osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

FIX: Use full URL for secure attachments when secure media enabled (#9037)

Browse Source 
When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
This commit is contained in:
Martin Brennan
2020-03-04 10:11:08 +11:00
committed by GitHub
parent f971ecd231
commit 3e54e0191e
10 changed files with 223 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/javascripts/acceptance/composer-attachment-test.js.es6
+45 -15
View File
@@ -1,21 +1,18 @@
import { acceptance } from "helpers/qunit-helpers";
acceptance("Composer Attachment", {
loggedIn: true,
pretend(server, helper) {
server.post("/uploads/lookup-urls", () => {
return helper.response([
{
short_url: "upload://asdsad.png",
url: "/uploads/default/3X/1/asjdiasjdiasida.png",
short_path: "/uploads/short-url/asdsad.png"
}
]);
});
}
});
function setupPretender(server, helper) {
server.post("/uploads/lookup-urls", () => {
return helper.response([
{
short_url: "upload://asdsad.png",
url: "/secure-media-uploads/default/3X/1/asjdiasjdiasida.png",
short_path: "/uploads/short-url/asdsad.png"
}
]);
});
}
QUnit.test("attachments are cooked properly", async assert => {
async function writeInComposer(assert) {
await visit("/t/internationalization-localization/280");
await click("#topic-footer-buttons .btn.create");
@@ -29,7 +26,17 @@ QUnit.test("attachments are cooked properly", async assert => {
);
await fillIn(".d-editor-input", "[test|attachment](upload://asdsad.png)");
}
acceptance("Composer Attachment", {
loggedIn: true,
pretend(server, helper) {
setupPretender(server, helper);
}
});
QUnit.test("attachments are cooked properly", async assert => {
await writeInComposer(assert);
assert.equal(
find(".d-editor-preview:visible")
.html()
@@ -37,3 +44,26 @@ QUnit.test("attachments are cooked properly", async assert => {
'<p><a class="attachment" href="/uploads/short-url/asdsad.png">test</a></p>'
);
});
acceptance("Composer Attachment - Secure Media Enabled", {
loggedIn: true,
settings: {
secure_media: true
},
pretend(server, helper) {
setupPretender(server, helper);
}
});
QUnit.test(
"attachments are cooked properly when secure media is enabled",
async assert => {
await writeInComposer(assert);
assert.equal(
find(".d-editor-preview:visible")
.html()
.trim(),
'<p><a class="attachment" href="/secure-media-uploads/default/3X/1/asjdiasjdiasida.png">test</a></p>'
);
}
);