openproject/spec/support/shared/with_direct_uploads.rb

#-- encoding: UTF-8

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2021 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++

class WithDirectUploads
  attr_reader :context

  def initialize(context)
    @context = context
  end

  ##
  # We need this so calls to rspec mocks (allow, expect etc.) will work here as expected.
  def method_missing(method, *args, &block)
    if context.respond_to?(method)
      context.send method, *args, &block
    else
      super
    end
  end

  def before(example)
    stub_config example

    mock_attachment
    stub_frontend redirect: redirect?(example) if stub_frontend?(example)

    stub_uploader
  end

  def stub_frontend?(example)
    example.metadata[:js]
  end

  def redirect?(example)
    example.metadata[:with_direct_uploads] == :redirect
  end

  def around(example)
    example.metadata[:driver] = :chrome_billy

    csp_config = SecureHeaders::Configuration.instance_variable_get("@default_config").csp
    csp_config.connect_src = ["'self'", "test-bucket.s3.amazonaws.com"]
    csp_config.form_action = ["'self'", "test-bucket.s3.amazonaws.com"]

    begin
      example.run
    ensure
      csp_config.connect_src = %w('self')
      csp_config.form_action = %w('self')
    end
  end

  def mock_attachment
    allow_any_instance_of(::Attachments::PrepareUploadService)
      .to receive(:instance) do
      # We don't use create here because this would cause an infinite loop as FogAttachment's #create
      # uses the base class's #create which is what we are mocking here. All this is necessary to begin
      # with because the Attachment class is initialized with the LocalFileUploader before this test
      # is ever run and we need remote attachments using the FogFileUploader in this scenario.
      FogAttachment.new
    end

    # This is so the uploaded callback works. Since we can't actually substitute the Attachment class
    # used there we get a LocalFileUploader file for the attachment which is not readable when
    # everything else is mocked to be remote.
    allow_any_instance_of(FileUploader).to receive(:readable?).and_return true
  end

  def stub_frontend(redirect: false)
    proxy.stub("https://" + OpenProject::Configuration.remote_storage_upload_host + ":443/", method: 'options').and_return(
      headers: {
        'Access-Control-Allow-Methods' => 'POST',
        'Access-Control-Allow-Origin' => '*'
      },
      code: 200
    )

    if redirect
      stub_with_redirect
    else # use status response instead of redirect by default
      stub_with_status
    end
  end

  def stub_with_redirect
    proxy
      .stub("https://" + OpenProject::Configuration.remote_storage_upload_host + ":443/", method: 'post')
      .and_return(Proc.new do |_params, _headers, body, _url, _method|
        key = body.scan(/key"\s*([^\s]+)\s/m).flatten.first
        redirect_url = body.scan(/success_action_redirect"\s*(http[^\s]+)\s/m).flatten.first
        ok = body =~ /X-Amz-Signature/ # check that the expected post to AWS was made with the form fields

        {
          code: ok ? 302 : 403,
          headers: {
            'Location' => ok ? redirect_url + '?key=' + CGI.escape(key) : nil,
            'Access-Control-Allow-Methods' => 'POST',
            'Access-Control-Allow-Origin' => '*'
          }
        }
      end)
  end

  def stub_with_status
    proxy
      .stub("https://" + OpenProject::Configuration.remote_storage_upload_host + ":443/", method: 'post')
      .and_return(Proc.new do |_params, _headers, body, _url, _method|
        {
          code: body =~ /X-Amz-Signature/ ? 201 : 403, # check that the expected post to AWS was made with the form fields
          headers: {
            'Access-Control-Allow-Methods' => 'POST',
            'Access-Control-Allow-Origin' => '*'
          }
        }
      end)
  end

  def stub_uploader
    creds = config[:fog][:credentials]

    allow_any_instance_of(FogFileUploader).to receive(:fog_credentials).and_return creds

    allow_any_instance_of(FogFileUploader).to receive(:aws_access_key_id).and_return creds[:aws_access_key_id]
    allow_any_instance_of(FogFileUploader).to receive(:aws_secret_access_key).and_return creds[:aws_secret_access_key]
    allow_any_instance_of(FogFileUploader).to receive(:provider).and_return creds[:provider]
    allow_any_instance_of(FogFileUploader).to receive(:region).and_return creds[:region]
    allow_any_instance_of(FogFileUploader).to receive(:directory).and_return config[:fog][:directory]

    allow(OpenProject::Configuration).to receive(:direct_uploads?).and_return(true)
  end

  def stub_config(example)
    WithConfig.new(context).before example, config
  end

  def config
    {
      attachments_storage: :fog,
      fog: {
        directory: MockCarrierwave.bucket,
        credentials: MockCarrierwave.credentials
      }
    }
  end
end

RSpec.configure do |config|
  config.before(:each) do |example|
    next unless example.metadata[:with_direct_uploads]

    WithDirectUploads.new(self).before example

    class FogAttachment < Attachment
      # Remounting the uploader overrides the original file setter taking care of setting,
      # among other things, the content type. So we have to restore that original
      # method this way.
      # We do this in a new, separate class, as to not interfere with any other specs.
      alias_method :set_file, :file=
      mount_uploader :file, FogFileUploader
      alias_method :file=, :set_file
    end
  end

  config.around(:each) do |example|
    enabled = example.metadata[:with_direct_uploads]

    if enabled
      WithDirectUploads.new(self).around example
    else
      example.run
    end
  end
end
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`#-- encoding: UTF-8`

			`#-- copyright`
			`# OpenProject is an open source project management software.`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2012-2021 the OpenProject GmbH`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
Move license and copyright docs to root, fix names and references 3 years ago			`# See COPYRIGHT and LICENSE files for more details.`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`#++`

			`class WithDirectUploads`
			`attr_reader :context`

			`def initialize(context)`
			`@context = context`
			`end`

			`##`
			`# We need this so calls to rspec mocks (allow, expect etc.) will work here as expected.`
			`def method_missing(method, *args, &block)`
			`if context.respond_to?(method)`
			`context.send method, *args, &block`
			`else`
			`super`
			`end`
			`end`

			`def before(example)`
			`stub_config example`

			`mock_attachment`
			`stub_frontend redirect: redirect?(example) if stub_frontend?(example)`

			`stub_uploader`
			`end`

			`def stub_frontend?(example)`
			`example.metadata[:js]`
			`end`

			`def redirect?(example)`
			`example.metadata[:with_direct_uploads] == :redirect`
			`end`

			`def around(example)`
Standalone CI docker container (#8943) 4 years ago			`example.metadata[:driver] = :chrome_billy`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago
			`csp_config = SecureHeaders::Configuration.instance_variable_get("@default_config").csp`
[34446] Fix direct upload with backend-generated resources https://community.openproject.com/wp/34446 4 years ago			`csp_config.connect_src = ["'self'", "test-bucket.s3.amazonaws.com"]`
Standalone CI docker container (#8943) 4 years ago			`csp_config.form_action = ["'self'", "test-bucket.s3.amazonaws.com"]`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago
			`begin`
			`example.run`
			`ensure`
			`csp_config.connect_src = %w('self')`
Standalone CI docker container (#8943) 4 years ago			`csp_config.form_action = %w('self')`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`end`
			`end`

			`def mock_attachment`
[37868] Whitelist for attachment mime types and extensions on upload (#9431) * Add setting for whitelist * Make attachments API BaseServices compatible * Add prepare service and contract * Correctly pass the filename to the UploadedFile * Add presence check to filename * Fix expected validation message * We no longer raise a multipart error when metadata is empty * Fix filesize validation on prepared uploads * Add parser error if invalid metadata json * When attachment is not saved, use filename property * Return correct error message on JSON parser erroro * Fix specs * Use attachment upload representer * Fix direct uploads mocks with new service layer * Lint * Fix export job using attachment service * Fix IFC controller using attachment prepare service * Fix export job * RenameRename params_getter to params_source * Fix mail handler using attachment service * Fix usage of attachment create service in documents * Reuse shared examples for document attachment spec * Fix stubbed attachment service in export job spec * Use admin user in backup spec * Fix export job for bim * Fix attachment integration spec * Fix issues_controller spec * Make budget resource spec reuse common examples * Fix attachment parsing representer spec * Replace prepare part of attachment spec into separate service spec * Clear cache for login spec * Convert document create/update into services * Budget services * Allow options to be passed to property twin * Remove setting author on budget initialize * Replace meetings update with services * Replace ifc models attachment handling with services * Don't check uploader if changed by system * Fix uploader being changed by system * Replace wiki page attach_files with attachable services * Replace avatar saving * Replace snapshot attach_files * Skip double validation when container present * Set snapshot through attachment service * Remove attach_files * Validate content type in contract * Enforce writing the content type without accepting user input * Expect changed content_type * Fix content of viewpoint image to get correct content type * Fix tsv spec * Add create contract spec * Bypass whitelist in internal services when conflicting with user * Fix expects in specs after whitelist bypass * Render contract errors for wiki * Add before_hook to bodied to allow to pre-authorize permissions * Budget errors from contract * Document errors from contract 3 years ago			`allow_any_instance_of(::Attachments::PrepareUploadService)`
			`.to receive(:instance) do`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`# We don't use create here because this would cause an infinite loop as FogAttachment's #create`
			`# uses the base class's #create which is what we are mocking here. All this is necessary to begin`
			`# with because the Attachment class is initialized with the LocalFileUploader before this test`
			`# is ever run and we need remote attachments using the FogFileUploader in this scenario.`
[37868] Whitelist for attachment mime types and extensions on upload (#9431) * Add setting for whitelist * Make attachments API BaseServices compatible * Add prepare service and contract * Correctly pass the filename to the UploadedFile * Add presence check to filename * Fix expected validation message * We no longer raise a multipart error when metadata is empty * Fix filesize validation on prepared uploads * Add parser error if invalid metadata json * When attachment is not saved, use filename property * Return correct error message on JSON parser erroro * Fix specs * Use attachment upload representer * Fix direct uploads mocks with new service layer * Lint * Fix export job using attachment service * Fix IFC controller using attachment prepare service * Fix export job * RenameRename params_getter to params_source * Fix mail handler using attachment service * Fix usage of attachment create service in documents * Reuse shared examples for document attachment spec * Fix stubbed attachment service in export job spec * Use admin user in backup spec * Fix export job for bim * Fix attachment integration spec * Fix issues_controller spec * Make budget resource spec reuse common examples * Fix attachment parsing representer spec * Replace prepare part of attachment spec into separate service spec * Clear cache for login spec * Convert document create/update into services * Budget services * Allow options to be passed to property twin * Remove setting author on budget initialize * Replace meetings update with services * Replace ifc models attachment handling with services * Don't check uploader if changed by system * Fix uploader being changed by system * Replace wiki page attach_files with attachable services * Replace avatar saving * Replace snapshot attach_files * Skip double validation when container present * Set snapshot through attachment service * Remove attach_files * Validate content type in contract * Enforce writing the content type without accepting user input * Expect changed content_type * Fix content of viewpoint image to get correct content type * Fix tsv spec * Add create contract spec * Bypass whitelist in internal services when conflicting with user * Fix expects in specs after whitelist bypass * Render contract errors for wiki * Add before_hook to bodied to allow to pre-authorize permissions * Budget errors from contract * Document errors from contract 3 years ago			`FogAttachment.new`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`end`

			`# This is so the uploaded callback works. Since we can't actually substitute the Attachment class`
			`# used there we get a LocalFileUploader file for the attachment which is not readable when`
			`# everything else is mocked to be remote.`
			`allow_any_instance_of(FileUploader).to receive(:readable?).and_return true`
			`end`

			`def stub_frontend(redirect: false)`
s3 hosts differ for pre-signed form uploads and downloads the latter include the region in the URL. This can possibly be changed so that we only need one host. Perhaps the region is optional in the carrierwave-generated remote download URLs. 4 years ago			`proxy.stub("https://" + OpenProject::Configuration.remote_storage_upload_host + ":443/", method: 'options').and_return(`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`headers: {`
			`'Access-Control-Allow-Methods' => 'POST',`
safe automatic fixes by rubocop (#8994) 4 years ago			`'Access-Control-Allow-Origin' => '*'`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`},`
			`code: 200`
			`)`

			`if redirect`
			`stub_with_redirect`
			`else # use status response instead of redirect by default`
			`stub_with_status`
			`end`
			`end`

			`def stub_with_redirect`
			`proxy`
s3 hosts differ for pre-signed form uploads and downloads the latter include the region in the URL. This can possibly be changed so that we only need one host. Perhaps the region is optional in the carrierwave-generated remote download URLs. 4 years ago			`.stub("https://" + OpenProject::Configuration.remote_storage_upload_host + ":443/", method: 'post')`
safe automatic fixes by rubocop (#8994) 4 years ago			`.and_return(Proc.new do \|_params, _headers, body, _url, _method\|`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`key = body.scan(/key"\s*([^\s]+)\s/m).flatten.first`
			`redirect_url = body.scan(/success_action_redirect"\s*(http[^\s]+)\s/m).flatten.first`
			`ok = body =~ /X-Amz-Signature/ # check that the expected post to AWS was made with the form fields`

			`{`
			`code: ok ? 302 : 403,`
			`headers: {`
			`'Location' => ok ? redirect_url + '?key=' + CGI.escape(key) : nil,`
			`'Access-Control-Allow-Methods' => 'POST',`
safe automatic fixes by rubocop (#8994) 4 years ago			`'Access-Control-Allow-Origin' => '*'`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`}`
			`}`
safe automatic fixes by rubocop (#8994) 4 years ago			`end)`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`end`

			`def stub_with_status`
			`proxy`
s3 hosts differ for pre-signed form uploads and downloads the latter include the region in the URL. This can possibly be changed so that we only need one host. Perhaps the region is optional in the carrierwave-generated remote download URLs. 4 years ago			`.stub("https://" + OpenProject::Configuration.remote_storage_upload_host + ":443/", method: 'post')`
safe automatic fixes by rubocop (#8994) 4 years ago			`.and_return(Proc.new do \|_params, _headers, body, _url, _method\|`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`{`
safe automatic fixes by rubocop (#8994) 4 years ago			`code: body =~ /X-Amz-Signature/ ? 201 : 403, # check that the expected post to AWS was made with the form fields`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`headers: {`
			`'Access-Control-Allow-Methods' => 'POST',`
safe automatic fixes by rubocop (#8994) 4 years ago			`'Access-Control-Allow-Origin' => '*'`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`}`
			`}`
safe automatic fixes by rubocop (#8994) 4 years ago			`end)`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`end`

			`def stub_uploader`
			`creds = config[:fog][:credentials]`

			`allow_any_instance_of(FogFileUploader).to receive(:fog_credentials).and_return creds`

			`allow_any_instance_of(FogFileUploader).to receive(:aws_access_key_id).and_return creds[:aws_access_key_id]`
			`allow_any_instance_of(FogFileUploader).to receive(:aws_secret_access_key).and_return creds[:aws_secret_access_key]`
			`allow_any_instance_of(FogFileUploader).to receive(:provider).and_return creds[:provider]`
			`allow_any_instance_of(FogFileUploader).to receive(:region).and_return creds[:region]`
			`allow_any_instance_of(FogFileUploader).to receive(:directory).and_return config[:fog][:directory]`

			`allow(OpenProject::Configuration).to receive(:direct_uploads?).and_return(true)`
			`end`

			`def stub_config(example)`
			`WithConfig.new(context).before example, config`
			`end`

			`def config`
			`{`
			`attachments_storage: :fog,`
			`fog: {`
			`directory: MockCarrierwave.bucket,`
			`credentials: MockCarrierwave.credentials`
			`}`
			`}`
			`end`
			`end`

			`RSpec.configure do \|config\|`
			`config.before(:each) do \|example\|`
			`next unless example.metadata[:with_direct_uploads]`

			`WithDirectUploads.new(self).before example`

			`class FogAttachment < Attachment`
			`# Remounting the uploader overrides the original file setter taking care of setting,`
			`# among other things, the content type. So we have to restore that original`
			`# method this way.`
			`# We do this in a new, separate class, as to not interfere with any other specs.`
			`alias_method :set_file, :file=`
			`mount_uploader :file, FogFileUploader`
			`alias_method :file=, :set_file`
			`end`
			`end`

			`config.around(:each) do \|example\|`
			`enabled = example.metadata[:with_direct_uploads]`

			`if enabled`
			`WithDirectUploads.new(self).around example`
			`else`
			`example.run`
			`end`
			`end`
			`end`