# frozen_string_literal: true # Redmine - project management software # Copyright (C) 2006-2022 Jean-Philippe Lang # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. require File.expand_path('../../test_helper', __FILE__) class AttachmentsControllerTest < Redmine::ControllerTest fixtures :users, :user_preferences, :projects, :roles, :members, :member_roles, :enabled_modules, :issues, :trackers, :attachments, :issue_statuses, :journals, :journal_details, :versions, :wiki_pages, :wikis, :documents, :enumerations def setup User.current = nil set_fixtures_attachments_directory end def teardown set_tmp_attachments_directory end def test_show_diff ['inline', 'sbs'].each do |dt| # 060719210727_changeset_utf8.diff get( :show, :params => { :id => 14, :type => dt } ) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'th.filename', :text => /issues_controller.rb\t\(révision 1484\)/ assert_select 'td.line-code', :text => /Demande créée avec succès/ end end def test_show_diff_replace_cannot_convert_content with_settings :repositories_encodings => 'UTF-8' do ['inline', 'sbs'].each do |dt| # 060719210727_changeset_iso8859-1.diff get( :show, :params => { :id => 5, :type => dt } ) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'th.filename', :text => /issues_controller.rb\t\(r\?vision 1484\)/ assert_select 'td.line-code', :text => /Demande cr\?\?e avec succ\?s/ end end end def test_show_diff_latin_1 with_settings :repositories_encodings => 'UTF-8,ISO-8859-1' do ['inline', 'sbs'].each do |dt| # 060719210727_changeset_iso8859-1.diff get( :show, :params => { :id => 5, :type => dt } ) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'th.filename', :text => /issues_controller.rb\t\(révision 1484\)/ assert_select 'td.line-code', :text => /Demande créée avec succès/ end end end def test_show_should_save_diff_type_as_user_preference user1 = User.find(1) user1.pref[:diff_type] = nil user1.preference.save user = User.find(1) assert_nil user.pref[:diff_type] @request.session[:user_id] = 1 # admin get( :show, :params => { :id => 5 } ) assert_response :success user.reload assert_equal "inline", user.pref[:diff_type] get( :show, :params => { :id => 5, :type => 'sbs' } ) assert_response :success user.reload assert_equal "sbs", user.pref[:diff_type] end def test_diff_show_filename_in_mercurial_export set_tmp_attachments_directory a = Attachment.new(:container => Issue.find(1), :file => uploaded_test_file("hg-export.diff", "text/plain"), :author => User.find(1)) assert a.save assert_equal 'hg-export.diff', a.filename get( :show, :params => { :id => a.id, :type => 'inline' } ) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'th.filename', :text => 'test1.txt' end def test_show_text_file get(:show, :params => {:id => 4}) assert_response :success assert_equal 'text/html', @response.media_type end def test_show_text_file_utf_8 set_tmp_attachments_directory a = Attachment.new(:container => Issue.find(1), :file => uploaded_test_file("japanese-utf-8.txt", "text/plain"), :author => User.find(1)) assert a.save assert_equal 'japanese-utf-8.txt', a.filename get(:show, :params => {:id => a.id}) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'tr#L1' do assert_select 'th.line-num a[data-txt=?]', '1' assert_select 'td', :text => /日本語/ end end def test_show_text_file_replace_cannot_convert_content set_tmp_attachments_directory with_settings :repositories_encodings => 'UTF-8' do a = Attachment.new(:container => Issue.find(1), :file => uploaded_test_file("iso8859-1.txt", "text/plain"), :author => User.find(1)) assert a.save assert_equal 'iso8859-1.txt', a.filename get(:show, :params => {:id => a.id}) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'tr#L7' do assert_select 'th.line-num a[data-txt=?]', '7' assert_select 'td', :text => /Demande cr\?\?e avec succ\?s/ end end end def test_show_text_file_latin_1 set_tmp_attachments_directory with_settings :repositories_encodings => 'UTF-8,ISO-8859-1' do a = Attachment.new(:container => Issue.find(1), :file => uploaded_test_file("iso8859-1.txt", "text/plain"), :author => User.find(1)) assert a.save assert_equal 'iso8859-1.txt', a.filename get(:show, :params => {:id => a.id}) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'tr#L7' do assert_select 'th.line-num a[data-txt=?]', '7' assert_select 'td', :text => /Demande créée avec succès/ end end end def test_show_text_file_should_show_other_if_too_big @request.session[:user_id] = 2 with_settings :file_max_size_displayed => 512 do Attachment.find(4).update_attribute :filesize, 754.kilobyte get(:show, :params => {:id => 4}) assert_response :success assert_equal 'text/html', @response.media_type assert_select '.nodata', :text => 'No preview available. Download the file instead.' end end def test_show_text_file_formatted_markdown set_tmp_attachments_directory a = Attachment.new(:container => Issue.find(1), :file => uploaded_test_file('testfile.md', 'text/plain'), :author => User.find(1)) assert a.save assert_equal 'testfile.md', a.filename get(:show, :params => {:id => a.id}) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'div.wiki', :html => "

Header 1

\n

Header 2

\n

Header 3

" end def test_show_text_file_formatted_textile set_tmp_attachments_directory a = Attachment.new(:container => Issue.find(1), :file => uploaded_test_file('testfile.textile', 'text/plain'), :author => User.find(1)) assert a.save assert_equal 'testfile.textile', a.filename get(:show, :params => {:id => a.id}) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'div.wiki', :html => "

Header 1

\n\n\n\t

Header 2

\n\n\n\t

Header 3

" end def test_show_image @request.session[:user_id] = 2 get(:show, :params => {:id => 16}) assert_response :success assert_equal 'text/html', @response.media_type assert_select 'img.filecontent', :src => attachments(:attachments_010).filename end def test_show_other_with_no_preview @request.session[:user_id] = 2 get(:show, :params => {:id => 6}) assert_equal 'text/html', @response.media_type assert_select '.nodata', :text => 'No preview available. Download the file instead.' end def test_show_file_from_private_issue_without_permission get(:show, :params => {:id => 15}) assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Fattachments%2F15' end def test_show_file_from_private_issue_with_permission @request.session[:user_id] = 2 get(:show, :params => {:id => 15}) assert_response :success assert_select 'h2', :text => /private.diff/ end def test_show_file_without_container_should_be_allowed_to_author set_tmp_attachments_directory attachment = Attachment.create!(:file => uploaded_test_file("testfile.txt", "text/plain"), :author_id => 2) @request.session[:user_id] = 2 get(:show, :params => {:id => attachment.id}) assert_response 200 end def test_show_file_without_container_should_be_denied_to_other_users set_tmp_attachments_directory attachment = Attachment.create!(:file => uploaded_test_file("testfile.txt", "text/plain"), :author_id => 2) @request.session[:user_id] = 3 get(:show, :params => {:id => attachment.id}) assert_response 403 end def test_show_issue_attachment_should_highlight_issues_menu_item get(:show, :params => {:id => 4}) assert_response :success assert_select '#main-menu a.issues.selected' end def test_show_invalid_should_respond_with_404 get(:show, :params => {:id => 999}) assert_response 404 end def test_show_renders_pagination get(:show, :params => {:id => 5, :type => 'inline'}) assert_response :success assert_select 'ul.pages li.next', :text => /next/i assert_select 'ul.pages li.previous', :text => /previous/i end def test_download_text_file get(:download, :params => {:id => 4}) assert_response :success assert_equal 'application/x-ruby', @response.media_type etag = @response.etag assert_not_nil etag @request.env["HTTP_IF_NONE_MATCH"] = etag get(:download, :params => {:id => 4}) assert_response 304 end def test_download_js_file set_tmp_attachments_directory attachment = Attachment.create!( :file => mock_file_with_options(:original_filename => "hello.js", :content_type => "text/javascript"), :author_id => 2, :container => Issue.find(1) ) get(:download, :params => {:id => attachment.id}) assert_response :success assert_equal 'text/javascript', @response.media_type end def test_download_version_file_with_issue_tracking_disabled Project.find(1).disable_module! :issue_tracking get(:download, :params => {:id => 9}) assert_response :success end def test_download_should_assign_content_type_if_blank Attachment.find(4).update_attribute(:content_type, '') get(:download, :params => {:id => 4}) assert_response :success assert_equal 'text/x-ruby', @response.media_type end def test_download_should_assign_better_content_type_than_application_octet_stream Attachment.find(4).update! :content_type => "application/octet-stream" get(:download, :params => {:id => 4}) assert_response :success assert_equal 'text/x-ruby', @response.media_type end def test_download_should_assign_application_octet_stream_if_content_type_is_not_determined get(:download, :params => {:id => 22}) assert_response :success assert_nil Redmine::MimeType.of(attachments(:attachments_022).filename) assert_equal 'application/octet-stream', @response.media_type end def test_download_missing_file get(:download, :params => {:id => 2}) assert_response 404 end def test_download_should_be_denied_without_permission get(:download, :params => {:id => 7}) assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Fattachments%2Fdownload%2F7' end if convert_installed? def test_thumbnail Attachment.clear_thumbnails @request.session[:user_id] = 2 get( :thumbnail, :params => { :id => 16 } ) assert_response :success assert_equal 'image/png', response.media_type etag = @response.etag assert_not_nil etag @request.env["HTTP_IF_NONE_MATCH"] = etag get( :thumbnail, :params => { :id => 16 } ) assert_response 304 end def test_thumbnail_should_not_exceed_maximum_size Redmine::Thumbnail.expects(:generate).with {|source, target, size| size == 800} @request.session[:user_id] = 2 get( :thumbnail, :params => { :id => 16, :size => 2000 } ) end def test_thumbnail_should_round_size Redmine::Thumbnail.expects(:generate).with {|source, target, size| size == 300} @request.session[:user_id] = 2 get( :thumbnail, :params => { :id => 16, :size => 260 } ) end def test_thumbnail_should_return_404_for_non_image_attachment @request.session[:user_id] = 2 get( :thumbnail, :params => { :id => 15 } ) assert_response 404 end def test_thumbnail_should_return_404_if_thumbnail_generation_failed Attachment.any_instance.stubs(:thumbnail).returns(nil) @request.session[:user_id] = 2 get( :thumbnail, :params => { :id => 16 } ) assert_response 404 end def test_thumbnail_should_be_denied_without_permission get( :thumbnail, :params => { :id => 16 } ) assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Fattachments%2Fthumbnail%2F16' end else puts '(ImageMagick convert not available)' end if gs_installed? def test_thumbnail_for_pdf_should_be_png skip unless convert_installed? Attachment.clear_thumbnails @request.session[:user_id] = 2 get( :thumbnail, :params => { :id => 23 # ecookbook-gantt.pdf } ) assert_response :success assert_equal 'image/png', response.media_type end else puts '(GhostScript convert not available)' end def test_edit_all @request.session[:user_id] = 2 get( :edit_all, :params => { :object_type => 'issues', :object_id => '2' } ) assert_response :success assert_select 'form[action=?]', '/attachments/issues/2' do Issue.find(2).attachments.each do |attachment| assert_select "tr#attachment-#{attachment.id}" end assert_select 'tr#attachment-4' do assert_select 'input[name=?][value=?]', 'attachments[4][filename]', 'source.rb' assert_select 'input[name=?][value=?]', 'attachments[4][description]', 'This is a Ruby source file' end end # Link to the container in heading assert_select 'h2 a', :text => "Feature request #2" end def test_edit_all_with_invalid_object_should_return_404 get( :edit_all, :params => { :object_type => 'issues', :object_id => '999' } ) assert_response 404 end def test_edit_all_for_object_that_is_not_visible_should_return_403 get( :edit_all, :params => { :object_type => 'issues', :object_id => '4' } ) assert_response 403 end def test_edit_all_issue_attachment_by_user_without_edit_issue_permission_on_tracker_should_return_404 role = Role.find(2) role.set_permission_trackers 'edit_issues', [2, 3] role.save! @request.session[:user_id] = 2 get( :edit_all, :params => { :object_type => 'issues', :object_id => '4' } ) assert_response 404 end def test_update_all @request.session[:user_id] = 2 patch( :update_all, :params => { :object_type => 'issues', :object_id => '2', :attachments => { '1' => { :filename => 'newname.text', :description => '' }, '4' => { :filename => 'newname.rb', :description => 'Renamed' }, } } ) assert_response 302 attachment = Attachment.find(4) assert_equal 'newname.rb', attachment.filename assert_equal 'Renamed', attachment.description end def test_update_all_with_failure @request.session[:user_id] = 2 patch( :update_all, :params => { :object_type => 'issues', :object_id => '3', :attachments => { '1' => { :filename => '', :description => '' }, '4' => { :filename => 'newname.rb', :description => 'Renamed' }, } } ) assert_response :success assert_select_error /file cannot be blank/i # The other attachment should not be updated attachment = Attachment.find(4) assert_equal 'source.rb', attachment.filename assert_equal 'This is a Ruby source file', attachment.description end def test_download_all_with_valid_container @request.session[:user_id] = 2 get( :download_all, :params => { :object_type => 'issues', :object_id => '2' } ) assert_response 200 assert_equal response.headers['Content-Type'], 'application/zip' assert_match /issue-2-attachments.zip/, response.headers['Content-Disposition'] assert_not_includes Dir.entries(Rails.root.join('tmp')), /attachments_zip/ end def test_download_all_with_invalid_container @request.session[:user_id] = 2 get( :download_all, :params => { :object_type => 'issues', :object_id => '999' } ) assert_response 404 end def test_download_all_without_readable_attachments @request.session[:user_id] = 2 get( :download_all, :params => { :object_type => 'issues', :object_id => '1' } ) assert_equal Issue.find(1).attachments, [] assert_response 404 end def test_download_all_with_invisible_journal Project.find(1).update_column :is_public, false Member.delete_all @request.session[:user_id] = 2 User.current = User.find(2) assert_not Journal.find(3).journalized.visible? get( :download_all, :params => { :object_type => 'journals', :object_id => '3' } ) assert_response 403 end def test_download_all_with_maximum_bulk_download_size_larger_than_attachments with_settings :bulk_download_max_size => 0 do @request.session[:user_id] = 2 get( :download_all, :params => { :object_type => 'issues', :object_id => '2', :back_url => '/issues/123' } ) assert_redirected_to '/issues/123' assert_equal flash[:error], 'These attachments cannot be bulk downloaded because the total file size exceeds the maximum allowed size (0 Bytes)' end end def test_download_all_redirects_to_container_url_on_error with_settings :bulk_download_max_size => 0 do @request.session[:user_id] = 2 get( :download_all, :params => { :object_type => 'issues', :object_id => '2', :back_url => 'https://example.com' } ) assert_redirected_to '/issues/2' assert_equal flash[:error], 'These attachments cannot be bulk downloaded because the total file size exceeds the maximum allowed size (0 Bytes)' end end def test_destroy_issue_attachment set_tmp_attachments_directory issue = Issue.find(3) @request.session[:user_id] = 2 assert_difference 'issue.attachments.count', -1 do assert_difference 'Journal.count' do delete( :destroy, :params => { :id => 1 } ) assert_redirected_to '/projects/ecookbook' end end assert_nil Attachment.find_by_id(1) j = Journal.order('id DESC').first assert_equal issue, j.journalized assert_equal 'attachment', j.details.first.property assert_equal '1', j.details.first.prop_key assert_equal 'error281.txt', j.details.first.old_value assert_equal User.find(2), j.user end def test_destroy_wiki_page_attachment set_tmp_attachments_directory @request.session[:user_id] = 2 assert_difference 'Attachment.count', -1 do delete( :destroy, :params => { :id => 3 } ) assert_response 302 end end def test_destroy_project_attachment set_tmp_attachments_directory @request.session[:user_id] = 2 assert_difference 'Attachment.count', -1 do delete( :destroy, :params => { :id => 8 } ) assert_response 302 end end def test_destroy_version_attachment set_tmp_attachments_directory @request.session[:user_id] = 2 assert_difference 'Attachment.count', -1 do delete( :destroy, :params => { :id => 9 } ) assert_response 302 end end def test_destroy_version_attachment_with_issue_tracking_disabled Project.find(1).disable_module! :issue_tracking set_tmp_attachments_directory @request.session[:user_id] = 2 assert_difference 'Attachment.count', -1 do delete( :destroy, :params => { :id => 9 } ) assert_response 302 end end def test_destroy_without_permission set_tmp_attachments_directory assert_no_difference 'Attachment.count' do delete( :destroy, :params => { :id => 3 } ) end assert_response 302 assert Attachment.find_by_id(3) end def test_destroy_issue_attachment_by_user_without_edit_issue_permission_on_tracker role = Role.find(2) role.set_permission_trackers 'edit_issues', [2, 3] role.save! @request.session[:user_id] = 2 set_tmp_attachments_directory assert_no_difference 'Attachment.count' do delete( :destroy, :params => { :id => 7 } ) end assert_response 403 assert Attachment.find_by_id(7) end end