refile 0.5.5 → 0.6.0

data/lib/refile/backend_macros.rb

@@ -6,8 +6,8 @@ module Refile
     def verify_id(method)
       mod = Module.new do
         define_method(method) do |id|
-          id = id.to_s
-          if id =~ /\A[a-z0-9]+\z/i
+          id = self.class.decode_id(id)
+          if self.class.valid_id?(id)
             super(id)
           else
             raise Refile::InvalidID
@@ -20,18 +20,26 @@ module Refile
     def verify_uploadable(method)
       mod = Module.new do
         define_method(method) do |uploadable|
-          [:size, :read, :eof?, :close].each do |m|
+          [:size, :read, :eof?, :rewind, :close].each do |m|
             unless uploadable.respond_to?(m)
-              raise ArgumentError, "does not respond to `#{m}`."
+              raise Refile::InvalidFile, "does not respond to `#{m}`."
             end
           end
           if max_size and uploadable.size > max_size
-            raise Refile::Invalid, "#{uploadable.inspect} is too large"
+            raise Refile::InvalidMaxSize, "#{uploadable.inspect} is too large"
           end
           super(uploadable)
         end
       end
       prepend mod
     end
+
+    def valid_id?(id)
+      id =~ /\A[a-z0-9]+\z/i
+    end
+
+    def decode_id(id)
+      id.to_s
+    end
   end
 end

data/lib/refile/custom_logger.rb

@@ -6,7 +6,9 @@ module Refile
     LOG_FORMAT = %(%s: [%s] %s "%s%s" %d %0.1fms\n)
 
     def initialize(app, prefix, logger_proc)
-      @app, @prefix, @logger_proc = app, prefix, logger_proc
+      @app = app
+      @prefix = prefix
+      @logger_proc = logger_proc
     end
 
     def call(env)

data/lib/refile/file.rb

@@ -71,9 +71,18 @@ module Refile
 
       Tempfile.new(id, binmode: true).tap do |tempfile|
         IO.copy_stream(io, tempfile)
+        tempfile.rewind
+        tempfile.fsync
       end
     end
 
+    # Rewind to beginning of file.
+    #
+    # @return [nil]
+    def rewind
+      @io = nil
+    end
+
   private
 
     def io

data/lib/refile/image_processing.rb

@@ -1,143 +1 @@
-require "refile"
-require "mini_magick"
-
-module Refile
-  # Processes images via MiniMagick, resizing cropping and padding them.
-  class ImageProcessor
-    # @param [Symbol] method        The method to invoke on {#call}
-    def initialize(method)
-      @method = method
-    end
-
-    # Changes the image encoding format to the given format
-    #
-    # @see http://www.imagemagick.org/script/command-line-options.php#format
-    # @param [MiniMagick::Image] img      the image to convert
-    # @param [String] format              the format to convert to
-    # @return [void]
-    def convert(img, format)
-      img.format(format.to_s.downcase, nil)
-    end
-
-    # Resize the image to fit within the specified dimensions while retaining
-    # the original aspect ratio. Will only resize the image if it is larger
-    # than the specified dimensions. The resulting image may be shorter or
-    # narrower than specified in either dimension but will not be larger than
-    # the specified values.
-    #
-    # @param [MiniMagick::Image] img      the image to convert
-    # @param [#to_s] width                the maximum width
-    # @param [#to_s] height               the maximum height
-    # @return [void]
-    def limit(img, width, height)
-      img.resize "#{width}x#{height}>"
-    end
-
-    # Resize the image to fit within the specified dimensions while retaining
-    # the original aspect ratio. The image may be shorter or narrower than
-    # specified in the smaller dimension but will not be larger than the
-    # specified values.
-    #
-    # @param [MiniMagick::Image] img      the image to convert
-    # @param [#to_s] width                the width to fit into
-    # @param [#to_s] height               the height to fit into
-    # @return [void]
-    def fit(img, width, height)
-      img.resize "#{width}x#{height}"
-    end
-
-    # Resize the image so that it is at least as large in both dimensions as
-    # specified, then crops any excess outside the specified dimensions.
-    #
-    # The resulting image will always be exactly as large as the specified
-    # dimensions.
-    #
-    # By default, the center part of the image is kept, and the remainder
-    # cropped off, but this can be changed via the `gravity` option.
-    #
-    # @param [MiniMagick::Image] img      the image to convert
-    # @param [#to_s] width                the width to fill out
-    # @param [#to_s] height               the height to fill out
-    # @param [String] gravity             which part of the image to focus on
-    # @return [void]
-    # @see http://www.imagemagick.org/script/command-line-options.php#gravity
-    def fill(img, width, height, gravity = "Center")
-      # FIXME: test and rewrite to simpler implementation!
-      width = width.to_i
-      height = height.to_i
-      cols, rows = img[:dimensions]
-      img.combine_options do |cmd|
-        if width != cols || height != rows
-          scale_x = width / cols.to_f
-          scale_y = height / rows.to_f
-          if scale_x >= scale_y
-            cols = (scale_x * (cols + 0.5)).round
-            rows = (scale_x * (rows + 0.5)).round
-            cmd.resize "#{cols}"
-          else
-            cols = (scale_y * (cols + 0.5)).round
-            rows = (scale_y * (rows + 0.5)).round
-            cmd.resize "x#{rows}"
-          end
-        end
-        cmd.gravity gravity
-        cmd.background "rgba(255,255,255,0.0)"
-        cmd.extent "#{width}x#{height}" if cols != width || rows != height
-      end
-    end
-
-    # resize the image to fit within the specified dimensions while retaining
-    # the original aspect ratio in the same way as {#fill}. unlike {#fill} it
-    # will, if necessary, pad the remaining area with the given color, which
-    # defaults to transparent where supported by the image format and white
-    # otherwise.
-    #
-    # the resulting image will always be exactly as large as the specified
-    # dimensions.
-    #
-    # by default, the image will be placed in the center but this can be
-    # changed via the `gravity` option.
-    #
-    # @param [minimagick::image] img      the image to convert
-    # @param [#to_s] width                the width to fill out
-    # @param [#to_s] height               the height to fill out
-    # @param [string] background          the color to use as a background
-    # @param [string] gravity             which part of the image to focus on
-    # @return [void]
-    # @see http://www.imagemagick.org/script/color.php
-    # @see http://www.imagemagick.org/script/command-line-options.php#gravity
-    def pad(img, width, height, background = "transparent", gravity = "Center")
-      img.combine_options do |cmd|
-        cmd.thumbnail "#{width}x#{height}>"
-        if background == "transparent"
-          cmd.background "rgba(255, 255, 255, 0.0)"
-        else
-          cmd.background background
-        end
-        cmd.gravity gravity
-        cmd.extent "#{width}x#{height}"
-      end
-    end
-
-    # Process the given file. The file will be processed via one of the
-    # instance methods of this class, depending on the `method` argument passed
-    # to the constructor on initialization.
-    #
-    # If the format is given it will convert the image to the given file format.
-    #
-    # @param [Tempfile] file        the file to manipulate
-    # @param [String] format        the file format to convert to
-    # @return [File]                the processed file
-    def call(file, *args, format: nil)
-      img = ::MiniMagick::Image.new(file.path)
-      img.format(format.to_s.downcase, nil) if format
-      send(@method, img, *args)
-
-      ::File.open(img.path, "rb")
-    end
-  end
-end
-
-[:fill, :fit, :limit, :pad, :convert].each do |name|
-  Refile.processor(name, Refile::ImageProcessor.new(name))
-end
+raise "[Refile] image processing has been extracted into a separate gem, see https://github.com/refile/refile-mini_magick"

data/lib/refile/rails.rb

@@ -5,6 +5,11 @@ module Refile
   # @api private
   class Engine < Rails::Engine
     initializer "refile.setup", before: :load_environment_config do
+      if RUBY_PLATFORM == "java"
+        # Work around a bug in JRuby, see: https://github.com/jruby/jruby/issues/2779
+        Encoding.default_internal = nil
+      end
+
       Refile.store ||= Refile::Backend::FileSystem.new(Rails.root.join("tmp/uploads/store").to_s)
       Refile.cache ||= Refile::Backend::FileSystem.new(Rails.root.join("tmp/uploads/cache").to_s)
 
@@ -20,5 +25,30 @@ module Refile
       Refile.logger = Rails.logger
       Refile.app = Refile::App.new
     end
+
+    initializer "refile.secret_key" do |app|
+      Refile.secret_key ||= if app.respond_to?(:secrets)
+        app.secrets.secret_key_base
+      elsif app.config.respond_to?(:secret_key_base)
+        app.config.secret_key_base
+      elsif app.config.respond_to?(:secret_token)
+        app.config.secret_token
+      end
+    end
+  end
+end
+
+# Add in missing methods for file uploads in Rails < 4
+ActionDispatch::Http::UploadedFile.class_eval do
+  unless instance_methods.include?(:eof?)
+    def eof?
+      @tempfile.eof?
+    end
+  end
+
+  unless instance_methods.include?(:close)
+    def close
+      @tempfile.close
+    end
   end
 end

data/lib/refile/rails/attachment_helper.rb

@@ -19,11 +19,17 @@ module Refile
     # @param [Refile::Attachment] object   Instance of a class which has an attached file
     # @param [Symbol] name                 The name of the attachment column
     # @param [String, nil] filename        The filename to be appended to the URL
+    # @param [String, nil] fallback        The path to an asset to be used as a fallback
     # @param [String, nil] format          A file extension to be appended to the URL
     # @param [String, nil] host            Override the host
     # @return [String, nil]                The generated URL
-    def attachment_url(record, name, *args, **opts)
-      Refile.attachment_url(record, name, *args, **opts)
+    def attachment_url(record, name, *args, fallback: nil, **opts)
+      file = record && record.public_send(name)
+      if file
+        Refile.attachment_url(record, name, *args, **opts)
+      elsif fallback
+        asset_url(fallback)
+      end
     end
 
     # Generates an image tag for the given attachment, adding appropriate
@@ -36,12 +42,12 @@ module Refile
     # @param [Hash] options                      Additional options for the image tag
     # @see #attachment_url
     # @return [ActiveSupport::SafeBuffer, nil]   The generated image tag
-    def attachment_image_tag(record, name, *args, fallback: nil, format: nil, host: nil, **options)
-      file = record.send(name)
-      classes = ["attachment", record.class.model_name.singular, name, *options[:class]]
+    def attachment_image_tag(record, name, *args, fallback: nil, host: nil, prefix: nil, format: nil, **options)
+      file = record && record.public_send(name)
+      classes = ["attachment", (record.class.model_name.singular if record), name, *options[:class]]
 
       if file
-        image_tag(attachment_url(record, name, *args, format: format, host: host), options.merge(class: classes))
+        image_tag(attachment_url(record, name, *args, host: host, prefix: prefix, format: format), options.merge(class: classes))
       elsif fallback
         classes << "fallback"
         image_tag(fallback, options.merge(class: classes))
@@ -63,23 +69,28 @@ module Refile
     def attachment_field(object_name, method, object:, **options)
       options[:data] ||= {}
 
-      attacher = object.send(:"#{method}_attacher")
-      options[:accept] = attacher.accept
+      definition = object.send(:"#{method}_attachment_definition")
+      options[:accept] = definition.accept
 
       if options[:direct]
-        host = options[:host] || Refile.host || request.base_url
-        backend_name = Refile.backends.key(attacher.cache)
-
-        url = ::File.join(host, main_app.refile_app_path, backend_name)
+        url = Refile.attachment_upload_url(object, method, host: options[:host], prefix: options[:prefix])
         options[:data].merge!(direct: true, as: "file", url: url)
       end
 
-      if options[:presigned] and attacher.cache.respond_to?(:presign)
-        options[:data].merge!(direct: true).merge!(attacher.cache.presign.as_json)
+      if options[:presigned] and definition.cache.respond_to?(:presign)
+        url = Refile.attachment_presign_url(object, method, host: options[:host], prefix: options[:prefix])
+        options[:data].merge!(direct: true, presigned: true, url: url)
       end
 
-      html = hidden_field(object_name, method, value: attacher.data.to_json, object: object, id: nil)
-      html + file_field(object_name, method, options)
+      options[:data][:reference] = SecureRandom.hex
+
+      hidden_field(object_name, method,
+        multiple: options[:multiple],
+        value: object.send("#{method}_data").try(:to_json),
+        object: object,
+        id: nil,
+        data: { reference: options[:data][:reference] }
+      ) + file_field(object_name, method, options)
     end
   end
 end

data/lib/refile/signature.rb

@@ -27,5 +27,10 @@ module Refile
     def as_json(*)
       { as: @as, id: @id, url: @url, fields: @fields }
     end
+
+    # @return [String] the signature serialized as JSON
+    def to_json(*)
+      as_json.to_json
+    end
   end
 end

data/lib/refile/simple_form.rb

@@ -0,0 +1,17 @@
+# make attachment_field behave like a normal input type so we get nice wrapper and labels
+# <%= f.input :cover_image, as: :attachment, direct: true, presigned: true %>
+module SimpleForm
+  module Inputs
+    class AttachmentInput < Base
+      def input(wrapper_options = nil)
+        refile_options = [:presigned, :direct, :multiple]
+        merged_input_options = merge_wrapper_options(input_options.slice(*refile_options).merge(input_html_options), wrapper_options)
+        @builder.attachment_field(attribute_name, merged_input_options)
+      end
+    end
+  end
+end
+
+SimpleForm::FormBuilder.class_eval do
+  map_type :attachment, to: SimpleForm::Inputs::AttachmentInput
+end

data/lib/refile/version.rb

@@ -1,3 +1,3 @@
 module Refile
-  VERSION = "0.5.5"
+  VERSION = "0.6.0"
 end

data/spec/refile/active_record_helper.rb

@@ -11,6 +11,7 @@ ActiveRecord::Base.establish_connection(
 class TestMigration < ActiveRecord::Migration
   def self.up
     create_table :posts, force: true do |t|
+      t.integer :user_id
       t.column :title, :string
       t.column :image_id, :string
       t.column :document_id, :string
@@ -18,6 +19,16 @@ class TestMigration < ActiveRecord::Migration
       t.column :document_content_type, :string
       t.column :document_size, :integer
     end
+
+    create_table :users, force: true
+
+    create_table :documents, force: true do |t|
+      t.belongs_to :post, null: false
+      t.column :file_id, :string, null: false
+      t.column :file_filename, :string
+      t.column :file_content_type, :string
+      t.column :file_size, :integer, null: false
+    end
   end
 end
 

data/spec/refile/app_spec.rb

@@ -7,11 +7,15 @@ describe Refile::App do
     Refile::App.new
   end
 
+  before do
+    allow(Refile).to receive(:token).and_return("token")
+  end
+
   describe "GET /:backend/:id/:filename" do
     it "returns a stored file" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      get "/store/#{file.id}/hello"
+      get "/token/store/#{file.id}/hello"
 
       expect(last_response.status).to eq(200)
       expect(last_response.body).to eq("hello")
@@ -20,7 +24,7 @@ describe Refile::App do
     it "sets appropriate content type from extension" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      get "/store/#{file.id}/hello.html"
+      get "/token/store/#{file.id}/hello.html"
 
       expect(last_response.status).to eq(200)
       expect(last_response.body).to eq("hello")
@@ -30,7 +34,7 @@ describe Refile::App do
     it "returns a 404 if the file doesn't exist" do
       Refile.store.upload(StringIO.new("hello"))
 
-      get "/store/doesnotexist/hello"
+      get "/token/store/doesnotexist/hello"
 
       expect(last_response.status).to eq(404)
       expect(last_response.content_type).to eq("text/plain;charset=utf-8")
@@ -40,7 +44,7 @@ describe Refile::App do
     it "returns a 404 if the backend doesn't exist" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      get "/doesnotexist/#{file.id}/hello"
+      get "/token/doesnotexist/#{file.id}/hello"
 
       expect(last_response.status).to eq(404)
       expect(last_response.content_type).to eq("text/plain;charset=utf-8")
@@ -55,7 +59,7 @@ describe Refile::App do
       it "sets CORS header" do
         file = Refile.store.upload(StringIO.new("hello"))
 
-        get "/store/#{file.id}/hello"
+        get "/token/store/#{file.id}/hello"
 
         expect(last_response.status).to eq(200)
         expect(last_response.body).to eq("hello")
@@ -66,7 +70,7 @@ describe Refile::App do
     it "returns a 200 for head requests" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      head "/store/#{file.id}/hello"
+      head "/token/store/#{file.id}/hello"
 
       expect(last_response.status).to eq(200)
       expect(last_response.body).to be_empty
@@ -75,7 +79,7 @@ describe Refile::App do
     it "returns a 404 for head requests if the file doesn't exist" do
       Refile.store.upload(StringIO.new("hello"))
 
-      head "/store/doesnotexist/hello"
+      head "/token/store/doesnotexist/hello"
 
       expect(last_response.status).to eq(404)
       expect(last_response.body).to be_empty
@@ -84,19 +88,84 @@ describe Refile::App do
     it "returns a 404 for non get requests" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      post "/store/#{file.id}/hello"
+      post "/token/store/#{file.id}/hello"
 
       expect(last_response.status).to eq(404)
       expect(last_response.content_type).to eq("text/plain;charset=utf-8")
       expect(last_response.body).to eq("not found")
     end
+
+    context "verification" do
+      before do
+        allow(Refile).to receive(:token).and_call_original
+      end
+
+      it "accepts valid token" do
+        file = Refile.store.upload(StringIO.new("hello"))
+        token = Refile.token("/store/#{file.id}/hello")
+
+        get "/#{token}/store/#{file.id}/hello"
+
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq("hello")
+      end
+
+      it "returns a 403 for unsigned get requests" do
+        file = Refile.store.upload(StringIO.new("hello"))
+
+        get "/eviltoken/store/#{file.id}/hello"
+
+        expect(last_response.status).to eq(403)
+        expect(last_response.body).to eq("forbidden")
+      end
+
+      it "does not retrieve nor process files for unauthenticated requests" do
+        file = Refile.store.upload(StringIO.new("hello"))
+
+        expect(Refile.store).not_to receive(:get)
+        get "/eviltoken/store/#{file.id}/hello"
+
+        expect(last_response.status).to eq(403)
+        expect(last_response.body).to eq("forbidden")
+      end
+    end
+
+    context "when unrestricted" do
+      before do
+        allow(Refile).to receive(:allow_downloads_from).and_return(:all)
+      end
+
+      it "gets signatures from all backends" do
+        file = Refile.store.upload(StringIO.new("hello"))
+        get "/token/store/#{file.id}/test.txt"
+        expect(last_response.status).to eq(200)
+      end
+    end
+
+    context "when restricted" do
+      before do
+        allow(Refile).to receive(:allow_downloads_from).and_return(["store"])
+      end
+
+      it "gets signatures from allowed backend" do
+        file = Refile.store.upload(StringIO.new("hello"))
+        get "/token/store/#{file.id}/test.txt"
+        expect(last_response.status).to eq(200)
+      end
+
+      it "returns 404 if backend is not allowed" do
+        file = Refile.store.upload(StringIO.new("hello"))
+        get "/token/cache/#{file.id}/test.txt"
+        expect(last_response.status).to eq(404)
+      end
+    end
   end
 
   describe "GET /:backend/:processor/:id/:filename" do
     it "returns 404 if processor does not exist" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      get "/store/doesnotexist/#{file.id}/hello"
+      get "/token/store/doesnotexist/#{file.id}/hello"
 
       expect(last_response.status).to eq(404)
       expect(last_response.content_type).to eq("text/plain;charset=utf-8")
@@ -106,7 +175,7 @@ describe Refile::App do
     it "applies block processor to file" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      get "/store/reverse/#{file.id}/hello"
+      get "/token/store/reverse/#{file.id}/hello"
 
       expect(last_response.status).to eq(200)
       expect(last_response.body).to eq("olleh")
@@ -115,7 +184,7 @@ describe Refile::App do
     it "applies object processor to file" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      get "/store/upcase/#{file.id}/hello"
+      get "/token/store/upcase/#{file.id}/hello"
 
       expect(last_response.status).to eq(200)
       expect(last_response.body).to eq("HELLO")
@@ -124,7 +193,7 @@ describe Refile::App do
     it "applies processor with arguments" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      get "/store/concat/foo/bar/baz/#{file.id}/hello"
+      get "/token/store/concat/foo/bar/baz/#{file.id}/hello"
 
       expect(last_response.status).to eq(200)
       expect(last_response.body).to eq("hellofoobarbaz")
@@ -133,34 +202,142 @@ describe Refile::App do
     it "applies processor with format" do
       file = Refile.store.upload(StringIO.new("hello"))
 
-      get "/store/convert_case/#{file.id}/hello.up"
+      get "/token/store/convert_case/#{file.id}/hello.up"
 
       expect(last_response.status).to eq(200)
       expect(last_response.body).to eq("HELLO")
     end
+
+    it "returns a 403 for unsigned request" do
+      file = Refile.store.upload(StringIO.new("hello"))
+
+      get "/eviltoken/store/reverse/#{file.id}/hello"
+
+      expect(last_response.status).to eq(403)
+      expect(last_response.body).to eq("forbidden")
+    end
   end
 
   describe "POST /:backend" do
-    it "returns 404 if backend is not marked as direct upload" do
+    it "uploads a file for direct upload backends" do
       file = Rack::Test::UploadedFile.new(path("hello.txt"))
-      post "/store", file: file
+      post "/cache", file: file
 
-      expect(last_response.status).to eq(404)
-      expect(last_response.content_type).to eq("text/plain;charset=utf-8")
-      expect(last_response.body).to eq("not found")
+      expect(last_response.status).to eq(200)
+      expect(JSON.parse(last_response.body)["id"]).not_to be_empty
     end
 
-    it "uploads a file for direct upload backends" do
+    it "does not require signed request param to upload" do
+      allow(Refile).to receive(:secret_key).and_return("abcd1234")
+
       file = Rack::Test::UploadedFile.new(path("hello.txt"))
       post "/cache", file: file
 
       expect(last_response.status).to eq(200)
       expect(JSON.parse(last_response.body)["id"]).not_to be_empty
     end
+
+    context "when unrestricted" do
+      before do
+        allow(Refile).to receive(:allow_uploads_to).and_return(:all)
+      end
+
+      it "allows uploads to all backends" do
+        post "/store", file: Rack::Test::UploadedFile.new(path("hello.txt"))
+        expect(last_response.status).to eq(200)
+      end
+    end
+
+    context "when restricted" do
+      before do
+        allow(Refile).to receive(:allow_uploads_to).and_return(["cache"])
+      end
+
+      it "allows uploads to allowed backends" do
+        post "/cache", file: Rack::Test::UploadedFile.new(path("hello.txt"))
+        expect(last_response.status).to eq(200)
+      end
+
+      it "returns 404 if backend is not allowed" do
+        post "/store", file: Rack::Test::UploadedFile.new(path("hello.txt"))
+        expect(last_response.status).to eq(404)
+      end
+    end
+
+    context "when file is invalid" do
+      before do
+        allow(Refile).to receive(:allow_uploads_to).and_return(:all)
+      end
+
+      context "when file is too big" do
+        before do
+          backend = double
+          allow(backend).to receive(:upload).with(anything).and_raise(Refile::InvalidMaxSize)
+          allow_any_instance_of(Refile::App).to receive(:backend).and_return(backend)
+        end
+
+        it "returns 413 if file is too big" do
+          post "/store_max_size", file: Rack::Test::UploadedFile.new(path("hello.txt"))
+          expect(last_response.status).to eq(413)
+        end
+      end
+
+      context "when other unexpected exception happens" do
+        before do
+          backend = double
+          allow(backend).to receive(:upload).with(anything).and_raise(Refile::InvalidFile)
+          allow_any_instance_of(Refile::App).to receive(:backend).and_return(backend)
+        end
+
+        it "returns 400 if file is too big" do
+          post "/store_max_size", file: Rack::Test::UploadedFile.new(path("hello.txt"))
+          expect(last_response.status).to eq(400)
+        end
+      end
+    end
+  end
+
+  describe "GET /:backend/presign" do
+    it "returns presign signature" do
+      get "/limited_cache/presign"
+
+      expect(last_response.status).to eq(200)
+      result = JSON.parse(last_response.body)
+      expect(result["id"]).not_to be_empty
+      expect(result["url"]).to eq("/presigned/posts/upload")
+      expect(result["as"]).to eq("file")
+    end
+
+    context "when unrestricted" do
+      before do
+        allow(Refile).to receive(:allow_uploads_to).and_return(:all)
+      end
+
+      it "gets signatures from all backends" do
+        get "/limited_cache/presign"
+        expect(last_response.status).to eq(200)
+      end
+    end
+
+    context "when restricted" do
+      before do
+        allow(Refile).to receive(:allow_uploads_to).and_return(["limited_cache"])
+      end
+
+      it "gets signatures from allowed backend" do
+        get "/limited_cache/presign"
+        expect(last_response.status).to eq(200)
+      end
+
+      it "returns 404 if backend is not allowed" do
+        get "/store/presign"
+        expect(last_response.status).to eq(404)
+      end
+    end
   end
 
   it "returns a 404 if id not given" do
-    get "/store"
+    get "/token/store"
 
     expect(last_response.status).to eq(404)
     expect(last_response.content_type).to eq("text/plain;charset=utf-8")