kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Ensure direct uploads to a public S3 service have a public ACL

Browse source
This commit is contained in:
Mikel Kew 2020-04-29 05:42:17 +10:00 committed by GitHub
parent fb28da270d
commit cf7c27f2ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 69 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
activestorage/lib/active_storage/service/s3_service.rb
View file

@ -80,7 +80,7 @@ module ActiveStorage
def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
instrument :url, key: key do |payload|
generated_url = object_for(key).presigned_url :put, expires_in: expires_in.to_i,
content_type: content_type, content_length: content_length, content_md5: checksum
content_type: content_type, content_length: content_length, content_md5: checksum, **upload_options
payload[:url] = generated_url

24
activestorage/test/service/azure_storage_public_service_test.rb
View file

@ -17,6 +17,30 @@ if SERVICE_CONFIGURATIONS[:azure_public]
response = Net::HTTP.get_response(URI(url))
assert_equal "200", response.code
end
test "direct upload" do
key = SecureRandom.base58(24)
data = "Something else entirely!"
checksum = Digest::MD5.base64digest(data)
content_type = "text/xml"
url = @service.url_for_direct_upload(key, expires_in: 5.minutes, content_type: content_type, content_length: data.size, checksum: checksum)
uri = URI.parse url
request = Net::HTTP::Put.new uri.request_uri
request.body = data
@service.headers_for_direct_upload(key, checksum: checksum, content_type: content_type, filename: ActiveStorage::Filename.new("test.txt")).each do |k, v|
request.add_field k, v
end
Net::HTTP.start(uri.host, uri.port, use_ssl: true) do |http|
http.request request
end
response = Net::HTTP.get_response(URI(@service.url(key)))
assert_equal "200", response.code
assert_equal data, response.body
ensure
@service.delete key
end
end
else
puts "Skipping Azure Storage Public Service tests because no Azure configuration was supplied"

22
activestorage/test/service/gcs_public_service_test.rb
View file

@ -17,6 +17,28 @@ if SERVICE_CONFIGURATIONS[:gcs_public]
response = Net::HTTP.get_response(URI(url))
assert_equal "200", response.code
end
test "direct upload" do
key = SecureRandom.base58(24)
data = "Something else entirely!"
checksum = Digest::MD5.base64digest(data)
url = @service.url_for_direct_upload(key, expires_in: 5.minutes, content_type: "text/plain", content_length: data.size, checksum: checksum)
uri = URI.parse url
request = Net::HTTP::Put.new uri.request_uri
request.body = data
request.add_field "Content-Type", ""
request.add_field "Content-MD5", checksum
Net::HTTP.start(uri.host, uri.port, use_ssl: true) do |http|
http.request request
end
response = Net::HTTP.get_response(URI(@service.url(key)))
assert_equal "200", response.code
assert_equal data, response.body
ensure
@service.delete key
end
end
else
puts "Skipping GCS Public Service tests because no GCS configuration was supplied"

22
activestorage/test/service/s3_public_service_test.rb
View file

@ -22,6 +22,28 @@ if SERVICE_CONFIGURATIONS[:s3_public]
response = Net::HTTP.get_response(URI(url))
assert_equal "200", response.code
end
test "direct upload" do
key = SecureRandom.base58(24)
data = "Something else entirely!"
checksum = Digest::MD5.base64digest(data)
url = @service.url_for_direct_upload(key, expires_in: 5.minutes, content_type: "text/plain", content_length: data.size, checksum: checksum)
uri = URI.parse url
request = Net::HTTP::Put.new uri.request_uri
request.body = data
request.add_field "Content-Type", "text/plain"
request.add_field "Content-MD5", checksum
Net::HTTP.start(uri.host, uri.port, use_ssl: true) do |http|
http.request request
end
response = Net::HTTP.get_response(URI(@service.url(key)))
assert_equal "200", response.code
assert_equal data, response.body
ensure
@service.delete key
end
end
else
puts "Skipping S3 Public Service tests because no S3 configuration was supplied"