discourse/spec/models
Martin Brennan 5dc45b5dcf
FIX: Secure upload post processing race condition (#23968)
* FIX: Secure upload post processing race condition

This commit fixes a couple of issues.

A little background -- when uploads are created in the composer
for posts, regardless of whether the upload will eventually be
marked secure or not, if secure_uploads is enabled we always mark
the upload secure at first. This is so the upload is by default
protected, regardless of post type (regular or PM) or category.

This was causing issues in some rare occasions though because
of the order of operations of our post creation and processing
pipeline. When creating a post, we enqueue a sidekiq job to
post-process the post which does various things including
converting images to lightboxes. We were also enqueuing a job
to update the secure status for all uploads in that post.

Sometimes the secure status job would run before the post process
job, marking uploads as _not secure_ in the background and changing
their ACL before the post processor ran, which meant the users
would see a broken image in their posts. This commit fixes that issue
by always running the upload security changes inline _within_ the
cooked_post_processor job.

The other issue was that the lightbox wrapper link for images in
the post would end up with a URL like this:

```
href="/secure-uploads/original/2X/4/4e1f00a40b6c952198bbdacae383ba77932fc542.jpeg"
```

Since we weren't actually using the `upload.url` to pass to
`UrlHelper.cook_url` here, we weren't converting this href to the CDN
URL if the post was not in a secure context (the UrlHelper does not
know how to convert a secure-uploads URL to a CDN one). Now we
always end up with the correct lightbox href. This was less of an issue
than the other one, since the secure-uploads URL works even when the
upload has become non-secure, but it was a good inconsistency to fix
anyway.
2023-10-18 23:48:01 +00:00
..
about_spec.rb DEV: Move about_stat_groups to DiscoursePluginRegistry (#20496) 2023-03-02 08:10:16 +10:00
admin_dashboard_data_spec.rb DEV: Add category style deprecation check warning (#23951) 2023-10-17 10:40:31 -06:00
api_key_scope_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
api_key_spec.rb FEATURE: site settings to revoke api keys older than a number of days (#23595) 2023-09-15 16:31:29 -03:00
application_request_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
associated_group_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
badge_grouping_spec.rb DEV: Set limits for text fields on BadgeGrouping 2023-05-15 09:54:54 +02:00
badge_spec.rb FEATURE: reduce avatar sizes to 6 from 20 (#21319) 2023-06-01 10:00:01 +10:00
badge_type_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
bookmark_spec.rb DEV: Change Bookmarkable registration to DiscoursePluginRegistry (#20556) 2023-03-08 10:39:12 +10:00
category_featured_topic_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
category_group_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
category_list_spec.rb FIX: error when CategoryList tried to find relevant topics (#22339) 2023-06-29 11:25:58 +10:00
category_setting_spec.rb FEATURE: Configurable auto-bump cooldown (#20507) 2023-03-10 13:45:01 +08:00
category_spec.rb DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
category_tag_stat_spec.rb FIX: Update category tag stats with new or deleted (#21531) 2023-05-18 12:46:44 +03:00
category_user_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
child_theme_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
color_scheme_color_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
color_scheme_spec.rb FIX: Ensure ColorScheme#resolve falls back to base for missing color (#20186) 2023-02-06 18:24:12 +00:00
developer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
digest_email_site_setting_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
directory_item_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_connect_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
do_not_disturb_timing_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
draft_sequence_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
draft_spec.rb SECURITY: Limit number of drafts per user and length of draft_key 2023-09-12 15:31:26 -03:00
email_change_request_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
email_log_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
email_token_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
embeddable_host_spec.rb SECURITY: Remove bypass for base_url (#19995) 2023-01-25 13:50:45 +02:00
emoji_spec.rb FEATURE: Add an emoji deny list site setting (#20929) 2023-04-13 15:38:54 +08:00
form_template_spec.rb FEATURE: support to initial values for form templates through /new-topic (#23313) 2023-08-29 18:41:33 -03:00
given_daily_like_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
global_setting_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
group_archived_message_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
group_associated_group_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
group_history_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
group_request_spec.rb DEV: Bump the limits on group request text fields 2023-05-24 09:57:46 +02:00
group_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
group_user_spec.rb FIX: recalculating trust levels was not working (#20492) 2023-03-01 15:35:21 +11:00
incoming_link_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
incoming_links_report_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
invite_redeemer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
invite_spec.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
javascript_cache_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
locale_site_setting_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
mailing_list_mode_site_setting_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
notification_spec.rb DEV: Remove unread_private_messages and deprecation (#22893) 2023-08-01 14:44:39 +10:00
optimized_image_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
permalink_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
plugin_store_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_action_spec.rb FEATURE: add group filter for admin reports (#23381) 2023-09-05 11:17:18 +05:30
post_action_type_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_analyzer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_detail_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
post_mover_spec.rb FIX: keep first post edit history when moving/merging (#22966) 2023-08-03 22:04:35 -03:00
post_reply_key_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_reply_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_revision_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_spec.rb FIX: Secure upload post processing race condition (#23968) 2023-10-18 23:48:01 +00:00
post_timing_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
private_message_topic_tracking_state_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
published_page_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
quoted_post_spec.rb DEV: Fix a flaky quote post spec (#22891) 2023-08-01 00:48:40 +02:00
remote_theme_spec.rb SECURITY: Add limits for themes and theme assets 2023-09-12 15:31:31 -03:00
report_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
reviewable_claimed_topic_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
reviewable_flagged_post_spec.rb UX/DEV: Review queue redesign fixes (#20239) 2023-03-02 16:40:53 +01:00
reviewable_history_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
reviewable_post_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
reviewable_queued_post_spec.rb FEATURE: Add Revise... option for queued post reviewable (#23454) 2023-10-13 11:28:31 +10:00
reviewable_score_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
reviewable_spec.rb DEV: Set limits for text fields in reviewables 2023-05-03 09:54:54 +02:00
reviewable_user_spec.rb FIX: Don't mix up action labels between different reviewables (#23365) 2023-09-06 10:57:30 +08:00
s3_region_site_setting_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
screened_email_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
screened_ip_address_spec.rb DEV: find_each in CSV exports (#22573) 2023-08-17 12:33:52 +10:00
screened_url_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
search_log_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
sidebar_section_link_spec.rb FIX: public sidebar sections belong to system user (#20972) 2023-04-05 10:52:18 +10:00
sidebar_section_spec.rb FIX: rename everything link to topics (#22076) 2023-06-15 11:36:38 +10:00
sidebar_url_spec.rb FIX: increase sidebar URL limit to 1000 (#23120) 2023-08-17 14:46:24 +10:00
site_setting_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
site_spec.rb DEV: Limit preloaded categories (#23958) 2023-10-17 22:04:56 +03:00
sitemap_spec.rb DEV: Fix random typos (#22078) 2023-06-13 22:02:21 +02:00
skipped_email_log_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
stylesheet_cache_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
tag_group_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
tag_spec.rb FIX: synonym tags are not considered as unused (#23950) 2023-10-16 23:53:02 +00:00
tag_user_spec.rb FEATURE: new watched_precedence_over_muted setting (#22252) 2023-06-27 14:49:34 +10:00
theme_field_spec.rb DEV: Bump max theme sprite size to 1MB (#23556) 2023-09-13 15:00:26 +10:00
theme_modifier_set_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
theme_spec.rb Revert "Revert "PERF: Cache each theme field value once (#23192)" (#23354)" (#23356) 2023-08-31 14:12:03 -05:00
theme_svg_sprite_spec.rb DEV: Store theme sprites in the DB (#20501) 2023-03-14 13:11:45 -05:00
top_menu_item_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
top_topic_spec.rb DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
topic_allowed_user_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_converter_spec.rb DEV: Fix random typos (#22078) 2023-06-13 22:02:21 +02:00
topic_embed_spec.rb SECURITY: Use canonical url for topic embeddings (#22085) 2023-06-13 11:08:08 -06:00
topic_featured_users_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_group_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_invite_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_link_click_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_link_spec.rb DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
topic_list_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_participant_groups_summary_spec.rb FEATURE: display PM participant group names in the topics list. (#21677) 2023-05-31 19:32:06 +05:30
topic_participants_summary_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_posters_summary_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_spec.rb SECURITY: Prevent arbitrary topic custom fields from being set 2023-10-16 10:34:35 -04:00
topic_tag_spec.rb SECURITY: Default tags to show count of topics in unrestricted categories (#19916) 2023-01-20 09:50:24 +08:00
topic_thumbnail_spec.rb DEV: Fix random typos (#22078) 2023-06-13 22:02:21 +02:00
topic_timer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_tracking_state_spec.rb FEATURE: Remove support for legacy navigation menu (#23752) 2023-10-09 07:24:10 +08:00
topic_user_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_view_item_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
translation_override_spec.rb FIX: Don't show admin warnings about deleted translation overrides (#22614) 2023-07-14 16:52:39 +08:00
trust_level3_requirements_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
trust_level_and_staff_setting_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
trust_level_setting_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
unsubscribe_key_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
upload_reference_spec.rb DEV: Fix random typos (#22078) 2023-06-13 22:02:21 +02:00
upload_spec.rb FIX: Properly attach secure images to email for non-secure uploads (#23865) 2023-10-17 14:08:21 +10:00
user_action_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_api_key_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_archived_message_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_associated_group_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_auth_token_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_avatar_spec.rb FEATURE: reduce avatar sizes to 6 from 20 (#21319) 2023-06-01 10:00:01 +10:00
user_badge_spec.rb FEATURE: Add support for user badge revocation webhook events (#21204) 2023-04-24 20:36:40 +00:00
user_bookmark_list_spec.rb SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
user_email_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_export_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_field_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
user_history_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_notification_schedule_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_option_spec.rb FEATURE: Add default site settings to control the defaults of navigation menu preferences (#22485) 2023-07-07 04:52:10 +03:00
user_profile_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_profile_view_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_search_spec.rb FIX: only show approved users in search_user results when site setting enabled (#20493) 2023-03-01 12:23:29 +08:00
user_second_factor_spec.rb SECURITY: Limit name field length of TOTP authenticators and security keys 2023-09-12 15:31:17 -03:00
user_security_key_spec.rb SECURITY: Limit name field length of TOTP authenticators and security keys 2023-09-12 15:31:17 -03:00
user_spec.rb Revert "FEATURE: Count only approved flagged posts in user pages (#22799)" (#23962) 2023-10-18 11:38:17 +10:00
user_stat_spec.rb FIX: Keep ReviewableQueuedPosts even with user delete reviewable actions (#22501) 2023-07-18 11:50:31 +00:00
user_status_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_summary_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_visit_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
username_validator_spec.rb DEV: Make sure max_username_length is within MAX_USERNAME_LENGTH_RANGE (#23104) 2023-08-15 12:12:22 -03:00
watched_word_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
web_crawler_request_spec.rb DEV: stop leaking data into tables during test (#21403) 2023-05-06 07:15:33 +10:00
web_hook_event_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
web_hook_spec.rb FEATURE: granular webhooks (#23070) 2023-10-09 03:35:31 +00:00