jr-paperclip 7.3.0

data/spec/paperclip/io_adapters/uri_adapter_spec.rb

@@ -0,0 +1,231 @@
+require "spec_helper"
+
+describe Paperclip::UriAdapter do
+  let(:content_type) { "image/png" }
+  let(:meta) { {} }
+
+  before do
+    @open_return = StringIO.new("xxx")
+    allow(@open_return).to receive(:content_type).and_return(content_type)
+    allow(@open_return).to receive(:meta).and_return(meta)
+    Paperclip::UriAdapter.register
+  end
+
+  after do
+    Paperclip.io_adapters.unregister(described_class)
+  end
+
+  context "a new instance" do
+    let(:meta) { { "content-type" => "image/png" } }
+
+    before do
+      allow_any_instance_of(Paperclip::UriAdapter).
+        to receive(:download_content).and_return(@open_return)
+
+      @uri = URI.parse("http://thoughtbot.com/images/thoughtbot-logo.png")
+      @subject = Paperclip.io_adapters.for(@uri, hash_digest: Digest::MD5)
+    end
+
+    it "returns a file name" do
+      assert_equal "thoughtbot-logo.png", @subject.original_filename
+    end
+
+    it "closes open handle after reading" do
+      assert_equal true, @open_return.closed?
+    end
+
+    it "returns a content type" do
+      assert_equal "image/png", @subject.content_type
+    end
+
+    it "returns the size of the data" do
+      assert_equal @open_return.size, @subject.size
+    end
+
+    it "generates an MD5 hash of the contents" do
+      assert_equal Digest::MD5.hexdigest("xxx"), @subject.fingerprint
+    end
+
+    it "generates correct fingerprint after read" do
+      fingerprint = Digest::MD5.hexdigest(@subject.read)
+      assert_equal fingerprint, @subject.fingerprint
+    end
+
+    it "generates same fingerprint" do
+      assert_equal @subject.fingerprint, @subject.fingerprint
+    end
+
+    it "returns the data contained in the StringIO" do
+      assert_equal "xxx", @subject.read
+    end
+
+    it "accepts a content_type" do
+      @subject.content_type = "image/png"
+      assert_equal "image/png", @subject.content_type
+    end
+
+    it "accepts an original_filename" do
+      @subject.original_filename = "image.png"
+      assert_equal "image.png", @subject.original_filename
+    end
+  end
+
+  context "a directory index url" do
+    let(:content_type) { "text/html" }
+    let(:meta) { { "content-type" => "text/html" } }
+
+    before do
+      allow_any_instance_of(Paperclip::UriAdapter).
+        to receive(:download_content).and_return(@open_return)
+
+      @uri = URI.parse("http://thoughtbot.com")
+      @subject = Paperclip.io_adapters.for(@uri)
+    end
+
+    it "returns a file name" do
+      assert_equal "index.html", @subject.original_filename
+    end
+
+    it "returns a content type" do
+      assert_equal "text/html", @subject.content_type
+    end
+  end
+
+  context "a url with query params" do
+    before do
+      allow_any_instance_of(Paperclip::UriAdapter).
+        to receive(:download_content).and_return(@open_return)
+
+      @uri = URI.parse("https://github.com/thoughtbot/paperclip?file=test")
+      @subject = Paperclip.io_adapters.for(@uri)
+    end
+
+    it "returns a file name" do
+      assert_equal "paperclip", @subject.original_filename
+    end
+  end
+
+  context "a url with content disposition headers" do
+    let(:file_name) { "test_document.pdf" }
+    let(:filename_from_path) { "paperclip" }
+
+    before do
+      allow_any_instance_of(Paperclip::UriAdapter).
+        to receive(:download_content).and_return(@open_return)
+
+      @uri = URI.parse(
+        "https://github.com/thoughtbot/#{filename_from_path}?file=test"
+      )
+    end
+
+    it "returns file name from path" do
+      meta["content-disposition"] = "inline;"
+
+      @subject = Paperclip.io_adapters.for(@uri)
+
+      assert_equal filename_from_path, @subject.original_filename
+    end
+
+    it "returns a file name enclosed in double quotes" do
+      file_name = "john's test document.pdf"
+      meta["content-disposition"] = "attachment; filename=\"#{file_name}\";"
+
+      @subject = Paperclip.io_adapters.for(@uri)
+
+      assert_equal file_name, @subject.original_filename
+    end
+
+    it "returns a file name not enclosed in double quotes" do
+      meta["content-disposition"] = "ATTACHMENT; FILENAME=#{file_name};"
+
+      @subject = Paperclip.io_adapters.for(@uri)
+
+      assert_equal file_name, @subject.original_filename
+    end
+
+    it "does not crash when an empty filename is given" do
+      meta["content-disposition"] = "ATTACHMENT; FILENAME=\"\";"
+
+      @subject = Paperclip.io_adapters.for(@uri)
+
+      assert_equal "", @subject.original_filename
+    end
+
+    it "returns a file name ignoring RFC 5987 encoding" do
+      meta["content-disposition"] =
+        "attachment; filename=#{file_name}; filename* = utf-8''%e2%82%ac%20rates"
+
+      @subject = Paperclip.io_adapters.for(@uri)
+
+      assert_equal file_name, @subject.original_filename
+    end
+
+    context "when file name has consecutive periods" do
+      let(:file_name) { "test_document..pdf" }
+
+      it "returns a file name" do
+        @uri = URI.parse(
+          "https://github.com/thoughtbot/#{file_name}?file=test"
+        )
+        @subject = Paperclip.io_adapters.for(@uri)
+        assert_equal file_name, @subject.original_filename
+      end
+    end
+  end
+
+  context "a url with restricted characters in the filename" do
+    before do
+      allow_any_instance_of(Paperclip::UriAdapter).
+        to receive(:download_content).and_return(@open_return)
+
+      @uri = URI.parse("https://github.com/thoughtbot/paper:clip.jpg")
+      @subject = Paperclip.io_adapters.for(@uri)
+    end
+
+    it "does not generate filenames that include restricted characters" do
+      assert_equal "paper_clip.jpg", @subject.original_filename
+    end
+
+    it "does not generate paths that include restricted characters" do
+      expect(@subject.path).to_not match(/:/)
+    end
+  end
+
+  describe "#download_content" do
+    before do
+      allowed_mock =
+        if RUBY_VERSION < '2.5'
+          allow_any_instance_of(Paperclip::UriAdapter)
+        else
+          allow(URI)
+        end
+
+      allowed_mock.to receive(:open).and_return(@open_return)
+
+      @uri = URI.parse("https://github.com/thoughtbot/paper:clip.jpg")
+      @subject = Paperclip.io_adapters.for(@uri)
+      @uri_opener = RUBY_VERSION < '2.5' ? @subject : URI
+    end
+
+    after do
+      @subject.send(:download_content)
+    end
+
+    context "with default read_timeout" do
+      it "calls open without options" do
+        expect(@uri_opener).to receive(:open).with(@uri, {}).at_least(1).times
+      end
+    end
+
+    context "with custom read_timeout" do
+      before do
+        Paperclip.options[:read_timeout] = 120
+      end
+
+      it "calls open with read_timeout option" do
+        expect(@uri_opener)
+          .to receive(:open).with(@uri, { read_timeout: 120 }).at_least(1).times
+      end
+    end
+  end
+end

data/spec/paperclip/matchers/have_attached_file_matcher_spec.rb

@@ -0,0 +1,19 @@
+require "spec_helper"
+require "paperclip/matchers"
+
+describe Paperclip::Shoulda::Matchers::HaveAttachedFileMatcher do
+  extend Paperclip::Shoulda::Matchers
+
+  it "rejects the dummy class if it has no attachment" do
+    reset_table "dummies"
+    reset_class "Dummy"
+    matcher = self.class.have_attached_file(:avatar)
+    expect(matcher).to_not accept(Dummy)
+  end
+
+  it "accepts the dummy class if it has an attachment" do
+    rebuild_model
+    matcher = self.class.have_attached_file(:avatar)
+    expect(matcher).to accept(Dummy)
+  end
+end

data/spec/paperclip/matchers/validate_attachment_content_type_matcher_spec.rb

@@ -0,0 +1,108 @@
+require "spec_helper"
+require "paperclip/matchers"
+
+describe Paperclip::Shoulda::Matchers::ValidateAttachmentContentTypeMatcher do
+  extend Paperclip::Shoulda::Matchers
+
+  before do
+    reset_table("dummies") do |d|
+      d.string :title
+      d.string :avatar_file_name
+      d.string :avatar_content_type
+    end
+    reset_class "Dummy"
+    Dummy.do_not_validate_attachment_file_type :avatar
+    Dummy.has_attached_file :avatar
+  end
+
+  it "rejects a class with no validation" do
+    expect(matcher).to_not accept(Dummy)
+    expect { matcher.failure_message }.to_not raise_error
+  end
+
+  it "rejects a class when the validation fails" do
+    Dummy.validates_attachment_content_type :avatar, content_type: %r{audio/.*}
+    expect(matcher).to_not accept(Dummy)
+    expect { matcher.failure_message }.to_not raise_error
+  end
+
+  it "accepts a class with a matching validation" do
+    Dummy.validates_attachment_content_type :avatar, content_type: %r{image/.*}
+    expect(matcher).to accept(Dummy)
+    expect { matcher.failure_message }.to_not raise_error
+  end
+
+  it "accepts a class with other validations but matching types" do
+    Dummy.validates_presence_of :title
+    Dummy.validates_attachment_content_type :avatar, content_type: %r{image/.*}
+    expect(matcher).to accept(Dummy)
+    expect { matcher.failure_message }.to_not raise_error
+  end
+
+  it "accepts a class that matches and a matcher that only specifies 'allowing'" do
+    Dummy.validates_attachment_content_type :avatar, content_type: %r{image/.*}
+    matcher = plain_matcher.allowing(%w(image/png image/jpeg))
+
+    expect(matcher).to accept(Dummy)
+    expect { matcher.failure_message }.to_not raise_error
+  end
+
+  it "rejects a class that does not match and a matcher that only specifies 'allowing'" do
+    Dummy.validates_attachment_content_type :avatar, content_type: %r{audio/.*}
+    matcher = plain_matcher.allowing(%w(image/png image/jpeg))
+
+    expect(matcher).to_not accept(Dummy)
+    expect { matcher.failure_message }.to_not raise_error
+  end
+
+  it "accepts a class that matches and a matcher that only specifies 'rejecting'" do
+    Dummy.validates_attachment_content_type :avatar, content_type: %r{image/.*}
+    matcher = plain_matcher.rejecting(%w(audio/mp3 application/octet-stream))
+
+    expect(matcher).to accept(Dummy)
+    expect { matcher.failure_message }.to_not raise_error
+  end
+
+  it "rejects a class that does not match and a matcher that only specifies 'rejecting'" do
+    Dummy.validates_attachment_content_type :avatar, content_type: %r{audio/.*}
+    matcher = plain_matcher.rejecting(%w(audio/mp3 application/octet-stream))
+
+    expect(matcher).to_not accept(Dummy)
+    expect { matcher.failure_message }.to_not raise_error
+  end
+
+  context "using an :if to control the validation" do
+    before do
+      Dummy.class_eval do
+        validates_attachment_content_type :avatar, content_type: %r{image/*}, if: :go
+        attr_accessor :go
+      end
+    end
+
+    it "runs the validation if the control is true" do
+      dummy = Dummy.new
+      dummy.go = true
+      expect(matcher).to accept(dummy)
+      expect { matcher.failure_message }.to_not raise_error
+    end
+
+    it "does not run the validation if the control is false" do
+      dummy = Dummy.new
+      dummy.go = false
+      expect(matcher).to_not accept(dummy)
+      expect { matcher.failure_message }.to_not raise_error
+    end
+  end
+
+  private
+
+  def plain_matcher
+    self.class.validate_attachment_content_type(:avatar)
+  end
+
+  def matcher
+    plain_matcher.
+      allowing(%w(image/png image/jpeg)).
+      rejecting(%w(audio/mp3 application/octet-stream))
+  end
+end

data/spec/paperclip/matchers/validate_attachment_presence_matcher_spec.rb

@@ -0,0 +1,69 @@
+require "spec_helper"
+require "paperclip/matchers"
+
+describe Paperclip::Shoulda::Matchers::ValidateAttachmentPresenceMatcher do
+  extend Paperclip::Shoulda::Matchers
+
+  before do
+    reset_table("dummies") do |d|
+      d.string :avatar_file_name
+    end
+    reset_class "Dummy"
+    Dummy.has_attached_file :avatar
+    Dummy.do_not_validate_attachment_file_type :avatar
+  end
+
+  it "rejects a class with no validation" do
+    expect(matcher).to_not accept(Dummy)
+  end
+
+  it "accepts a class with a matching validation" do
+    Dummy.validates_attachment_presence :avatar
+    expect(matcher).to accept(Dummy)
+  end
+
+  it "accepts an instance with other attachment validations" do
+    reset_table("dummies") do |d|
+      d.string :avatar_file_name
+      d.string :avatar_content_type
+    end
+    Dummy.class_eval do
+      validates_attachment_presence :avatar
+      validates_attachment_content_type :avatar, content_type: "image/gif"
+    end
+    dummy = Dummy.new
+
+    dummy.avatar = File.new fixture_file("5k.png")
+
+    expect(matcher).to accept(dummy)
+  end
+
+  context "using an :if to control the validation" do
+    before do
+      Dummy.class_eval do
+        validates_attachment_presence :avatar, if: :go
+        attr_accessor :go
+      end
+    end
+
+    it "runs the validation if the control is true" do
+      dummy = Dummy.new
+      dummy.avatar = nil
+      dummy.go = true
+      expect(matcher).to accept(dummy)
+    end
+
+    it "does not run the validation if the control is false" do
+      dummy = Dummy.new
+      dummy.avatar = nil
+      dummy.go = false
+      expect(matcher).to_not accept(dummy)
+    end
+  end
+
+  private
+
+  def matcher
+    self.class.validate_attachment_presence(:avatar)
+  end
+end

data/spec/paperclip/matchers/validate_attachment_size_matcher_spec.rb

@@ -0,0 +1,88 @@
+require "spec_helper"
+require "paperclip/matchers"
+
+describe Paperclip::Shoulda::Matchers::ValidateAttachmentSizeMatcher do
+  extend Paperclip::Shoulda::Matchers
+
+  before do
+    reset_table("dummies") do |d|
+      d.string :avatar_file_name
+      d.bigint :avatar_file_size
+    end
+    reset_class "Dummy"
+    Dummy.do_not_validate_attachment_file_type :avatar
+    Dummy.has_attached_file :avatar
+  end
+
+  context "Limiting size" do
+    it "rejects a class with no validation" do
+      expect(matcher.in(256..1024)).to_not accept(Dummy)
+    end
+
+    it "rejects a class with a validation that's too high" do
+      Dummy.validates_attachment_size :avatar, in: 256..2048
+      expect(matcher.in(256..1024)).to_not accept(Dummy)
+    end
+
+    it "accepts a class with a validation that's too low" do
+      Dummy.validates_attachment_size :avatar, in: 0..1024
+      expect(matcher.in(256..1024)).to_not accept(Dummy)
+    end
+
+    it "accepts a class with a validation that matches" do
+      Dummy.validates_attachment_size :avatar, in: 256..1024
+      expect(matcher.in(256..1024)).to accept(Dummy)
+    end
+  end
+
+  context "allowing anything" do
+    it "given a class with an upper limit" do
+      Dummy.validates_attachment_size :avatar, less_than: 1
+      expect(matcher).to accept(Dummy)
+    end
+
+    it "given a class with a lower limit" do
+      Dummy.validates_attachment_size :avatar, greater_than: 1
+      expect(matcher).to accept(Dummy)
+    end
+  end
+
+  context "using an :if to control the validation" do
+    before do
+      Dummy.class_eval do
+        validates_attachment_size :avatar, greater_than: 1024, if: :go
+        attr_accessor :go
+      end
+    end
+
+    it "run the validation if the control is true" do
+      dummy = Dummy.new
+      dummy.go = true
+      expect(matcher.greater_than(1024)).to accept(dummy)
+    end
+
+    it "not run the validation if the control is false" do
+      dummy = Dummy.new
+      dummy.go = false
+      expect(matcher.greater_than(1024)).to_not accept(dummy)
+    end
+  end
+
+  context "post processing" do
+    before do
+      Dummy.validates_attachment_size :avatar, greater_than: 1024
+    end
+
+    it "be skipped" do
+      dummy = Dummy.new
+      expect(dummy.avatar).to_not receive(:post_process)
+      expect(matcher.greater_than(1024)).to accept(dummy)
+    end
+  end
+
+  private
+
+  def matcher
+    self.class.validate_attachment_size(:avatar)
+  end
+end

data/spec/paperclip/media_type_spoof_detector_spec.rb

@@ -0,0 +1,126 @@
+require "spec_helper"
+
+describe Paperclip::MediaTypeSpoofDetector do
+  it "rejects a file that is named .html and identifies as PNG" do
+    file = File.open(fixture_file("5k.png"))
+    assert Paperclip::MediaTypeSpoofDetector.using(file, "5k.html", "image/png").spoofed?
+  end
+
+  it "does not reject a file that is named .jpg and identifies as PNG" do
+    file = File.open(fixture_file("5k.png"))
+    assert !Paperclip::MediaTypeSpoofDetector.using(file, "5k.jpg", "image/png").spoofed?
+  end
+
+  it "does not reject a file that is named .html and identifies as HTML" do
+    file = File.open(fixture_file("empty.html"))
+    assert !Paperclip::MediaTypeSpoofDetector.using(file, "empty.html", "text/html").spoofed?
+  end
+
+  it "does not reject a file that does not have a name" do
+    file = File.open(fixture_file("empty.html"))
+    assert !Paperclip::MediaTypeSpoofDetector.using(file, "", "text/html").spoofed?
+  end
+
+  it "does not reject a file that does have an extension" do
+    file = File.open(fixture_file("empty.html"))
+    assert !Paperclip::MediaTypeSpoofDetector.using(file, "data", "text/html").spoofed?
+  end
+
+  it "does not reject when the supplied file is an IOAdapter" do
+    adapter = Paperclip.io_adapters.for(File.new(fixture_file("5k.png")))
+    assert !Paperclip::MediaTypeSpoofDetector.using(adapter, adapter.original_filename, adapter.content_type).spoofed?
+  end
+
+  it "does not reject when the extension => content_type is in :content_type_mappings" do
+    file = Tempfile.open(["test", ".PEM"])
+    file.puts "Certificate!"
+    file.close
+
+    adapter = Paperclip.io_adapters.for(File.new(file.path))
+
+    begin
+      Paperclip.options[:content_type_mappings] = { pem: "text/plain" }
+      assert !Paperclip::MediaTypeSpoofDetector.using(adapter, adapter.original_filename, adapter.content_type).spoofed?
+
+      # As a string.
+      Paperclip.options[:content_type_mappings] = { "pem" => "text/plain" }
+      assert !Paperclip::MediaTypeSpoofDetector.using(adapter, adapter.original_filename, adapter.content_type).spoofed?
+    ensure
+      Paperclip.options[:content_type_mappings] = {}
+    end
+  end
+
+  context "file named .html and is as HTML, but we're told JPG" do
+    let(:file) { File.open(fixture_file("empty.html")) }
+    let(:spoofed?) { Paperclip::MediaTypeSpoofDetector.using(file, "empty.html", "image/jpg").spoofed? }
+
+    it "rejects the file" do
+      assert spoofed?
+    end
+
+    it "logs info about the detected spoof" do
+      expect(Paperclip).to receive(:log).with('Content Type Spoof: Filename empty.html (image/jpg from Headers, ["text/html"] from Extension), content type discovered from file command: text/html. See documentation to allow this combination.')
+      spoofed?
+    end
+  end
+
+  context "GIF file named without extension, but we're told GIF" do
+    let(:file) { File.open(fixture_file("animated")) }
+    let(:spoofed?) do
+      Paperclip::MediaTypeSpoofDetector.
+        using(file, "animated", "image/gif").
+        spoofed?
+    end
+
+    it "accepts the file" do
+      assert !spoofed?
+    end
+  end
+
+  context "GIF file named without extension, but we're told HTML" do
+    let(:file) { File.open(fixture_file("animated")) }
+    let(:spoofed?) do
+      Paperclip::MediaTypeSpoofDetector.
+        using(file, "animated", "text/html").
+        spoofed?
+    end
+
+    it "rejects the file" do
+      assert spoofed?
+    end
+  end
+
+  it "does not reject if content_type is empty but otherwise checks out" do
+    file = File.open(fixture_file("empty.html"))
+    assert !Paperclip::MediaTypeSpoofDetector.using(file, "empty.html", "").spoofed?
+  end
+
+  it "does allow array as :content_type_mappings" do
+    begin
+      Paperclip.options[:content_type_mappings] = {
+        html: ["binary", "text/html"]
+      }
+      file = File.open(fixture_file("empty.html"))
+      spoofed = Paperclip::MediaTypeSpoofDetector.
+                using(file, "empty.html", "text/html").spoofed?
+      assert !spoofed
+    ensure
+      Paperclip.options[:content_type_mappings] = {}
+    end
+  end
+
+  context "#type_from_file_command" do
+    let(:file) { File.new(fixture_file("empty.html")) }
+    let(:detector) { Paperclip::MediaTypeSpoofDetector.new(file, "html", "") }
+
+    it "does work with the output of old versions of file" do
+      allow(Paperclip).to receive(:run).and_return("text/html charset=us-ascii")
+      expect(detector.send(:type_from_file_command)).to eq("text/html")
+    end
+
+    it "does work with the output of new versions of file" do
+      allow(Paperclip).to receive(:run).and_return("text/html; charset=us-ascii")
+      expect(detector.send(:type_from_file_command)).to eq("text/html")
+    end
+  end
+end

data/spec/paperclip/meta_class_spec.rb

@@ -0,0 +1,30 @@
+require "spec_helper"
+
+describe "Metaclasses" do
+  context "A meta-class of dummy" do
+    if active_support_version >= "4.1" || ruby_version < "2.1"
+      before do
+        rebuild_model
+        reset_class("Dummy")
+      end
+
+      it "is able to use Paperclip like a normal class" do
+        @dummy = Dummy.new
+
+        assert_nothing_raised do
+          rebuild_meta_class_of(@dummy)
+        end
+      end
+
+      it "works like any other instance" do
+        @dummy = Dummy.new
+        rebuild_meta_class_of(@dummy)
+
+        assert_nothing_raised do
+          @dummy.avatar = File.new(fixture_file("5k.png"), "rb")
+        end
+        assert @dummy.save
+      end
+    end
+  end
+end