kt-paperclip 6.2.0

data/lib/paperclip/locales/en.yml

@@ -0,0 +1,18 @@
+en:
+  errors:
+    messages:
+      in_between: "must be in between %{min} and %{max}"
+      spoofed_media_type: "has contents that are not what they are reported to be"
+
+  number:
+    human:
+      storage_units:
+        format: "%n %u"
+        units:
+          byte:
+            one:   "Byte"
+            other: "Bytes"
+          kb: "KB"
+          mb: "MB"
+          gb: "GB"
+          tb: "TB"

data/lib/paperclip/logger.rb

@@ -0,0 +1,21 @@
+module Paperclip
+  module Logger
+    # Log a paperclip-specific line. This will log to STDOUT
+    # by default. Set Paperclip.options[:log] to false to turn off.
+    def log(message)
+      logger.info("[paperclip] #{message}") if logging?
+    end
+
+    def logger #:nodoc:
+      @logger ||= options[:logger] || ::Logger.new(STDOUT)
+    end
+
+    def logger=(logger)
+      @logger = logger
+    end
+
+    def logging? #:nodoc:
+      options[:log]
+    end
+  end
+end

data/lib/paperclip/matchers.rb

@@ -0,0 +1,64 @@
+require "paperclip/matchers/have_attached_file_matcher"
+require "paperclip/matchers/validate_attachment_presence_matcher"
+require "paperclip/matchers/validate_attachment_content_type_matcher"
+require "paperclip/matchers/validate_attachment_size_matcher"
+
+module Paperclip
+  module Shoulda
+    # Provides RSpec-compatible & Test::Unit-compatible matchers for testing Paperclip attachments.
+    #
+    # *RSpec*
+    #
+    # In spec_helper.rb, you'll need to require the matchers:
+    #
+    #   require "paperclip/matchers"
+    #
+    # And _include_ the module:
+    #
+    #   RSpec.configure do |config|
+    #     config.include Paperclip::Shoulda::Matchers
+    #   end
+    #
+    # Example:
+    #   describe User do
+    #     it { should have_attached_file(:avatar) }
+    #     it { should validate_attachment_presence(:avatar) }
+    #     it { should validate_attachment_content_type(:avatar).
+    #                   allowing('image/png', 'image/gif').
+    #                   rejecting('text/plain', 'text/xml') }
+    #     it { should validate_attachment_size(:avatar).
+    #                   less_than(2.megabytes) }
+    #   end
+    #
+    #
+    # *TestUnit*
+    #
+    # In test_helper.rb, you'll need to require the matchers as well:
+    #
+    #   require "paperclip/matchers"
+    #
+    # And _extend_ the module:
+    #
+    #   class ActiveSupport::TestCase
+    #     extend Paperclip::Shoulda::Matchers
+    #
+    #     #...other initializers...#
+    #   end
+    #
+    # Example:
+    #   require 'test_helper'
+    #
+    #   class UserTest < ActiveSupport::TestCase
+    #     should have_attached_file(:avatar)
+    #     should validate_attachment_presence(:avatar)
+    #     should validate_attachment_content_type(:avatar).
+    #                  allowing('image/png', 'image/gif').
+    #                  rejecting('text/plain', 'text/xml')
+    #     should validate_attachment_size(:avatar).
+    #                  less_than(2.megabytes)
+    #   end
+    #
+    module Matchers
+    end
+  end
+end

data/lib/paperclip/matchers/have_attached_file_matcher.rb

@@ -0,0 +1,54 @@
+module Paperclip
+  module Shoulda
+    module Matchers
+      # Ensures that the given instance or class has an attachment with the
+      # given name.
+      #
+      # Example:
+      #   describe User do
+      #     it { should have_attached_file(:avatar) }
+      #   end
+      def have_attached_file(name)
+        HaveAttachedFileMatcher.new(name)
+      end
+
+      class HaveAttachedFileMatcher
+        def initialize(attachment_name)
+          @attachment_name = attachment_name
+        end
+
+        def matches?(subject)
+          @subject = subject
+          @subject = @subject.class unless Class === @subject
+          responds? && has_column?
+        end
+
+        def failure_message
+          "Should have an attachment named #{@attachment_name}"
+        end
+
+        def failure_message_when_negated
+          "Should not have an attachment named #{@attachment_name}"
+        end
+        alias negative_failure_message failure_message_when_negated
+
+        def description
+          "have an attachment named #{@attachment_name}"
+        end
+
+        protected
+
+        def responds?
+          methods = @subject.instance_methods.map(&:to_s)
+          methods.include?(@attachment_name.to_s) &&
+            methods.include?("#{@attachment_name}=") &&
+            methods.include?("#{@attachment_name}?")
+        end
+
+        def has_column?
+          @subject.column_names.include?("#{@attachment_name}_file_name")
+        end
+      end
+    end
+  end
+end

data/lib/paperclip/matchers/validate_attachment_content_type_matcher.rb

@@ -0,0 +1,101 @@
+module Paperclip
+  module Shoulda
+    module Matchers
+      # Ensures that the given instance or class validates the content type of
+      # the given attachment as specified.
+      #
+      # Example:
+      #   describe User do
+      #     it { should validate_attachment_content_type(:icon).
+      #                   allowing('image/png', 'image/gif').
+      #                   rejecting('text/plain', 'text/xml') }
+      #   end
+      def validate_attachment_content_type(name)
+        ValidateAttachmentContentTypeMatcher.new(name)
+      end
+
+      class ValidateAttachmentContentTypeMatcher
+        def initialize(attachment_name)
+          @attachment_name = attachment_name
+          @allowed_types = []
+          @rejected_types = []
+        end
+
+        def allowing(*types)
+          @allowed_types = types.flatten
+          self
+        end
+
+        def rejecting(*types)
+          @rejected_types = types.flatten
+          self
+        end
+
+        def matches?(subject)
+          @subject = subject
+          @subject = @subject.new if @subject.class == Class
+          @allowed_types && @rejected_types &&
+            allowed_types_allowed? && rejected_types_rejected?
+        end
+
+        def failure_message
+          "#{expected_attachment}\n".tap do |message|
+            message << accepted_types_and_failures.to_s
+            message << "\n\n" if @allowed_types.present? && @rejected_types.present?
+            message << rejected_types_and_failures.to_s
+          end
+        end
+
+        def description
+          "validate the content types allowed on attachment #{@attachment_name}"
+        end
+
+        protected
+
+        def accepted_types_and_failures
+          if @allowed_types.present?
+            "Accept content types: #{@allowed_types.join(', ')}\n".tap do |message|
+              message << if @missing_allowed_types.present?
+                           "  #{@missing_allowed_types.join(', ')} were rejected."
+                         else
+                           "  All were accepted successfully."
+                         end
+            end
+          end
+        end
+
+        def rejected_types_and_failures
+          if @rejected_types.present?
+            "Reject content types: #{@rejected_types.join(', ')}\n".tap do |message|
+              message << if @missing_rejected_types.present?
+                           "  #{@missing_rejected_types.join(', ')} were accepted."
+                         else
+                           "  All were rejected successfully."
+                         end
+            end
+          end
+        end
+
+        def expected_attachment
+          "Expected #{@attachment_name}:\n"
+        end
+
+        def type_allowed?(type)
+          @subject.send("#{@attachment_name}_content_type=", type)
+          @subject.valid?
+          @subject.errors[:"#{@attachment_name}_content_type"].blank?
+        end
+
+        def allowed_types_allowed?
+          @missing_allowed_types ||= @allowed_types.reject { |type| type_allowed?(type) }
+          @missing_allowed_types.none?
+        end
+
+        def rejected_types_rejected?
+          @missing_rejected_types ||= @rejected_types.select { |type| type_allowed?(type) }
+          @missing_rejected_types.none?
+        end
+      end
+    end
+  end
+end

data/lib/paperclip/matchers/validate_attachment_presence_matcher.rb

@@ -0,0 +1,59 @@
+module Paperclip
+  module Shoulda
+    module Matchers
+      # Ensures that the given instance or class validates the presence of the
+      # given attachment.
+      #
+      # describe User do
+      #   it { should validate_attachment_presence(:avatar) }
+      # end
+      def validate_attachment_presence(name)
+        ValidateAttachmentPresenceMatcher.new(name)
+      end
+
+      class ValidateAttachmentPresenceMatcher
+        def initialize(attachment_name)
+          @attachment_name = attachment_name
+        end
+
+        def matches?(subject)
+          @subject = subject
+          @subject = subject.new if subject.class == Class
+          error_when_not_valid? && no_error_when_valid?
+        end
+
+        def failure_message
+          "Attachment #{@attachment_name} should be required"
+        end
+
+        def failure_message_when_negated
+          "Attachment #{@attachment_name} should not be required"
+        end
+        alias negative_failure_message failure_message_when_negated
+
+        def description
+          "require presence of attachment #{@attachment_name}"
+        end
+
+        protected
+
+        def error_when_not_valid?
+          @subject.send(@attachment_name).assign(nil)
+          @subject.valid?
+          @subject.errors[:"#{@attachment_name}"].present?
+        end
+
+        def no_error_when_valid?
+          @file = StringIO.new(".")
+          @subject.send(@attachment_name).assign(@file)
+          @subject.valid?
+          expected_message = [
+            @attachment_name.to_s.titleize,
+            I18n.t(:blank, scope: [:errors, :messages])
+          ].join(" ")
+          @subject.errors.full_messages.exclude?(expected_message)
+        end
+      end
+    end
+  end
+end

data/lib/paperclip/matchers/validate_attachment_size_matcher.rb

@@ -0,0 +1,97 @@
+module Paperclip
+  module Shoulda
+    module Matchers
+      # Ensures that the given instance or class validates the size of the
+      # given attachment as specified.
+      #
+      # Examples:
+      #   it { should validate_attachment_size(:avatar).
+      #                 less_than(2.megabytes) }
+      #   it { should validate_attachment_size(:icon).
+      #                 greater_than(1024) }
+      #   it { should validate_attachment_size(:icon).
+      #                 in(0..100) }
+      def validate_attachment_size(name)
+        ValidateAttachmentSizeMatcher.new(name)
+      end
+
+      class ValidateAttachmentSizeMatcher
+        def initialize(attachment_name)
+          @attachment_name = attachment_name
+        end
+
+        def less_than(size)
+          @high = size
+          self
+        end
+
+        def greater_than(size)
+          @low = size
+          self
+        end
+
+        def in(range)
+          @low = range.first
+          @high = range.last
+          self
+        end
+
+        def matches?(subject)
+          @subject = subject
+          @subject = @subject.new if @subject.class == Class
+          lower_than_low? && higher_than_low? && lower_than_high? && higher_than_high?
+        end
+
+        def failure_message
+          "Attachment #{@attachment_name} must be between #{@low} and #{@high} bytes"
+        end
+
+        def failure_message_when_negated
+          "Attachment #{@attachment_name} cannot be between #{@low} and #{@high} bytes"
+        end
+        alias negative_failure_message failure_message_when_negated
+
+        def description
+          "validate the size of attachment #{@attachment_name}"
+        end
+
+        protected
+
+        def override_method(object, method, &replacement)
+          (class << object; self; end).class_eval do
+            define_method(method, &replacement)
+          end
+        end
+
+        def passes_validation_with_size(new_size)
+          file = StringIO.new(".")
+          override_method(file, :size) { new_size }
+          override_method(file, :to_tempfile) { file }
+
+          @subject.send(@attachment_name).post_processing = false
+          @subject.send(@attachment_name).assign(file)
+          @subject.valid?
+          @subject.errors[:"#{@attachment_name}_file_size"].blank?
+        ensure
+          @subject.send(@attachment_name).post_processing = true
+        end
+
+        def lower_than_low?
+          @low.nil? || !passes_validation_with_size(@low - 1)
+        end
+
+        def higher_than_low?
+          @low.nil? || passes_validation_with_size(@low + 1)
+        end
+
+        def lower_than_high?
+          @high.nil? || @high == Float::INFINITY || passes_validation_with_size(@high - 1)
+        end
+
+        def higher_than_high?
+          @high.nil? || @high == Float::INFINITY || !passes_validation_with_size(@high + 1)
+        end
+      end
+    end
+  end
+end

data/lib/paperclip/media_type_spoof_detector.rb

@@ -0,0 +1,90 @@
+module Paperclip
+  class MediaTypeSpoofDetector
+    def self.using(file, name, content_type)
+      new(file, name, content_type)
+    end
+
+    def initialize(file, name, content_type)
+      @file = file
+      @name = name
+      @content_type = content_type || ""
+    end
+
+    def spoofed?
+      if has_name? && media_type_mismatch? && mapping_override_mismatch?
+        Paperclip.log("Content Type Spoof: Filename #{File.basename(@name)} (#{supplied_content_type} from Headers, #{content_types_from_name.map(&:to_s)} from Extension), content type discovered from file command: #{calculated_content_type}. See documentation to allow this combination.")
+        true
+      else
+        false
+      end
+    end
+
+    private
+
+    def has_name?
+      @name.present?
+    end
+
+    def has_extension?
+      File.extname(@name).present?
+    end
+
+    def media_type_mismatch?
+      extension_type_mismatch? || calculated_type_mismatch?
+    end
+
+    def extension_type_mismatch?
+      supplied_media_type.present? &&
+        has_extension? &&
+        !media_types_from_name.include?(supplied_media_type)
+    end
+
+    def calculated_type_mismatch?
+      supplied_media_type.present? &&
+        !calculated_content_type.include?(supplied_media_type)
+    end
+
+    def mapping_override_mismatch?
+      !Array(mapped_content_type).include?(calculated_content_type)
+    end
+
+    def supplied_content_type
+      @content_type
+    end
+
+    def supplied_media_type
+      @content_type.split("/").first
+    end
+
+    def content_types_from_name
+      @content_types_from_name ||= MIME::Types.type_for(@name)
+    end
+
+    def media_types_from_name
+      @media_types_from_name ||= content_types_from_name.collect(&:media_type)
+    end
+
+    def calculated_content_type
+      @calculated_content_type ||= type_from_file_command.chomp
+    end
+
+    def calculated_media_type
+      @calculated_media_type ||= calculated_content_type.split("/").first
+    end
+
+    def type_from_file_command
+      Paperclip.run("file", "-b --mime :file", file: @file.path).
+        split(/[:;\s]+/).first
+    rescue Terrapin::CommandLineError
+      ""
+    end
+
+    def mapped_content_type
+      Paperclip.options[:content_type_mappings][filename_extension]
+    end
+
+    def filename_extension
+      File.extname(@name.to_s.downcase).sub(/^\./, "").to_sym
+    end
+  end
+end