    it "respects the site setting for topic excerpt" do
+      SiteSetting.topic_excerpt_maxlength = 10
+      expected_excerpt = "This is a &hellip;"
+      post = Fabricate(:post_with_long_raw_content)
+      post.rebake!
+      excerpt = post.excerpt_for_topic
+      expect(excerpt).to eq(expected_excerpt)
+    end
+  end
+
  describe "#rebake!" do
    it "will rebake a post correctly" do
      post = create_post
@@ -1176,6 +1195,25 @@ describe Post do
      expect(post.cooked).to eq(first_cooked)
      expect(result).to eq(true)
    end
+
+    it "updates the topic excerpt at the same time if it is the OP" do
+      post = create_post
+      post.topic.update(excerpt: "test")
+      DB.exec("UPDATE posts SET cooked = 'frogs' WHERE id = ?", [ post.id ])
+      post.reload
+      result = post.rebake!
+      post.topic.reload
+      expect(post.topic.excerpt).not_to eq("test")
+    end
+
+    it "does not update the topic excerpt if the post is not the OP" do
+      post = create_post
+      post2 = create_post
+      post.topic.update(excerpt: "test")
+      result = post2.rebake!
+      post.topic.reload
+      expect(post.topic.excerpt).to eq("test")
+    end
  end

  describe "#set_owner" do
--- a/spec/models/topic_embed_spec.rb
+++ b/spec/models/topic_embed_spec.rb
@@ -308,6 +308,14 @@ describe TopicEmbed do
      end
    end

+    context "non-http URL" do
+      let(:url) { '/test.txt' }
+
+      it "throws an error" do
+        expect { TopicEmbed.find_remote(url) }.to raise_error(URI::InvalidURIError)
+      end
+    end
+
    context "emails" do
      let(:url) { 'http://example.com/foo' }
      let(:contents) { '<p><a href="mailto:foo%40example.com">URL encoded @ symbol</a></p><p><a href="mailto:bar@example.com">normal mailto link</a></p>' }
--- a/spec/models/topic_spec.rb
+++ b/spec/models/topic_spec.rb
@@ -33,7 +33,7 @@ describe Topic do

      describe 'censored words' do
        after do
-          Discourse.redis.flushall
+          Discourse.redis.flushdb
        end

        describe 'when title contains censored words' do
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1578,20 +1578,15 @@ describe User do

    describe '#number_of_rejected_posts' do
      it 'counts rejected posts' do
-        post = Fabricate(:post, user: user)
-
-        Fabricate(:reviewable_queued_post, target: post, status: Reviewable.statuses[:rejected])
+        Fabricate(:reviewable_queued_post, created_by: user, status: Reviewable.statuses[:rejected])

        expect(user.number_of_rejected_posts).to eq(1)
      end

      it 'ignore non-rejected posts' do
-        post = Fabricate(:post, user: user)
-
-        Fabricate(:reviewable_queued_post, target: post, status: Reviewable.statuses[:approved])
+        Fabricate(:reviewable_queued_post, created_by: user, status: Reviewable.statuses[:approved])

        expect(user.number_of_rejected_posts).to eq(0)
-
      end
    end
  end
--- a/spec/multisite/s3_store_spec.rb
+++ b/spec/multisite/s3_store_spec.rb
@@ -217,4 +217,47 @@ RSpec.describe 'Multisite s3 uploads', type: :multisite do
      end
    end
  end
+
+  describe "#has_been_uploaded?" do
+    before do
+      SiteSetting.s3_region = 'us-west-1'
+      SiteSetting.s3_upload_bucket = "s3-upload-bucket/test"
+      SiteSetting.s3_access_key_id = "s3-access-key-id"
+      SiteSetting.s3_secret_access_key = "s3-secret-access-key"
+      SiteSetting.enable_s3_uploads = true
+    end
+
+    let(:store) { FileStore::S3Store.new }
+    let(:client) { Aws::S3::Client.new(stub_responses: true) }
+    let(:resource) { Aws::S3::Resource.new(client: client) }
+    let(:s3_bucket) { resource.bucket(SiteSetting.s3_upload_bucket) }
+    let(:s3_helper) { store.s3_helper }
+
+    it "returns false for blank urls" do
+      url = ""
+      expect(store.has_been_uploaded?(url)).to eq(false)
+    end
+
+    it "returns true if the base hostname is the same for both urls" do
+      url = "https://s3-upload-bucket.s3.dualstack.us-west-1.amazonaws.com/test/original/2X/d/dd7964f5fd13e1103c5244ca30abe1936c0a4b88.png"
+      expect(store.has_been_uploaded?(url)).to eq(true)
+    end
+
+    it "returns false if the base hostname is the same for both urls BUT the bucket name is different in the path" do
+      bucket = "someotherbucket"
+      url = "https://s3-upload-bucket.s3.dualstack.us-west-1.amazonaws.com/#{bucket}/original/2X/d/dd7964f5fd13e1103c5244ca30abe1936c0a4b88.png"
+      expect(store.has_been_uploaded?(url)).to eq(false)
+    end
+
+    it "returns false if the hostnames do not match and the s3_cdn_url is blank" do
+      url = "https://www.someotherhostname.com/test/original/2X/d/dd7964f5fd13e1103c5244ca30abe1936c0a4b88.png"
+      expect(store.has_been_uploaded?(url)).to eq(false)
+    end
+
+    it "returns true if the s3_cdn_url is present and matches the url hostname" do
+      SiteSetting.s3_cdn_url = "https://www.someotherhostname.com"
+      url = "https://www.someotherhostname.com/test/original/2X/d/dd7964f5fd13e1103c5244ca30abe1936c0a4b88.png"
+      expect(store.has_been_uploaded?(url)).to eq(true)
+    end
+  end
 end
--- a/spec/rails_helper.rb
+++ b/spec/rails_helper.rb
@@ -128,6 +128,12 @@ module TestSetup
    # code that runs inside jobs. run_later! means they are put on the redis
    # queue and never processed.
    Jobs.run_later!
+
+    # Don't track ApplicationRequests in test mode unless opted in
+    ApplicationRequest.disable
+
+    # Don't queue badge grant in test mode
+    BadgeGranter.disable_queue
  end
 end

--- a/spec/requests/about_controller_spec.rb
+++ b/spec/requests/about_controller_spec.rb
@@ -36,5 +36,21 @@ describe AboutController do
        expect(response.body).to include("<title>About - Discourse</title>")
      end
    end
+
+    it "serializes stats when 'Guardian#can_see_about_stats?' is true" do
+      Guardian.any_instance.stubs(:can_see_about_stats?).returns(true)
+      get "/about.json"
+
+      expect(response.status).to eq(200)
+      expect(response.parsed_body["about"].keys).to include("stats")
+    end
+
+    it "does not serialize stats when 'Guardian#can_see_about_stats?' is false" do
+      Guardian.any_instance.stubs(:can_see_about_stats?).returns(false)
+      get "/about.json"
+
+      expect(response.status).to eq(200)
+      expect(response.parsed_body["about"].keys).not_to include("stats")
+    end
  end
 end
--- a/spec/requests/admin/backups_controller_spec.rb
+++ b/spec/requests/admin/backups_controller_spec.rb
@@ -35,7 +35,7 @@ RSpec.describe Admin::BackupsController do
  end

  after do
-    Discourse.redis.flushall
+    Discourse.redis.flushdb

    @paths&.each { |path| File.delete(path) if File.exists?(path) }
    @paths = nil
--- a/spec/requests/admin/users_controller_spec.rb
+++ b/spec/requests/admin/users_controller_spec.rb
@@ -293,7 +293,7 @@ RSpec.describe Admin::UsersController do
    fab!(:another_user) { Fabricate(:coding_horror) }

    after do
-      Discourse.redis.flushall
+      Discourse.redis.flushdb
    end

    it "raises an error when the user doesn't have permission" do
--- a/spec/requests/list_controller_spec.rb
+++ b/spec/requests/list_controller_spec.rb
@@ -128,7 +128,7 @@ RSpec.describe ListController do
    let(:moderator) { Fabricate(:moderator) }
    let(:admin) { Fabricate(:admin) }
    let(:tag) { Fabricate(:tag) }
-    let(:private_message) { Fabricate(:private_message_topic) }
+    let(:private_message) { Fabricate(:private_message_topic, user: admin) }

    before do
      SiteSetting.tagging_enabled = true
@@ -149,6 +149,17 @@ RSpec.describe ListController do
        expect(response.status).to eq(200)
      end
    end
+
+    it 'should work for tag with unicode name' do
+      unicode_tag = Fabricate(:tag, name: 'hello-🇺🇸')
+      Fabricate(:topic_tag, tag: unicode_tag, topic: private_message)
+
+      sign_in(admin)
+      get "/topics/private-messages-tags/#{admin.username}/#{UrlHelper.encode_component(unicode_tag.name)}.json"
+      expect(response.status).to eq(200)
+      expect(response.parsed_body["topic_list"]["topics"].first["id"])
+        .to eq(private_message.id)
+    end
  end

  describe '#private_messages_group' do
--- a/spec/requests/posts_controller_spec.rb
+++ b/spec/requests/posts_controller_spec.rb
@@ -675,6 +675,17 @@ describe PostsController do
          I18n.t("invalid_params", message: "category")
        )
      end
+
+      it 'will raise an error if specified embed_url is invalid' do
+        user = Fabricate(:admin)
+        master_key = Fabricate(:api_key).key
+
+        post "/posts.json",
+          params: { title: 'this is a test title', raw: 'this is test body', embed_url: '/test.txt' },
+          headers: { HTTP_API_USERNAME: user.username, HTTP_API_KEY: master_key }
+
+        expect(response.status).to eq(422)
+      end
    end

    describe "when logged in" do
--- a/spec/requests/search_controller_spec.rb
+++ b/spec/requests/search_controller_spec.rb
@@ -26,11 +26,11 @@ describe SearchController do
    before do
      # TODO be a bit more strategic here instead of junking
      # all of redis
-      Discourse.redis.flushall
+      Discourse.redis.flushdb
    end

    after do
-      Discourse.redis.flushall
+      Discourse.redis.flushdb
    end

    context "when overloaded" do
--- a/spec/requests/topics_controller_spec.rb
+++ b/spec/requests/topics_controller_spec.rb
@@ -2127,7 +2127,7 @@ RSpec.describe TopicsController do
    let(:topic) { post.topic }

    after do
-      Discourse.redis.flushall
+      Discourse.redis.flushdb
    end

    it 'returns first post of the topic' do
--- a/spec/requests/webhooks_controller_spec.rb
+++ b/spec/requests/webhooks_controller_spec.rb
@@ -3,7 +3,7 @@
 require "rails_helper"

 describe WebhooksController do
-  before { Discourse.redis.flushall }
+  before { Discourse.redis.flushdb }

  let(:email) { "em@il.com" }
  let(:message_id) { "12345@il.com" }
--- a/spec/serializers/topic_view_serializer_spec.rb
+++ b/spec/serializers/topic_view_serializer_spec.rb
@@ -60,7 +60,7 @@ describe TopicViewSerializer do
      it 'should have thumbnails' do
        SiteSetting.create_thumbnails = true

-        Discourse.redis.del(topic.thumbnail_job_redis_key([]))
+        Discourse.redis.del(topic.thumbnail_job_redis_key(Topic.thumbnail_sizes))
        json = nil

        expect do
--- a/spec/services/word_watcher_spec.rb
+++ b/spec/services/word_watcher_spec.rb
@@ -7,7 +7,7 @@ describe WordWatcher do
  let(:raw) { "Do you like liquorice?\n\nI really like them. One could even say that I am *addicted* to liquorice. Anf if\nyou can mix it up with some anise, then I'm in heaven ;)" }

  after do
-    Discourse.redis.flushall
+    Discourse.redis.flushdb
  end

  describe '.word_matcher_regexp' do