mirror of
https://github.com/discourse/discourse.git
synced 2024-11-28 19:53:53 -06:00
c532f6eb3d
This adds a new secure_uploads_pm_only site setting. When secure_uploads is true with this setting, only uploads created in PMs will be marked secure; no uploads in secure categories will be marked as secure, and the login_required site setting has no bearing on upload security either. This is meant to be a stopgap solution to prevent secure uploads in a single place (private messages) for sensitive admin data exports. Ideally we would want a more comprehensive way of saying that certain upload types get secured which is a hybrid/mixed mode secure uploads, but for now this will do the trick.
56 lines
1.7 KiB
Ruby
56 lines
1.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
describe "Uploading files in the composer to S3", type: :system do
|
|
fab!(:current_user) { Fabricate(:admin) }
|
|
|
|
let(:modal) { PageObjects::Modals::Base.new }
|
|
let(:composer) { PageObjects::Components::Composer.new }
|
|
let(:topic) { PageObjects::Pages::Topic.new }
|
|
|
|
describe "direct S3 uploads" do
|
|
describe "single part uploads" do
|
|
it "uploads custom avatars to S3" do
|
|
skip_unless_s3_system_specs_enabled!
|
|
|
|
setup_s3_system_test
|
|
sign_in(current_user)
|
|
|
|
visit "/my/preferences/account"
|
|
|
|
find("#edit-avatar").click
|
|
find("#uploaded-avatar").click
|
|
attach_file(File.absolute_path(file_from_fixtures("logo.jpg"))) do
|
|
find("#avatar-uploader").click
|
|
end
|
|
expect(page).to have_css(".avatar-uploader label[data-uploaded]")
|
|
modal.click_primary_button
|
|
expect(modal).to be_closed
|
|
expect(page).to have_css(
|
|
"#user-avatar-uploads[data-custom-avatar-upload-id]",
|
|
visible: false,
|
|
)
|
|
expect(current_user.reload.uploaded_avatar_id).to eq(
|
|
find("#user-avatar-uploads", visible: false)["data-custom-avatar-upload-id"].to_i,
|
|
)
|
|
end
|
|
end
|
|
|
|
describe "multipart uploads" do
|
|
it "uploads a file in the post composer" do
|
|
skip_unless_s3_system_specs_enabled!
|
|
|
|
setup_s3_system_test
|
|
sign_in(current_user)
|
|
|
|
topic.open_new_topic
|
|
|
|
file_path = file_from_fixtures("logo.png", "images").path
|
|
attach_file(file_path) { composer.click_toolbar_button("upload") }
|
|
|
|
expect(page).to have_no_css("#file-uploading")
|
|
expect(composer.preview).to have_css(".image-wrapper")
|
|
end
|
|
end
|
|
end
|
|
end
|