carrierwave 2.2.2 → 3.1.0

data/lib/carrierwave/storage/fog.rb

@@ -18,6 +18,8 @@ module CarrierWave
     # [:fog_use_ssl_for_aws]              (optional) #public_url will use https for the AWS generated URL]
     # [:fog_aws_accelerate]               (optional) #public_url will use s3-accelerate subdomain
     #   instead of s3, defaults to false
+    # [:fog_aws_fips]                     (optional) #public_url will use s3-fips subdomain
+    #   instead of s3, defaults to false
     #
     #
     # AWS credentials contain the following keys:
@@ -146,7 +148,7 @@ module CarrierWave
           :key    => uploader.fog_directory,
           :public => uploader.fog_public
         ).files.all(:prefix => uploader.cache_dir).each do |file|
-          # generate_cache_id returns key formated TIMEINT-PID(-COUNTER)-RND
+          # generate_cache_id returns key formatted TIMEINT-PID(-COUNTER)-RND
           matched = file.key.match(/(\d+)-\d+-\d+(?:-\d+)?/)
           next unless matched
           time = Time.at(matched[1].to_i)
@@ -162,9 +164,10 @@ module CarrierWave
       end
 
       class File
-        DEFAULT_S3_REGION = 'us-east-1'
+        DEFAULT_S3_REGION = 'us-east-1'.freeze
 
         include CarrierWave::Utilities::Uri
+        include CarrierWave::Utilities::FileName
 
         ##
         # Current local path to file
@@ -197,27 +200,27 @@ module CarrierWave
         # [NilClass] no authenticated url available
         #
         def authenticated_url(options = {})
-          if ['AWS', 'Google', 'Rackspace', 'OpenStack', 'AzureRM', 'Aliyun', 'backblaze'].include?(@uploader.fog_credentials[:provider])
+          if ['AWS', 'Google', 'Rackspace', 'OpenStack', 'AzureRM', 'Aliyun', 'backblaze'].include?(fog_provider)
             # avoid a get by using local references
             local_directory = connection.directories.new(:key => @uploader.fog_directory)
             local_file = local_directory.files.new(:key => path)
             expire_at = options[:expire_at] || ::Fog::Time.now.since(@uploader.fog_authenticated_url_expiration.to_i)
-            case @uploader.fog_credentials[:provider]
-              when 'AWS', 'Google'
-                # Older versions of fog-google do not support options as a parameter
-                if url_options_supported?(local_file)
-                  local_file.url(expire_at, options)
-                else
-                  warn "Options hash not supported in #{local_file.class}. You may need to upgrade your Fog provider."
-                  local_file.url(expire_at)
-                end
-              when 'Rackspace', 'OpenStack'
-                connection.get_object_https_url(@uploader.fog_directory, path, expire_at, options)
-              when 'Aliyun'
-                expire_at = expire_at - Time.now
-                local_file.url(expire_at)
+            case fog_provider
+            when 'AWS', 'Google'
+              # Older versions of fog-google do not support options as a parameter
+              if url_options_supported?(local_file)
+                local_file.url(expire_at, options)
               else
+                warn "Options hash not supported in #{local_file.class}. You may need to upgrade your Fog provider."
                 local_file.url(expire_at)
+              end
+            when 'Rackspace', 'OpenStack'
+              connection.get_object_https_url(@uploader.fog_directory, path, expire_at, options)
+            when 'Aliyun'
+              expire_at -= Time.now
+              local_file.url(expire_at)
+            else
+              local_file.url(expire_at)
             end
           end
         end
@@ -258,18 +261,6 @@ module CarrierWave
           end
         end
 
-        ##
-        # Return extension of file
-        #
-        # === Returns
-        #
-        # [String] extension of file or nil if the file has no extension
-        #
-        def extension
-          path_elements = path.split('.')
-          path_elements.last if path_elements.size > 1
-        end
-
         ##
         # deprecated: All attributes from file (includes headers)
         #
@@ -296,16 +287,16 @@ module CarrierWave
         #
         # [String] contents of file
         def read
-          file_body = file.body
+          file_body = file&.body
 
           return if file_body.nil?
           return file_body unless file_body.is_a?(::File)
 
-          # Fog::Storage::XXX::File#body could return the source file which was upoloaded to the remote server.
-          read_source_file(file_body) if ::File.exist?(file_body.path)
+          # Fog::Storage::XXX::File#body could return the source file which was uploaded to the remote server.
+          return read_source_file if ::File.exist?(file_body.path)
 
           # If the source file doesn't exist, the remote content is read
-          @file = nil # rubocop:disable Gitlab/ModuleWithInstanceVariables
+          @file = nil
           file.body
         end
 
@@ -320,6 +311,15 @@ module CarrierWave
           file.nil? ? 0 : file.content_length
         end
 
+        ##
+        # === Returns
+        #
+        # [Boolean] whether the file is non-existent or empty
+        #
+        def empty?
+          !exists? || size.zero?
+        end
+
         ##
         # Check if the file exists on the remote service
         #
@@ -343,7 +343,7 @@ module CarrierWave
             fog_file = new_file.to_file
             @content_type ||= new_file.content_type
             @file = directory.files.create({
-              :body         => fog_file ? fog_file : new_file.read,
+              :body         => fog_file || new_file.read,
               :content_type => @content_type,
               :key          => path,
               :public       => @uploader.fog_public
@@ -364,7 +364,7 @@ module CarrierWave
         #
         def public_url
           encoded_path = encode_path(path)
-          if host = @uploader.asset_host
+          if (host = @uploader.asset_host)
             if host.respond_to? :call
               "#{host.call(self)}/#{encoded_path}"
             else
@@ -376,26 +376,29 @@ module CarrierWave
             when 'AWS'
               # check if some endpoint is set in fog_credentials
               if @uploader.fog_credentials.has_key?(:endpoint)
+                raise 'fog_aws_fips = true is incompatible with :endpoint, as FIPS endpoints do not support path-style URLs.' if @uploader.fog_aws_fips
                 "#{@uploader.fog_credentials[:endpoint]}/#{@uploader.fog_directory}/#{encoded_path}"
               else
                 protocol = @uploader.fog_use_ssl_for_aws ? "https" : "http"
 
                 subdomain_regex = /^(?:[a-z]|\d(?!\d{0,2}(?:\d{1,3}){3}$))(?:[a-z0-9\.]|(?![\-])|\-(?![\.])){1,61}[a-z0-9]$/
-                valid_subdomain = @uploader.fog_directory.to_s =~ subdomain_regex && !(protocol == 'https' && @uploader.fog_directory =~ /\./)
+                # To use the virtual-hosted style, the bucket name needs to be representable as a subdomain
+                use_virtual_hosted_style = @uploader.fog_directory.to_s =~ subdomain_regex && !(protocol == 'https' && @uploader.fog_directory =~ /\./)
+
+                region = @uploader.fog_credentials[:region].to_s
+                regional_host = 's3.amazonaws.com' # used for DEFAULT_S3_REGION or no region set
+                if @uploader.fog_aws_fips
+                  regional_host = "s3-fips.#{region}.amazonaws.com" # https://aws.amazon.com/compliance/fips/
+                elsif ![DEFAULT_S3_REGION, ''].include?(region)
+                  regional_host = "s3.#{region}.amazonaws.com"
+                end
 
-                # if directory is a valid subdomain, use that style for access
-                if valid_subdomain
-                  s3_subdomain = @uploader.fog_aws_accelerate ? "s3-accelerate" : "s3"
-                  "#{protocol}://#{@uploader.fog_directory}.#{s3_subdomain}.amazonaws.com/#{encoded_path}"
+                if use_virtual_hosted_style
+                  regional_host = 's3-accelerate.amazonaws.com' if @uploader.fog_aws_accelerate
+                  "#{protocol}://#{@uploader.fog_directory}.#{regional_host}/#{encoded_path}"
                 else # directory is not a valid subdomain, so use path style for access
-                  region = @uploader.fog_credentials[:region].to_s
-                  host   = case region
-                           when DEFAULT_S3_REGION, ''
-                             's3.amazonaws.com'
-                           else
-                             "s3.#{region}.amazonaws.com"
-                           end
-                  "#{protocol}://#{host}/#{@uploader.fog_directory}/#{encoded_path}"
+                  raise 'FIPS Endpoints can only be used with Virtual Hosted-Style addressing.' if @uploader.fog_aws_fips
+                  "#{protocol}://#{regional_host}/#{@uploader.fog_directory}/#{encoded_path}"
                 end
               end
             when 'Google'
@@ -409,7 +412,7 @@ module CarrierWave
         end
 
         ##
-        # Return url to file, if avaliable
+        # Return url to file, if available
         #
         # === Returns
         #
@@ -435,7 +438,7 @@ module CarrierWave
         # [NilClass] no file name available
         #
         def filename(options = {})
-          return unless file_url = url(options)
+          return unless (file_url = url(options))
           CGI.unescape(file_url.split('?').first).gsub(/.*\/(.*?$)/, '\1')
         end
 
@@ -451,10 +454,29 @@ module CarrierWave
         # @return [CarrierWave::Storage::Fog::File] the location where the file will be stored.
         #
         def copy_to(new_path)
-          connection.copy_object(@uploader.fog_directory, file.key, @uploader.fog_directory, new_path, copy_options)
+          file.copy(@uploader.fog_directory, new_path, copy_options)
           CarrierWave::Storage::Fog::File.new(@uploader, @base, new_path)
         end
 
+        ##
+        # Return the local file
+        #
+        # === Returns
+        #
+        # [File] The local file as Ruby's File class
+        #   or
+        # [NilClass] When there's no file, or the file is remotely stored
+        #
+        def to_file
+          return nil unless file.body.is_a? ::File
+
+          if file.body.closed?
+            ::File.open(file.body.path) # Reopen if it's already closed
+          else
+            file.body
+          end
+        end
+
       private
 
         ##
@@ -476,12 +498,10 @@ module CarrierWave
         # [Fog::#{provider}::Directory] containing directory
         #
         def directory
-          @directory ||= begin
-            connection.directories.new(
-              :key    => @uploader.fog_directory,
-              :public => @uploader.fog_public
-            )
-          end
+          @directory ||= connection.directories.new(
+            :key    => @uploader.fog_directory,
+            :public => @uploader.fog_public
+          )
         end
 
         ##
@@ -498,14 +518,15 @@ module CarrierWave
         def copy_options
           options = {}
           options.merge!(acl_header) if acl_header.present?
-          options['Content-Type'] ||= content_type if content_type
+          options[fog_provider == "Google" ? :content_type : 'Content-Type'] ||= content_type if content_type
           options.merge(@uploader.fog_attributes)
         end
 
         def acl_header
-          if fog_provider == 'AWS'
+          case fog_provider
+          when 'AWS'
             { 'x-amz-acl' => @uploader.fog_public ? 'public-read' : 'private' }
-          elsif fog_provider == "Google"
+          when "Google"
             @uploader.fog_public ? { destination_predefined_acl: "publicRead" } : {}
           else
             {}
@@ -516,14 +537,14 @@ module CarrierWave
           @uploader.fog_credentials[:provider].to_s
         end
 
-        def read_source_file(file_body)
-          return unless ::File.exist?(file_body.path)
+        def read_source_file
+          source_file = to_file
+          return unless source_file
 
           begin
-            file_body = ::File.open(file_body.path) if file_body.closed? # Reopen if it's already closed
-            file_body.read
+            source_file.read
           ensure
-            file_body.close
+            source_file.close
           end
         end
 

data/lib/carrierwave/test/matchers.rb

@@ -45,11 +45,11 @@ module CarrierWave
         def matches?(actual)
           @actual = actual
           # Satisfy expectation here. Return false or raise an error if it's not met.
-          (File.stat(@actual.path).mode & 0777) == @expected
+          (File.stat(@actual.path).mode & 0o777) == @expected
         end
 
         def failure_message
-          "expected #{@actual.current_path.inspect} to have permissions #{@expected.to_s(8)}, but they were #{(File.stat(@actual.path).mode & 0777).to_s(8)}"
+          "expected #{@actual.current_path.inspect} to have permissions #{@expected.to_s(8)}, but they were #{(File.stat(@actual.path).mode & 0o777).to_s(8)}"
         end
 
         def failure_message_when_negated
@@ -76,11 +76,11 @@ module CarrierWave
         def matches?(actual)
           @actual = actual
           # Satisfy expectation here. Return false or raise an error if it's not met.
-          (File.stat(File.dirname @actual.path).mode & 0777) == @expected
+          (File.stat(File.dirname(@actual.path)).mode & 0o777) == @expected
         end
 
         def failure_message
-          "expected #{File.dirname @actual.current_path.inspect} to have permissions #{@expected.to_s(8)}, but they were #{(File.stat(@actual.path).mode & 0777).to_s(8)}"
+          "expected #{File.dirname @actual.current_path.inspect} to have permissions #{@expected.to_s(8)}, but they were #{(File.stat(@actual.path).mode & 0o777).to_s(8)}"
         end
 
         def failure_message_when_negated
@@ -341,9 +341,11 @@ module CarrierWave
               begin
                 require 'rmagick'
               rescue LoadError
-                require 'RMagick'
-              rescue LoadError
-                puts "WARNING: Failed to require rmagick, image processing may fail!"
+                begin
+                  require 'RMagick'
+                rescue LoadError
+                  puts "WARNING: Failed to require rmagick, image processing may fail!"
+                end
               end
             end
             MagickWrapper.new(filename)
@@ -353,6 +355,7 @@ module CarrierWave
 
       class MagickWrapper # :nodoc:
         attr_reader :image
+
         def width
           image.columns
         end
@@ -372,6 +375,7 @@ module CarrierWave
 
       class MiniMagickWrapper # :nodoc:
         attr_reader :image
+
         def width
           image[:width]
         end

data/lib/carrierwave/uploader/cache.rb

@@ -24,7 +24,8 @@ module CarrierWave
   # [String] a cache id in the format TIMEINT-PID-COUNTER-RND
   #
   def self.generate_cache_id
-    [Time.now.utc.to_i,
+    [
+      Time.now.utc.to_i,
       SecureRandom.random_number(1_000_000_000_000_000),
       '%04d' % (CarrierWave::CacheCounter.increment % 10_000),
       '%04d' % SecureRandom.random_number(10_000)
@@ -64,7 +65,7 @@ module CarrierWave
         # It's recommended that you keep cache files in one place only.
         #
         def clean_cached_files!(seconds=60*60*24)
-          (cache_storage || storage).new(CarrierWave::Uploader::Base.new).clean_cache!(seconds)
+          (cache_storage || storage).new(new).clean_cache!(seconds)
         end
       end
 
@@ -90,9 +91,9 @@ module CarrierWave
       end
 
       def sanitized_file
-        ActiveSupport::Deprecation.warn('#sanitized_file is deprecated, use #file instead.')
         file
       end
+      CarrierWave.deprecator.deprecate_methods(self, sanitized_file: :file)
 
       ##
       # Returns a String which uniquely identifies the currently cached file for later retrieval
@@ -102,7 +103,7 @@ module CarrierWave
       # [String] a cache name, in the format TIMEINT-PID-COUNTER-RND/filename.txt
       #
       def cache_name
-        File.join(cache_id, full_original_filename) if cache_id && original_filename
+        File.join(cache_id, original_filename) if cache_id && original_filename
       end
 
       ##
@@ -110,7 +111,7 @@ module CarrierWave
       #
       # By default, cache!() uses copy_to(), which operates by copying the file
       # to the cache, then deleting the original file.  If move_to_cache() is
-      # overriden to return true, then cache!() uses move_to(), which simply
+      # overridden to return true, then cache!() uses move_to(), which simply
       # moves the file to the cache.  Useful for large files.
       #
       # === Parameters
@@ -129,6 +130,7 @@ module CarrierWave
 
         self.cache_id = CarrierWave.generate_cache_id unless cache_id
 
+        @identifier = nil
         @staged = true
         @filename = new_file.filename
         self.original_filename = new_file.filename
@@ -165,7 +167,7 @@ module CarrierWave
           self.cache_id, self.original_filename = cache_name.to_s.split('/', 2)
           @staged = true
           @filename = original_filename
-          @file = cache_storage.retrieve_from_cache!(full_filename(original_filename))
+          @file = cache_storage.retrieve_from_cache!(full_original_filename)
         end
       end
 
@@ -180,20 +182,21 @@ module CarrierWave
       #
       # [String] the cache path
       #
-      def cache_path(for_file=full_filename(original_filename))
+      def cache_path(for_file=full_original_filename)
         File.join(*[cache_dir, @cache_id, for_file].compact)
       end
 
+    protected
+
+      attr_reader :cache_id
+
     private
 
       def workfile_path(for_file=original_filename)
         File.join(CarrierWave.tmp_path, @cache_id, version_name.to_s, for_file)
       end
 
-      attr_reader :cache_id, :original_filename
-
-      # We can override the full_original_filename method in other modules
-      alias_method :full_original_filename, :original_filename
+      attr_reader :original_filename
 
       def cache_id=(cache_id)
         # Earlier version used 3 part cache_id. Thus we should allow for
@@ -210,6 +213,11 @@ module CarrierWave
       def cache_storage
         @cache_storage ||= (self.class.cache_storage || self.class.storage).new(self)
       end
+
+      # We can override the full_original_filename method in other modules
+      def full_original_filename
+        forcing_extension(original_filename)
+      end
     end # Cache
   end # Uploader
 end # CarrierWave

data/lib/carrierwave/uploader/callbacks.rb

@@ -5,7 +5,7 @@ module CarrierWave
 
       included do
         class_attribute :_before_callbacks, :_after_callbacks,
-          :instance_writer => false
+                        :instance_writer => false
         self._before_callbacks = Hash.new []
         self._after_callbacks = Hash.new []
       end

data/lib/carrierwave/uploader/configuration.rb

@@ -24,6 +24,7 @@ module CarrierWave
         add_config :move_to_store
         add_config :remove_previously_stored_files_after_update
         add_config :downloader
+        add_config :force_extension
 
         # fog
         add_deprecated_config :fog_provider
@@ -34,6 +35,7 @@ module CarrierWave
         add_config :fog_authenticated_url_expiration
         add_config :fog_use_ssl_for_aws
         add_config :fog_aws_accelerate
+        add_config :fog_aws_fips
 
         # Mounting
         add_config :ignore_integrity_errors
@@ -44,6 +46,9 @@ module CarrierWave
         add_config :validate_download
         add_config :mount_on
         add_config :cache_only
+        add_config :download_retry_count
+        add_config :download_retry_wait_time
+        add_config :skip_ssrf_protection
 
         # set default values
         reset_config
@@ -77,7 +82,7 @@ module CarrierWave
         def storage(storage = nil)
           case storage
           when Symbol
-            if storage_engine = storage_engines[storage]
+            if (storage_engine = storage_engines[storage])
               self._storage = eval storage_engine
             else
               raise CarrierWave::UnknownStorageError, "Unknown storage: #{storage}"
@@ -123,7 +128,7 @@ module CarrierWave
             @#{name} = nil
 
             def self.#{name}(value=nil)
-              @#{name} = value if value
+              @#{name} = value unless value.nil?
               return @#{name} if self.object_id == #{self.object_id} || defined?(@#{name})
               name = superclass.#{name}
               return nil if name.nil? && !instance_variable_defined?(:@#{name})
@@ -153,19 +158,19 @@ module CarrierWave
         def add_deprecated_config(name)
           class_eval <<-RUBY, __FILE__, __LINE__ + 1
             def self.#{name}(value=nil)
-              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+              CarrierWave.deprecator.warn "##{name} is deprecated and has no effect"
             end
 
             def self.#{name}=(value)
-              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+              CarrierWave.deprecator.warn "##{name} is deprecated and has no effect"
             end
 
             def #{name}=(value)
-              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+              CarrierWave.deprecator.warn "##{name} is deprecated and has no effect"
             end
 
             def #{name}
-              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+              CarrierWave.deprecator.warn "##{name} is deprecated and has no effect"
             end
           RUBY
         end
@@ -179,8 +184,8 @@ module CarrierWave
         #
         def reset_config
           configure do |config|
-            config.permissions = 0644
-            config.directory_permissions = 0755
+            config.permissions = 0o644
+            config.directory_permissions = 0o755
             config.storage_engines = {
               :file => "CarrierWave::Storage::File",
               :fog  => "CarrierWave::Storage::Fog"
@@ -193,6 +198,7 @@ module CarrierWave
             config.fog_authenticated_url_expiration = 600
             config.fog_use_ssl_for_aws = true
             config.fog_aws_accelerate = false
+            config.fog_aws_fips = false
             config.store_dir = 'uploads'
             config.cache_dir = 'uploads/tmp'
             config.delete_tmp_file_after_storage = true
@@ -200,6 +206,7 @@ module CarrierWave
             config.move_to_store = false
             config.remove_previously_stored_files_after_update = true
             config.downloader = CarrierWave::Downloader::Base
+            config.force_extension = false
             config.ignore_integrity_errors = true
             config.ignore_processing_errors = true
             config.ignore_download_errors = true
@@ -210,6 +217,9 @@ module CarrierWave
             config.base_path = CarrierWave.base_path
             config.enable_processing = true
             config.ensure_multipart_form = true
+            config.download_retry_count = 0
+            config.download_retry_wait_time = 5
+            config.skip_ssrf_protection = false
           end
         end
       end

data/lib/carrierwave/uploader/{content_type_whitelist.rb → content_type_allowlist.rb}

@@ -1,10 +1,10 @@
 module CarrierWave
   module Uploader
-    module ContentTypeWhitelist
+    module ContentTypeAllowlist
       extend ActiveSupport::Concern
 
       included do
-        before :cache, :check_content_type_whitelist!
+        before :cache, :check_content_type_allowlist!
       end
 
       ##
@@ -29,32 +29,34 @@ module CarrierWave
       #     end
       #
       def content_type_allowlist
-        if respond_to?(:content_type_whitelist)
-          ActiveSupport::Deprecation.warn "#content_type_whitelist is deprecated, use #content_type_allowlist instead." unless instance_variable_defined?(:@content_type_whitelist_warned)
-          @content_type_whitelist_warned = true
-          content_type_whitelist
-        end
       end
 
     private
 
-      def check_content_type_whitelist!(new_file)
-        return unless content_type_allowlist
+      def check_content_type_allowlist!(new_file)
+        allowlist = content_type_allowlist
+        if !allowlist && respond_to?(:content_type_whitelist) && content_type_whitelist
+          CarrierWave.deprecator.warn "#content_type_whitelist is deprecated, use #content_type_allowlist instead." unless instance_variable_defined?(:@content_type_whitelist_warned)
+          @content_type_whitelist_warned = true
+          allowlist = content_type_whitelist
+        end
+
+        return unless allowlist
 
         content_type = new_file.content_type
-        if !whitelisted_content_type?(content_type)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_whitelist_error", content_type: content_type,
-                                                            allowed_types: Array(content_type_allowlist).join(", "), default: :"errors.messages.content_type_allowlist_error")
+        if !allowlisted_content_type?(allowlist, content_type)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_allowlist_error", content_type: content_type,
+                                                            allowed_types: Array(allowlist).join(", "), default: :"errors.messages.content_type_whitelist_error")
         end
       end
 
-      def whitelisted_content_type?(content_type)
-        Array(content_type_allowlist).any? do |item|
+      def allowlisted_content_type?(allowlist, content_type)
+        Array(allowlist).any? do |item|
           item = Regexp.quote(item) if item.class != Regexp
-          content_type =~ /#{item}/
+          content_type =~ /\A#{item}/
         end
       end
 
-    end # ContentTypeWhitelist
+    end # ContentTypeAllowlist
   end # Uploader
 end # CarrierWave