m365_active_storage 1.0.0 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 248f6e95435a9737f6aa06db40f6d758a59a4d6355ad4399a12d5dbc0d24efde
-  data.tar.gz: c93ea5f7c16c419e2cfadbc9ce6a679b1a0abb533bb9863b9a75f8b7aed7d17d
+  metadata.gz: 72492311b32ca0b097c13fdec2e254d43006191dfeaa4a6d2245640ac7cd0b97
+  data.tar.gz: 281c7e93c835fb9c8bab29d29f0fc9efdb066c44457327ddd4be5eb71592cf63
 SHA512:
-  metadata.gz: 91d7ddd980e2959d4c834847affd9b515f1544c307fa00d562bf6c15b3754fa3c1d657ed648c03eb285eb7cd3a98daf75dc23c5c888bc88d1914fc19cd249528
-  data.tar.gz: d8cedd464a2fb9946f778b79b3113e1176aa4d444d56b271bfda1378a386a3765c21850279325a78b3af1a3c5547b5f85a3fe42857652e9b002e3d814cace891
+  metadata.gz: 0ecc16539d70ec002cb69f6aa1dde824e52ad6e51ec2ba2ea76ff0e9cc54de1aa714098f3ac301784489db932d3390cd93e158f6c5f38898592877a3350f1c55
+  data.tar.gz: 8d73cd54cec9435e1db2b3d7ac7583430d3fe450c83856dccf67fef018d91fcb162516f60cb15071f462855918d86c28c6d891d26e8ef46f564107908d46655b

data/CHANGELOG.md

@@ -1,5 +1,27 @@
-## [Unreleased]
+## [1.1.1] - 2026-04-10
 
-## [0.1.0] - 2026-01-13
+### Bug Fixes
+
+- Fix controller class discovery in `M365ActiveStorage::Files` so only controllers from the active gem installation are loaded, avoiding invalid constantization and inconsistent behavior when multiple gem copies or versions are present on the load path.
+- Fix credential-gated test skipping in `test_helper.rb` to avoid constant lookup errors by comparing class names instead of class constants, making skip behavior stable regardless of test load order.
+- Fix SharePoint path encoding to produce valid Graph URLs by encoding spaces as `%20` (not `+`), ensuring file and folder paths with spaces are resolved correctly.
+- Fix SharePoint ID not being persisted when blob is created with custom metadata (e.g., `sharepoint_folder`). ID persistence is now deferred to an `after_commit` hook to prevent being overwritten by Active Storage's blob save.
+
+### Security
+
+- Add explicit CSRF protection (`protect_from_forgery`) to `M365ActiveStorage::BlobsController` to address Brakeman security warning and enforce forgery protection posture.
+
+## [1.1.0] - 2026-03-25
+
+### Features
+
+- Add support for organizing files in nested SharePoint folders via `sharepoint_folder` metadata on blob attachments.
+- Allow configurable storage key to use either blob key or filename for file storage organization in SharePoint.
+
+### Security
+
+- Patch Stored XSS vulnerability in `action_text-trix` dependency.
+
+## [1.0.0] - 2026-03-16
 
 - Initial release

data/README.md

@@ -27,6 +27,7 @@ sharepoint:
   oauth_secret:
   sharepoint_site_id:
   sharepoint_drive_id:
+  storage_key:
 ```
 #### -- or --
 
@@ -40,8 +41,42 @@ OAUTH_APP_ID=
 OAUTH_SECRET=
 SHAREPOINT_SITE_ID=
 SHAREPOINT_DRIVE_ID=
+STORAGE_KEY=
 ```
 
+### Set storage key
+The storage key set when the file is stored using the blob key or the filename.
+```ruby
+storage_key: key | filename
+```
+#### Using the key store:
+Stores the files with the blob key in the sharepoint drive, with no extension. If 
+a file is uploaded more than once will be stored each time.
+
+#### Using the filename store:
+Stores the files using the filename instead of the key. In this case
+a if a file is uploaded twice only the last will remain in the sharepoint drive.
+
+With the filename storage, it's possible to manage folders to store the documents, allowing having
+files with the same name into different folders.
+
+In your app the path of the file can be set on the document attach:
+```ruby
+model.attachment.attach(
+  io: file,
+  filename: file.original_filename,
+  metadata: { "sharepoint_folder" => "documents/#{Date.today.year}/#{Date.today.strftime('%m')}" }
+)
+```
+This will create or use the nested folder structure, in this example:
+```shell
+documents/
+  2026/
+    03/
+```
+
+
+
 ### Set active storage to sharepoint service
 In the app config/environments/`<environment>`.rb
 

data/config/storage.yml

@@ -7,4 +7,5 @@ sharepoint:
   app_id: <%= Rails.application.credentials.dig(:sharepoint, :oauth_app_id) || ENV["OAUTH_APP_ID"] %>
   secret: <%= Rails.application.credentials.dig(:sharepoint, :oauth_secret) || ENV["OAUTH_SECRET"] %>
   site_id: <%= Rails.application.credentials.dig(:sharepoint, :sharepoint_site_id) || ENV["SHAREPOINT_SITE_ID"] %>
-  drive_id: <%= Rails.application.credentials.dig(:sharepoint, :sharepoint_drive_id) || ENV["SHAREPOINT_DRIVE_ID"] %>
+  drive_id: <%= Rails.application.credentials.dig(:sharepoint, :sharepoint_drive_id) || ENV["SHAREPOINT_DRIVE_ID"] %>
+  storage_key: <%= Rails.application.credentials.dig(:sharepoint, :sharepoint_storage_key) || ENV["SHAREPOINT_STORAGE_KEY"] %>

data/lib/active_storage/configuration.rb

@@ -70,7 +70,7 @@ module M365ActiveStorage
   class Configuration
     attr_reader :ms_graph_url, :ms_graph_version, :ms_graph_endpoint,
                 :auth_host, :tenant_id,
-                :app_id, :secret, :site_id, :drive_id
+                :app_id, :secret, :site_id, :drive_id, :storage_key
 
     # Initialize Configuration with the provided parameters
     #
@@ -86,6 +86,7 @@ module M365ActiveStorage
     # @option options [String] :secret The Azure AD client secret
     # @option options [String] :site_id The SharePoint site ID
     # @option options [String] :drive_id The SharePoint drive ID
+    # @option options [String] :storage_key The SharePoint storage key
     #
     # @raise [KeyError] if any required parameter is missing or empty
     #
@@ -98,7 +99,7 @@ module M365ActiveStorage
     #
     # @see #validate_configuration!
     def initialize(**options)
-      fetch_configuration_params(options)
+      fetch_configuration_params(options.with_indifferent_access)
       validate_configuration!
     rescue KeyError => e
       raise KeyError, "Configuration error: #{e.message}"
@@ -114,7 +115,6 @@ module M365ActiveStorage
     # @return [void]
     # @raise [KeyError] if any required parameter is missing
     def fetch_configuration_params(options)
-      options = options.with_indifferent_access
       @auth_host = options.fetch(:auth_host)
       @tenant_id = options.fetch(:tenant_id)
       @app_id = options.fetch(:app_id)
@@ -124,6 +124,7 @@ module M365ActiveStorage
       @site_id = options.fetch(:site_id)
       @drive_id = options.fetch(:drive_id)
       @ms_graph_endpoint = "#{@ms_graph_url}/#{@ms_graph_version}"
+      @storage_key = options.fetch(:storage_key) || "key"
     end
 
     # Validate that all required configuration parameters are present and non-empty

data/lib/active_storage/service/sharepoint_service.rb

@@ -129,6 +129,8 @@ module ActiveStorage
     #
     # Uploads file content to the configured SharePoint drive.
     # The file is stored with the blob's filename for better organization in SharePoint.
+    # The SharePoint item ID is persisted asynchronously in an after_commit hook
+    # to avoid being overwritten by Active Storage's blob.save.
     #
     # @param [String] key The Active Storage blob key (ignored, filename used instead)
     # @param [IO] io The file content as an IO object
@@ -142,12 +144,18 @@ module ActiveStorage
     #
     # @see #get_storage_name
     # @see #handle_upload_response
+    # @see #ensure_folder_path
     def upload(key, io, **)
       auth.ensure_valid_token
-      storage_name = get_storage_name(key)
-      upload_url = "#{drive_url}/root:/#{CGI.escape(storage_name)}:/content"
+      folder_path = sharepoint_folder_for(key)
+      ensure_folder_path(folder_path)
+      storage_path = build_storage_path(get_storage_name(key), folder_path)
+      upload_url = "#{drive_url}/root:/#{encode_storage_path(storage_path)}:/content"
       response = http.put(upload_url, io.read, { "Content-Type": "application/octet-stream" })
-      handle_upload_response(response)
+      raise "Failed to upload file to SharePoint" unless [201, 200].include?(response.code.to_i)
+
+      # Store response body payload in thread-local storage for later retrieval in after_commit hook
+      Thread.current[:sharepoint_upload_response] = response
     end
 
     # Download a file from SharePoint
@@ -185,9 +193,11 @@ module ActiveStorage
     # @see #download
     def fetch_download(key)
       auth.ensure_valid_token
-      storage_name = get_storage_name(key)
-      download_url = "#{drive_url}/root:/#{CGI.escape(storage_name)}:/content"
-      http.get(download_url)
+      download_url = sharepoint_content_url_for(key)
+      response = http.get(download_url)
+      return response unless should_retry_with_path_url?(key, response)
+
+      http.get(legacy_content_url_for(key))
     end
 
     # Handle the HTTP response from a download request
@@ -249,20 +259,25 @@ module ActiveStorage
     #
     # @see #download_chunk
     def fetch_chunk(key, range)
-      storage_name = get_storage_name(key)
-      download_url = "#{drive_url}/root:/#{CGI.escape(storage_name)}:/content"
-      http.get(download_url, { "Range": "bytes=#{range.begin}-#{range.end}" })
+      download_url = sharepoint_content_url_for(key)
+      response = http.get(download_url, { "Range": "bytes=#{range.begin}-#{range.end}" })
+      return response unless should_retry_with_path_url?(key, response)
+
+      http.get(legacy_content_url_for(key), { "Range": "bytes=#{range.begin}-#{range.end}" })
     end
 
     # Delete a file from SharePoint
     #
-    # Removes a file from the SharePoint drive. Requires the filename to be available
-    # from the PendingDelete registry (set before the blob was deleted).
+    # Removes a file from the SharePoint drive.
+    #
+    # It prefers deletion by SharePoint item ID and falls back to filename when
+    # the item ID is not available. When the blob record has already been deleted,
+    # it reads pending data from PendingDelete.
     #
     # @param [String] key The blob key to delete
     # @return [Boolean] true if deletion was successful (204 response)
     #
-    # @raise [StandardError] if filename not found or deletion fails
+    # @raise [StandardError] if identifier not found or deletion fails
     #
     # @example
     #   success = service.delete("key123")  # => true
@@ -271,12 +286,10 @@ module ActiveStorage
     # @see M365ActiveStorage::Railtie
     def delete(key)
       auth.ensure_valid_token
-      # get the filename from the pending deletes storage
-      # because once the blob is deleted, we can no longer get the filename from the blob record
-      storage_name = M365ActiveStorage::PendingDelete.get(key)
-      raise "Filename not found for key #{key}. Cannot delete file from SharePoint." unless storage_name
 
-      delete_url = "#{drive_url}/root:/#{CGI.escape(storage_name)}"
+      delete_url = sharepoint_delete_url_for(key)
+      raise "Identifier not found for key #{key}. Cannot delete file from SharePoint." unless delete_url
+
       response = http.delete(delete_url)
       response.code.to_i == 204
     end
@@ -301,8 +314,7 @@ module ActiveStorage
     #   service.exist?("key123")  # => true or false
     def exist?(key)
       auth.ensure_valid_token
-      storage_name = get_storage_name(key)
-      check_url = "#{drive_url}/root:/#{CGI.escape(storage_name)}"
+      check_url = sharepoint_item_url_for(key)
       response = http.get(check_url)
       response.code.to_i == 200
     end
@@ -348,19 +360,224 @@ module ActiveStorage
       "#{config.ms_graph_endpoint}/sites/#{config.site_id}/drives/#{config.drive_id}"
     end
 
-    # Handle the response from an upload request
+
+
+    # Persist the SharePoint item id in blob metadata from a stored upload response.
+    #
+    # This is called by the Railtie's after_commit hook to store the SharePoint ID
+    # after the blob has been fully saved to the database, preventing the ID from
+    # being overwritten by Active Storage's metadata save.
+    #
+    # Stored keys:
+    # * metadata["sharepoint_id"] - convenience flat key for quick access
+    # * metadata["sharepoint"]["id"] - namespaced SharePoint metadata
+    #
+    # @param [String] key The Active Storage blob key
+    # @param [Net::HTTPResponse, String] response The upload response or JSON payload string
+    # @return [void]
+
+    def persist_sharepoint_id_from_response(key, response)
+      body = response.is_a?(String) ? response : response.body.to_s
+      return if body.to_s.strip.empty?
+
+      payload = JSON.parse(body)
+      sharepoint_id = payload["id"]
+      return if sharepoint_id.to_s.empty?
+
+      blob = ActiveStorage::Blob.find_by(key: key)
+      return unless blob
+
+      metadata = blob.metadata.is_a?(Hash) ? blob.metadata.dup : {}
+      sharepoint_metadata = metadata["sharepoint"].is_a?(Hash) ? metadata["sharepoint"].dup : {}
+
+      sharepoint_metadata["id"] = sharepoint_id
+      metadata["sharepoint"] = sharepoint_metadata
+      metadata["sharepoint_id"] = sharepoint_id
+
+      blob.update_columns(metadata: metadata)
+    rescue JSON::ParserError
+      nil
+    end
+
+    # Resolve the SharePoint content URL for a blob key.
+    #
+    # Preference order:
+    # 1) Blob metadata sharepoint_id (stable item reference)
+    # 2) Filename/key path fallback for backwards compatibility
+    #
+    # @param [String] key The Active Storage blob key
+    # @return [String] The content URL to download from SharePoint
+    def sharepoint_content_url_for(key)
+      sharepoint_id = sharepoint_item_id_for(key)
+      return "#{drive_url}/items/#{CGI.escape(sharepoint_id)}/content" if sharepoint_id.present?
+
+      legacy_content_url_for(key)
+    end
+
+    # Build the legacy path-based content URL for a blob key.
+    #
+    # Includes folder path when present in blob metadata.
+    #
+    # @param [String] key The Active Storage blob key
+    # @return [String] Path-based content URL
+    def legacy_content_url_for(key)
+      "#{drive_url}/root:/#{encode_storage_path(get_storage_path(key))}:/content"
+    end
+
+    # Retry with path URL only when ID-based lookup was attempted and failed.
+    #
+    # @param [String] key The Active Storage blob key
+    # @param [Net::HTTPResponse] response The response from the ID-based request
+    # @return [Boolean] true when a path fallback should be attempted
+    def should_retry_with_path_url?(key, response)
+      sharepoint_item_id_for(key).present? && [400, 404].include?(response.code.to_i)
+    end
+
+    # Resolve the SharePoint item URL for a blob key.
+    #
+    # Preference order:
+    # 1) Blob metadata sharepoint_id
+    # 2) Filename/key path fallback
+    #
+    # @param [String] key The Active Storage blob key
+    # @return [String] SharePoint item URL (without /content)
+    def sharepoint_item_url_for(key)
+      sharepoint_id = sharepoint_item_id_for(key)
+      return "#{drive_url}/items/#{CGI.escape(sharepoint_id)}" if sharepoint_id.present?
+
+      "#{drive_url}/root:/#{encode_storage_path(get_storage_path(key))}"
+    end
+
+    # Resolve the SharePoint delete URL for a blob key.
+    #
+    # Since blob records may already be deleted when Active Storage calls #delete,
+    # this method also checks PendingDelete data captured in before_destroy.
+    #
+    # @param [String] key The Active Storage blob key
+    # @return [String, nil] URL to delete, or nil when no identifier could be resolved
+    def sharepoint_delete_url_for(key)
+      sharepoint_id = sharepoint_item_id_for(key)
+      return "#{drive_url}/items/#{CGI.escape(sharepoint_id)}" if sharepoint_id.present?
+
+      pending_delete = M365ActiveStorage::PendingDelete.get(key)
+      if pending_delete.is_a?(Hash)
+        pending_sharepoint_id = pending_delete["sharepoint_id"] || pending_delete[:sharepoint_id]
+        return "#{drive_url}/items/#{CGI.escape(pending_sharepoint_id)}" if pending_sharepoint_id.present?
+
+        storage_name  = pending_delete["filename"] || pending_delete[:filename]
+        folder_path   = pending_delete["sharepoint_folder"] || pending_delete[:sharepoint_folder]
+        storage_path  = build_storage_path(storage_name, folder_path)
+      else
+        storage_path = pending_delete
+      end
+
+      storage_path = key if storage_path.blank? && @config.storage_key.downcase == "key"
+      return nil if storage_path.blank?
+
+      "#{drive_url}/root:/#{encode_storage_path(storage_path)}"
+    end
+
+    # Read the SharePoint folder path from blob metadata.
+    #
+    # The app sets this before attaching a file:
+    #
+    #   blob.metadata["sharepoint_folder"] = "documents/invoices"
+    #   record.file.attach(io: file, filename: "doc.pdf",
+    #                      metadata: { "sharepoint_folder" => "documents/invoices" })
+    #
+    # Supports nested paths: "level1/level2/level3"
+    #
+    # @param [String] key The Active Storage blob key
+    # @return [String, nil] Folder path or nil when not set
+    def sharepoint_folder_for(key)
+      blob = ActiveStorage::Blob.find_by(key: key)
+      return nil unless blob&.metadata.is_a?(Hash)
+
+      blob.metadata["sharepoint_folder"].presence
+    end
+
+    # Build the full SharePoint storage path combining folder and filename.
     #
-    # Validates that the upload succeeded (201 Created or 200 OK).
-    # Raises an error for any other status code.
+    # @param [String] filename The file name
+    # @param [String, nil] folder_path Optional folder path (e.g. "docs/invoices")
+    # @return [String] Combined path (e.g. "docs/invoices/document.pdf")
+    def build_storage_path(filename, folder_path = nil)
+      return filename if folder_path.blank?
+
+      "#{folder_path.to_s.chomp('/')}/#{filename}"
+    end
+
+    # Get the full storage path (folder + filename) for a blob key.
     #
-    # @param [Net::HTTPResponse] response The HTTP response from the upload
+    # @param [String] key The Active Storage blob key
+    # @return [String] Full storage path
+    def get_storage_path(key)
+      build_storage_path(get_storage_name(key), sharepoint_folder_for(key))
+    end
+
+    # Encode a storage path for use in a Microsoft Graph URL.
+    #
+    # Each path segment is CGI-encoded individually so that "/" separators
+    # are preserved and not encoded as "%2F".
+    # Spaces are encoded as "%20" (not "+") to ensure proper URL path handling.
+    #
+    # @param [String] path The path to encode (e.g. "my folder/sub folder/file.pdf")
+    # @return [String] URL-safe encoded path (e.g. "my%20folder/sub%20folder/file.pdf")
+    def encode_storage_path(path)
+      path.split("/").map { |s| CGI.escape(s).gsub("+", "%20") }.join("/")
+    end
+
+    # Ensure the full folder hierarchy exists in SharePoint.
+    #
+    # Walks through each segment of the path from root down, creating
+    # any folder that does not yet exist. Existing folders are silently skipped.
+    #
+    # @param [String, nil] folder_path The folder path to create (e.g. "docs/invoices/2024")
     # @return [void]
+    def ensure_folder_path(folder_path)
+      return if folder_path.blank?
+
+      segments = folder_path.split("/").reject(&:blank?)
+      segments.each_with_index do |segment, index|
+        parent_path = segments[0...index].join("/")
+        create_sharepoint_folder(parent_path, segment)
+      end
+    end
+
+    # Create a single folder in SharePoint.
+    #
+    # Uses conflictBehavior "fail" and treats a 409 Conflict response as a
+    # no-op so the call is idempotent — safe to call even when the folder
+    # already exists.
     #
-    # @raise [StandardError] if upload failed
-    def handle_upload_response(response)
-      return if [201, 200].include?(response.code.to_i)
+    # @param [String] parent_path Parent folder path relative to drive root
+    #   (empty string means drive root)
+    # @param [String] folder_name The name of the folder to create
+    # @return [void]
+    def create_sharepoint_folder(parent_path, folder_name)
+      url = if parent_path.present?
+              "#{drive_url}/root:/#{encode_storage_path(parent_path)}:/children"
+            else
+              "#{drive_url}/root/children"
+            end
+      body = { name: folder_name, folder: {}, "@microsoft.graph.conflictBehavior": "fail" }.to_json
+      http.post(url, body, { "Content-Type": "application/json" })
+      # 201 = created, 409 = already exists — both are acceptable outcomes
+    end
 
-      raise "Failed to upload file to SharePoint"
+    # Extract SharePoint item id from blob metadata.
+    #
+    # Supported metadata keys:
+    # * metadata["sharepoint_id"]
+    # * metadata["sharepoint"]["id"]
+    #
+    # @param [String] key The Active Storage blob key
+    # @return [String, nil] SharePoint item id if present
+    def sharepoint_item_id_for(key)
+      blob = ActiveStorage::Blob.find_by(key: key)
+      return nil unless blob&.metadata.is_a?(Hash)
+
+      blob.metadata["sharepoint_id"].presence || blob.metadata.dig("sharepoint", "id").presence
     end
 
     # Get the storage name for a blob key
@@ -376,6 +593,8 @@ module ActiveStorage
     #   # If blob exists: => "document.pdf"
     #   # If blob doesn't exist: => "abc123def456"
     def get_storage_name(key)
+      return key if @config.storage_key.downcase == "key"
+
       blob = ActiveStorage::Blob.find_by(key: key)
       return key unless blob.present? && blob.filename.present?
 

data/lib/m365_active_storage/controllers/blobs_controller.rb

@@ -43,6 +43,8 @@ module M365ActiveStorage
   # @see ActiveStorage::Blob
   # @see ActiveStorage::Service::SharepointService
   class BlobsController < ActionController::Base
+    protect_from_forgery with: :exception
+
     # Display/download a blob
     #
     # Retrieves a blob by its signed ID and sends it to the client with appropriate

data/lib/m365_active_storage/files.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "pathname"
+
 module M365ActiveStorage
   # == File Discovery and Loading
   #
@@ -52,8 +54,17 @@ module M365ActiveStorage
     # @see #controller_files
     def self.controller_classes
       controller_files.map do |path|
-        path.remove("#{root}/lib/").remove("controllers/").remove(".rb").camelize.constantize
-      end
+        # Extract the relative path from the gem root, then convert to class name
+        root_path = Pathname.new("#{root}/lib")
+        file_path = Pathname.new(path)
+        
+        # Skip files that are not within the gem's lib directory (e.g., from other gem installations)
+        next nil if file_path.relative_path_from(root_path).to_s.start_with?("..")
+        
+        relative_path = file_path.relative_path_from(root_path).to_s
+        class_name = relative_path.remove("controllers/").remove(".rb").camelize.constantize
+        class_name
+      end.compact
     end
   end
 end

data/lib/m365_active_storage/railtie.rb

@@ -31,9 +31,9 @@ module M365ActiveStorage
   # === File Deletion Flow
   #
   # When a blob is destroyed and it's using the SharePoint service:
-  # 1. The before_destroy callback captures the blob's filename
+  # 1. The before_destroy callback captures blob metadata needed for deletion
   # 2. Stores it in PendingDelete for later retrieval
-  # 3. The filename can be used by the async deletion worker to clean up SharePoint
+  # 3. The async deletion worker can delete by SharePoint ID or filename fallback
   #
   # @see M365ActiveStorage::Files
   # @see M365ActiveStorage::PendingDelete
@@ -41,22 +41,48 @@ module M365ActiveStorage
   class Railtie < ::Rails::Railtie
     # Hook into Rails initialization to set up gem components
     config.after_initialize do
-      # Add before_destroy callback to ActiveStorage::Blob to capture filename
+      # Add before_destroy callback to ActiveStorage::Blob to capture deletion identifiers
+      # Add after_commit callback to persist SharePoint ID after blob is fully saved
       ::ActiveStorage::Blob.class_eval do
         before_destroy :store_filename_for_deletion, if: proc { |blob| blob.service.is_a?(::ActiveStorage::Service::SharepointService) }
+        after_commit :persist_sharepoint_id_from_thread_storage, on: [:create], if: proc { |blob| blob.service.is_a?(::ActiveStorage::Service::SharepointService) }
 
         private
 
-        # Store the filename in the pending deletes storage before the blob is destroyed
+        # Store deletion identifiers in the pending deletes storage before the blob is destroyed
         #
         # This callback is triggered before a blob is destroyed from the database.
-        # It captures the blob's filename and stores it in PendingDelete so that
+        # It captures the blob's filename and SharePoint item ID (if present)
+        # and stores them in PendingDelete so that
         # asynchronous deletion processes can move the file to the recycle bin
         # in SharePoint.
         #
         # @return [void]
         def store_filename_for_deletion
-          M365ActiveStorage::PendingDelete.store(key, filename.to_s)
+          blob_metadata = metadata.is_a?(Hash) ? metadata : {}
+          sharepoint_id = blob_metadata["sharepoint_id"].presence || blob_metadata.dig("sharepoint", "id").presence
+          pending_delete_data = {
+            "filename"          => filename.to_s,
+            "sharepoint_id"     => sharepoint_id,
+            "sharepoint_folder" => blob_metadata["sharepoint_folder"].presence
+          }
+          M365ActiveStorage::PendingDelete.store(key, pending_delete_data)
+        end
+
+        # Persist the SharePoint ID from the upload response after blob is saved
+        #
+        # This callback fires after the blob has been successfully committed to the database
+        # via the after_commit hook. It retrieves the upload response stored in thread-local
+        # storage by the service.upload method and persists the SharePoint ID to avoid
+        # being overwritten by Active Storage's blob.save.
+        #
+        # @return [void]
+        def persist_sharepoint_id_from_thread_storage
+          upload_response = Thread.current[:sharepoint_upload_response]
+          return unless upload_response.present?
+
+          Thread.current[:sharepoint_upload_response] = nil # Clean up thread storage
+          service.send(:persist_sharepoint_id_from_response, key, upload_response)
         end
       end
     end

data/lib/m365_active_storage/version.rb

@@ -2,5 +2,5 @@
 
 module M365ActiveStorage
   # The version of the m365_active_storage gem
-  VERSION = "1.0.0"
+  VERSION = "1.1.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: m365_active_storage
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Óscar León
@@ -51,7 +51,7 @@ metadata:
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/oei-int/m365-active-storage
   source_code_uri: https://github.com/oei-int/m365-active-storage
-  changelog_uri: https://github.com/oei-int/m365-active-storage/CHANGELOG.md
+  changelog_uri: https://github.com/oei-int/m365-active-storage/blob/main/CHANGELOG.md
   documentation_uri: https://rubydoc.info/gems/m365_active_storage
   bug_tracker_uri: https://github.com/oei-int/m365-active-storage/issues
 rdoc_options: