diff --git a/lib/carrierwave/locale/en.yml b/lib/carrierwave/locale/en.yml index e10643e61..9a5ba0a83 100644 --- a/lib/carrierwave/locale/en.yml +++ b/lib/carrierwave/locale/en.yml @@ -4,10 +4,10 @@ en: carrierwave_processing_error: failed to be processed carrierwave_integrity_error: is not of an allowed file type carrierwave_download_error: could not be downloaded - extension_whitelist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}" - extension_blacklist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}" - content_type_whitelist_error: "You are not allowed to upload %{content_type} files, allowed types: %{allowed_types}" - content_type_blacklist_error: "You are not allowed to upload %{content_type} files" + extension_allowlist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}" + extension_denylist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}" + content_type_allowlist_error: "You are not allowed to upload %{content_type} files, allowed types: %{allowed_types}" + content_type_denylist_error: "You are not allowed to upload %{content_type} files" rmagick_processing_error: "Failed to manipulate with rmagick, maybe it is not an image?" mini_magick_processing_error: "Failed to manipulate with MiniMagick, maybe it is not an image? Original Error: %{e}" min_size_error: "File size should be greater than %{min_size}" diff --git a/lib/carrierwave/uploader/content_type_blacklist.rb b/lib/carrierwave/uploader/content_type_blacklist.rb index 9cd13d725..5b8d04064 100644 --- a/lib/carrierwave/uploader/content_type_blacklist.rb +++ b/lib/carrierwave/uploader/content_type_blacklist.rb @@ -8,45 +8,48 @@ module ContentTypeBlacklist end ## - # Override this method in your uploader to provide a blacklist of files content types + # Override this method in your uploader to provide a denylist of files content types # which are not allowed to be uploaded. # Not only strings but Regexp are allowed as well. # # === Returns # - # [NilClass, String, Regexp, Array[String, Regexp]] a blacklist of content types which are not allowed to be uploaded + # [NilClass, String, Regexp, Array[String, Regexp]] a denylist of content types which are not allowed to be uploaded # # === Examples # - # def content_type_blacklist + # def content_type_denylist # %w(text/json application/json) # end # # Basically the same, but using a Regexp: # - # def content_type_blacklist + # def content_type_denylist # [/(text|application)\/json/] # end # - def content_type_blacklist - content_type_blocklist + def content_type_denylist + if respond_to?(:content_type_blacklist) + ActiveSupport::Deprecation.warn "#content_type_blacklist is deprecated, use #content_type_denylist instead." unless instance_variable_defined?(:@content_type_blacklist_warned) + @content_type_blacklist_warned = true + content_type_blacklist + end end - def content_type_blocklist; end - private def check_content_type_blacklist!(new_file) - return unless content_type_blacklist + return unless content_type_denylist content_type = new_file.content_type if blacklisted_content_type?(content_type) - raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_blacklist_error", content_type: content_type) + raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_blacklist_error", + content_type: content_type, default: :"errors.messages.content_type_denylist_error") end end def blacklisted_content_type?(content_type) - Array(content_type_blacklist).any? { |item| content_type =~ /#{item}/ } + Array(content_type_denylist).any? { |item| content_type =~ /#{item}/ } end end # ContentTypeBlacklist diff --git a/lib/carrierwave/uploader/content_type_whitelist.rb b/lib/carrierwave/uploader/content_type_whitelist.rb index 06fe9f750..2d723c5a0 100644 --- a/lib/carrierwave/uploader/content_type_whitelist.rb +++ b/lib/carrierwave/uploader/content_type_whitelist.rb @@ -7,46 +7,49 @@ module ContentTypeWhitelist before :cache, :check_content_type_whitelist! end - def content_type_allowlist; end - ## - # Override this method in your uploader to provide a whitelist of files content types + # Override this method in your uploader to provide an allowlist of files content types # which are allowed to be uploaded. # Not only strings but Regexp are allowed as well. # # === Returns # - # [NilClass, String, Regexp, Array[String, Regexp]] a whitelist of content types which are allowed to be uploaded + # [NilClass, String, Regexp, Array[String, Regexp]] an allowlist of content types which are allowed to be uploaded # # === Examples # - # def content_type_whitelist + # def content_type_allowlist # %w(text/json application/json) # end # # Basically the same, but using a Regexp: # - # def content_type_whitelist + # def content_type_allowlist # [/(text|application)\/json/] # end # - def content_type_whitelist - content_type_allowlist + def content_type_allowlist + if respond_to?(:content_type_whitelist) + ActiveSupport::Deprecation.warn "#content_type_whitelist is deprecated, use #content_type_allowlist instead." unless instance_variable_defined?(:@content_type_whitelist_warned) + @content_type_whitelist_warned = true + content_type_whitelist + end end private def check_content_type_whitelist!(new_file) - return unless content_type_whitelist + return unless content_type_allowlist content_type = new_file.content_type if !whitelisted_content_type?(content_type) - raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_whitelist_error", content_type: content_type, allowed_types: Array(content_type_whitelist).join(", ")) + raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_whitelist_error", content_type: content_type, + allowed_types: Array(content_type_allowlist).join(", "), default: :"errors.messages.content_type_allowlist_error") end end def whitelisted_content_type?(content_type) - Array(content_type_whitelist).any? do |item| + Array(content_type_allowlist).any? do |item| item = Regexp.quote(item) if item.class != Regexp content_type =~ /#{item}/ end diff --git a/lib/carrierwave/uploader/extension_blacklist.rb b/lib/carrierwave/uploader/extension_blacklist.rb index 1a14e0006..1bf527033 100644 --- a/lib/carrierwave/uploader/extension_blacklist.rb +++ b/lib/carrierwave/uploader/extension_blacklist.rb @@ -8,49 +8,51 @@ module ExtensionBlacklist end ## - # Override this method in your uploader to provide a black list of extensions which + # Override this method in your uploader to provide a denylist of extensions which # are prohibited to be uploaded. Compares the file's extension case insensitive. # Furthermore, not only strings but Regexp are allowed as well. # - # When using a Regexp in the black list, `\A` and `\z` are automatically added to + # When using a Regexp in the denylist, `\A` and `\z` are automatically added to # the Regexp expression, also case insensitive. # # === Returns - # [NilClass, String, Regexp, Array[String, Regexp]] a black list of extensions which are prohibited to be uploaded + # [NilClass, String, Regexp, Array[String, Regexp]] a deny list of extensions which are prohibited to be uploaded # # === Examples # - # def extension_blacklist + # def extension_denylist # %w(swf tiff) # end # # Basically the same, but using a Regexp: # - # def extension_blacklist + # def extension_denylist # [/swf/, 'tiff'] # end # - - def extension_blacklist - extension_blocklist + def extension_denylist + if respond_to?(:extension_blacklist) + ActiveSupport::Deprecation.warn "#extension_blacklist is deprecated, use #extension_denylist instead." unless instance_variable_defined?(:@extension_blacklist_warned) + @extension_blacklist_warned = true + extension_blacklist + end end - def extension_blocklist; end - private def check_extension_blacklist!(new_file) - return unless extension_blacklist + return unless extension_denylist extension = new_file.extension.to_s if blacklisted_extension?(extension) - raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_blacklist_error", extension: new_file.extension.inspect, prohibited_types: Array(extension_blacklist).join(", ")) + raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_blacklist_error", extension: new_file.extension.inspect, + prohibited_types: Array(extension_denylist).join(", "), default: :"errors.messages.extension_denylist_error") end end def blacklisted_extension?(extension) - Array(extension_blacklist).any? { |item| extension =~ /\A#{item}\z/i } + Array(extension_denylist).any? { |item| extension =~ /\A#{item}\z/i } end end end diff --git a/lib/carrierwave/uploader/extension_whitelist.rb b/lib/carrierwave/uploader/extension_whitelist.rb index a252ebb95..379bbfff8 100644 --- a/lib/carrierwave/uploader/extension_whitelist.rb +++ b/lib/carrierwave/uploader/extension_whitelist.rb @@ -7,52 +7,55 @@ module ExtensionWhitelist before :cache, :check_extension_whitelist! end - def extension_allowlist; end - ## - # Override this method in your uploader to provide a white list of extensions which + # Override this method in your uploader to provide an allowlist of extensions which # are allowed to be uploaded. Compares the file's extension case insensitive. # Furthermore, not only strings but Regexp are allowed as well. # - # When using a Regexp in the white list, `\A` and `\z` are automatically added to + # When using a Regexp in the allowlist, `\A` and `\z` are automatically added to # the Regexp expression, also case insensitive. # # === Returns # - # [NilClass, String, Regexp, Array[String, Regexp]] a white list of extensions which are allowed to be uploaded + # [NilClass, String, Regexp, Array[String, Regexp]] an allowlist of extensions which are allowed to be uploaded # # === Examples # - # def extension_whitelist + # def extension_allowlist # %w(jpg jpeg gif png) # end # # Basically the same, but using a Regexp: # - # def extension_whitelist + # def extension_allowlist # [/jpe?g/, 'gif', 'png'] # end # - def extension_whitelist - extension_allowlist + def extension_allowlist + if respond_to?(:extension_whitelist) + ActiveSupport::Deprecation.warn "#extension_whitelist is deprecated, use #extension_allowlist instead." unless instance_variable_defined?(:@extension_whitelist_warned) + @extension_whitelist_warned = true + extension_whitelist + end end private def check_extension_whitelist!(new_file) - return unless extension_whitelist + return unless extension_allowlist extension = new_file.extension.to_s if !whitelisted_extension?(extension) - raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_whitelist_error", extension: new_file.extension.inspect, allowed_types: Array(extension_whitelist).join(", ")) + # Look for whitelist first, then fallback to allowlist + raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_whitelist_error", extension: new_file.extension.inspect, + allowed_types: Array(extension_allowlist).join(", "), default: :"errors.messages.extension_allowlist_error") end end def whitelisted_extension?(extension) downcase_extension = extension.downcase - Array(extension_whitelist).any? { |item| downcase_extension =~ /\A#{item}\z/i } + Array(extension_allowlist).any? { |item| downcase_extension =~ /\A#{item}\z/i } end - end # ExtensionWhitelist end # Uploader end # CarrierWave diff --git a/spec/uploader/content_type_blacklist_spec.rb b/spec/uploader/content_type_blacklist_spec.rb index 46894998c..1312b162c 100644 --- a/spec/uploader/content_type_blacklist_spec.rb +++ b/spec/uploader/content_type_blacklist_spec.rb @@ -14,52 +14,68 @@ allow(CarrierWave).to receive(:generate_cache_id).and_return('1369894322-345-1234-2255') end - context "when there is no blacklist" do + context "when there is no denylist" do it "does not raise an integrity error" do - allow(uploader).to receive(:content_type_blacklist).and_return(nil) + allow(uploader).to receive(:content_type_denylist).and_return(nil) expect { uploader.cache!(ruby_file) }.not_to raise_error end end - context "when there is a blacklist" do - context "when the blacklist is an array of values" do - it "does not raise an integrity error when the file has not a blacklisted content type" do - allow(uploader).to receive(:content_type_blacklist).and_return(['image/gif']) + context "when there is a denylist" do + context "when the denylist is an array of values" do + it "does not raise an integrity error when the file has not a denylisted content type" do + allow(uploader).to receive(:content_type_denylist).and_return(['image/gif']) expect { uploader.cache!(bork_file) }.not_to raise_error end - it "raises an integrity error if the file has a blacklisted content type" do - allow(uploader).to receive(:content_type_blacklist).and_return(['image/png']) + it "raises an integrity error if the file has a denylisted content type" do + allow(uploader).to receive(:content_type_denylist).and_return(['image/png']) - expect { uploader.cache!(ruby_file) }.to raise_error(CarrierWave::IntegrityError) + expect { uploader.cache!(ruby_file) }.to raise_error(CarrierWave::IntegrityError, 'You are not allowed to upload image/png files') end - it "raises an integrity error if the file has a blocklisted content type" do - allow(uploader).to receive(:content_type_blocklist).and_return(['image/png']) + it "accepts content types as regular expressions" do + allow(uploader).to receive(:content_type_denylist).and_return([/image\//]) expect { uploader.cache!(ruby_file) }.to raise_error(CarrierWave::IntegrityError) end + end - it "accepts content types as regular expressions" do - allow(uploader).to receive(:content_type_blacklist).and_return([/image\//]) + context "when the denylist is a single value" do + it "accepts a single content type string value" do + allow(uploader).to receive(:content_type_denylist).and_return('image/gif') - expect { uploader.cache!(ruby_file) }.to raise_error(CarrierWave::IntegrityError) + expect { uploader.cache!(ruby_file) }.not_to raise_error end - end - context "when the blacklist is a single value" do - it "accepts a single extension string value" do - allow(uploader).to receive(:extension_whitelist).and_return('jpeg') + it "accepts a single content type regular expression value" do + allow(uploader).to receive(:content_type_denylist).and_return(/image\/gif/) - expect { uploader.cache!(test_file) }.not_to raise_error + expect { uploader.cache!(ruby_file) }.not_to raise_error end + end + end + + context "when there is a blacklist" do + it "uses the blacklist but shows deprecation" do + allow(uploader).to receive(:content_type_blacklist).and_return(['image/png']) + + expect(ActiveSupport::Deprecation).to receive(:warn).with('#content_type_blacklist is deprecated, use #content_type_denylist instead.') + expect { uploader.cache!(ruby_file) }.to raise_error(CarrierWave::IntegrityError) + end - it "accepts a single extension regular expression value" do - allow(uploader).to receive(:extension_whitelist).and_return(/jpe?g/) + it "looks for content_type_whitelist first for I18n translation" do + allow(uploader).to receive(:content_type_denylist).and_return(['image/png']) - expect { uploader.cache!(test_file) }.not_to raise_error + change_locale_and_store_translations(:nl, :errors => { + :messages => { + :content_type_denylist_error => "this will not be used", + :content_type_blacklist_error => "Het is niet toegestaan om %{content_type} bestanden te uploaden" + } + }) do + expect { uploader.cache!(ruby_file) }.to raise_error(CarrierWave::IntegrityError, 'Het is niet toegestaan om image/png bestanden te uploaden') end end end diff --git a/spec/uploader/content_type_whitelist_spec.rb b/spec/uploader/content_type_whitelist_spec.rb index 8400145de..e5b7ebecf 100644 --- a/spec/uploader/content_type_whitelist_spec.rb +++ b/spec/uploader/content_type_whitelist_spec.rb @@ -4,6 +4,7 @@ let(:uploader_class) { Class.new(CarrierWave::Uploader::Base) } let(:uploader) { uploader_class.new } let(:ruby_file) { File.open(file_path('ruby.gif')) } + let(:bork_file) { File.open(file_path('bork.txt')) } let(:vector_file) { File.open(file_path('ruby.svg')) } after { FileUtils.rm_rf(public_path) } @@ -13,42 +14,34 @@ allow(CarrierWave).to receive(:generate_cache_id).and_return('1369894322-345-1234-2255') end - context "when there is no whitelist" do + context "when there is no allowlist" do it "does not raise an integrity error" do - allow(uploader).to receive(:content_type_whitelist).and_return(nil) + allow(uploader).to receive(:content_type_allowlist).and_return(nil) expect { uploader.cache!(ruby_file) }.not_to raise_error end end - context "when there is a whitelist" do - context "when the whitelist is an array of values" do - let(:bork_file) { File.open(file_path('bork.txt')) } - - it "does not raise an integrity error when the file has a whitelisted content type" do - allow(uploader).to receive(:content_type_whitelist).and_return(['image/png']) + context "when there is an allowlist" do + context "when the allowlist is an array of values" do + it "does not raise an integrity error when the file has an allowlisted content type" do + allow(uploader).to receive(:content_type_allowlist).and_return(['image/png']) expect { uploader.cache!(ruby_file) }.not_to raise_error end it "accepts content types with a + symbol" do - allow(uploader).to receive(:content_type_whitelist).and_return(['image/svg+xml']) + allow(uploader).to receive(:content_type_allowlist).and_return(['image/svg+xml']) expect { uploader.cache!(vector_file) }.not_to raise_error end it "accepts a list of content types with mixed regular expressions and strings" do - allow(uploader).to receive(:content_type_whitelist).and_return(['application/pdf', %r{image/}]) + allow(uploader).to receive(:content_type_allowlist).and_return(['application/pdf', %r{image/}]) expect { uploader.cache!(ruby_file) }.not_to raise_error end - it "raises an integrity error the file has not a whitelisted content type" do - allow(uploader).to receive(:content_type_whitelist).and_return(['image/gif']) - - expect { uploader.cache!(bork_file) }.to raise_error(CarrierWave::IntegrityError) - end - it "raises an integrity error the file has not an allowlisted content type" do allow(uploader).to receive(:content_type_allowlist).and_return(['image/gif']) @@ -56,31 +49,57 @@ end it "accepts content types as regular expressions" do - allow(uploader).to receive(:content_type_whitelist).and_return([/image\//]) + allow(uploader).to receive(:content_type_allowlist).and_return([/image\//]) expect { uploader.cache!(bork_file) }.to raise_error(CarrierWave::IntegrityError) end it "raises an integrity error which lists the allowed content types" do - allow(uploader).to receive(:content_type_whitelist).and_return(['image/gif', 'image/jpg']) + allow(uploader).to receive(:content_type_allowlist).and_return(['image/gif', 'image/jpg']) expect { uploader.cache!(bork_file) }.to raise_error(CarrierWave::IntegrityError, %r{(?:image/gif|image/jpg)}) end end - context "when the whitelist is a single value" do + context "when the allowlist is a single value" do let(:test_file) { File.open(file_path('test.jpeg')) } - it "accepts a single extension string value" do - allow(uploader).to receive(:extension_whitelist).and_return('jpeg') + it "accepts a single content type string value" do + allow(uploader).to receive(:content_type_allowlist).and_return('image/png') + + expect { uploader.cache!(ruby_file) }.not_to raise_error + end + + it "accepts a single content type regular expression value" do + allow(uploader).to receive(:content_type_allowlist).and_return(/image\//) - expect { uploader.cache!(test_file) }.not_to raise_error + expect { uploader.cache!(ruby_file) }.not_to raise_error end + end + end + + context "when there is a whitelist" do + it "uses the whitelist but shows deprecation" do + allow(uploader).to receive(:content_type_whitelist).and_return(['image/gif']) - it "accepts a single extension regular expression value" do - allow(uploader).to receive(:extension_whitelist).and_return(/jpe?g/) + expect(ActiveSupport::Deprecation).to receive(:warn).with('#content_type_whitelist is deprecated, use #content_type_allowlist instead.') + expect(running { + uploader.cache!(bork_file) + }).to raise_error(CarrierWave::IntegrityError) + end - expect { uploader.cache!(test_file) }.not_to raise_error + it "looks for content_type_whitelist first for I18n translation" do + allow(uploader).to receive(:content_type_allowlist).and_return(['image/gif']) + + change_locale_and_store_translations(:nl, :errors => { + :messages => { + :content_type_allowlist_error => "this will not be used", + :content_type_whitelist_error => "Het is niet toegestaan om %{content_type} bestanden te uploaden" + } + }) do + expect(running { + uploader.cache!(bork_file) + }).to raise_error(CarrierWave::IntegrityError, 'Het is niet toegestaan om text/plain bestanden te uploaden') end end end diff --git a/spec/uploader/extension_blacklist_spec.rb b/spec/uploader/extension_blacklist_spec.rb index 014240c1c..d1ec70f11 100644 --- a/spec/uploader/extension_blacklist_spec.rb +++ b/spec/uploader/extension_blacklist_spec.rb @@ -10,77 +10,74 @@ let(:test_file) { File.open(file_path(test_file_name)) } after { FileUtils.rm_rf(public_path) } - before { allow(CarrierWave).to receive(:generate_cache_id).and_return(cache_id) } describe '#cache!' do - before { allow(uploader).to receive(:extension_blocklist).and_return(extension_blacklist) } - - context "when there are no blacklisted extensions" do - let(:extension_blacklist) { nil } - + context "when there are no denylisted extensions" do it "doesn't raise an integrity error" do is_expected.not_to raise_error end end - context "when there is a blacklist" do - context "when the blacklist is an array of values" do - context "when the file extension matches a blacklisted extension" do - let(:extension_blacklist) { %w(jpg gif png) } + context "when there is a denylist" do + before { allow(uploader).to receive(:extension_denylist).and_return(extension_denylist) } + + context "when the denylist is an array of values" do + context "when the file extension matches a denylisted extension" do + let(:extension_denylist) { %w(jpg gif png) } it "raises an integrity error" do - is_expected.to raise_error(CarrierWave::IntegrityError) + is_expected.to raise_error(CarrierWave::IntegrityError, 'You are not allowed to upload "jpg" files, prohibited types: jpg, gif, png') end end - context "when the file extension doesn't match a blacklisted extension" do - let(:extension_blacklist) { %w(txt doc xls) } + context "when the file extension doesn't match a denylisted extension" do + let(:extension_denylist) { %w(txt doc xls) } it "doesn't raise an integrity error" do is_expected.to_not raise_error end end - context "when the file extension has only the starting part of a blacklisted extension string" do + context "when the file extension has only the starting part of a denylisted extension string" do let(:text_file_name) { 'bork.ttxt' } - let(:extension_blacklist) { %w(txt) } + let(:extension_denylist) { %w(txt) } it "doesn't raise an integrity error" do is_expected.to_not raise_error end end - context "when the file extension has only the ending part of a blacklisted extension string" do + context "when the file extension has only the ending part of a denylisted extension string" do let(:text_file_name) { 'bork.txtt' } - let(:extension_blacklist) { %w(txt) } + let(:extension_denylist) { %w(txt) } it "doesn't raise an integrity error" do is_expected.to_not raise_error end end - context "when the file has a capitalized extension of a blacklisted extension" do + context "when the file has a capitalized extension of a denylisted extension" do let(:text_file_name) { 'case.JPG' } - let(:extension_blacklist) { %w(jpg gif png) } + let(:extension_denylist) { %w(jpg gif png) } it "raise an integrity error" do is_expected.to raise_error(CarrierWave::IntegrityError) end end - context "when the file has an extension which matches a blacklisted capitalized extension" do + context "when the file has an extension which matches a denylisted capitalized extension" do let(:text_file_name) { 'test.jpg' } - let(:extension_blacklist) { %w(JPG GIF PNG) } + let(:extension_denylist) { %w(JPG GIF PNG) } it "raise an integrity error" do is_expected.to raise_error(CarrierWave::IntegrityError) end end - context "when the file has an extension which matches the blacklisted extension regular expression" do + context "when the file has an extension which matches the denylisted extension regular expression" do let(:text_file_name) { 'test.jpeg' } - let(:extension_blacklist) { [/jpe?g/, 'gif', 'png'] } + let(:extension_denylist) { [/jpe?g/, 'gif', 'png'] } it "raise an integrity error" do is_expected.to raise_error(CarrierWave::IntegrityError) @@ -88,19 +85,19 @@ end end - context "when the blacklist is a single value" do - context "when the file has an extension which is equal the blacklisted extension string" do + context "when the denylist is a single value" do + context "when the file has an extension which is equal the denylisted extension string" do let(:test_file_name) { 'test.jpeg' } - let(:extension_blacklist) { 'jpeg' } + let(:extension_denylist) { 'jpeg' } it "raises an integrity error" do is_expected.to raise_error(CarrierWave::IntegrityError) end end - context "when the file has a name which matches the blacklisted extension regular expression" do + context "when the file has a name which matches the denylisted extension regular expression" do let(:text_file_name) { 'test.jpeg' } - let(:extension_blacklist) { /jpe?g/ } + let(:extension_denylist) { /jpe?g/ } it "raise an integrity error" do is_expected.to raise_error(CarrierWave::IntegrityError) @@ -108,5 +105,27 @@ end end end + + context "when there is a blacklist" do + it "uses the blacklist but shows deprecation" do + allow(uploader).to receive(:extension_blacklist).and_return(%w(jpg gif png)) + + expect(ActiveSupport::Deprecation).to receive(:warn).with('#extension_blacklist is deprecated, use #extension_denylist instead.') + is_expected.to raise_error(CarrierWave::IntegrityError) + end + + it "looks for extension_whitelist first for I18n translation" do + allow(uploader).to receive(:extension_denylist).and_return(%w(jpg gif png)) + + change_locale_and_store_translations(:nl, :errors => { + :messages => { + :extension_denylist_error => "this will not be used", + :extension_blacklist_error => "Het is niet toegestaan om %{extension} bestanden te uploaden; verboden bestandstypes: %{prohibited_types}" + } + }) do + is_expected.to raise_error(CarrierWave::IntegrityError, 'Het is niet toegestaan om "jpg" bestanden te uploaden; verboden bestandstypes: jpg, gif, png') + end + end + end end end diff --git a/spec/uploader/extension_whitelist_spec.rb b/spec/uploader/extension_whitelist_spec.rb index e200a3917..eecdccc68 100644 --- a/spec/uploader/extension_whitelist_spec.rb +++ b/spec/uploader/extension_whitelist_spec.rb @@ -15,9 +15,9 @@ allow(CarrierWave).to receive(:generate_cache_id).and_return('1369894322-345-1234-2255') end - context "when there is no whitelist" do + context "when there is no allowlist" do it "does not raise an integrity error" do - allow(@uploader).to receive(:extension_whitelist).and_return(nil) + allow(@uploader).to receive(:extension_allowlist).and_return(nil) expect(running { @uploader.cache!(File.open(file_path('test.jpg'))) @@ -25,22 +25,22 @@ end end - context "when there is a whitelist" do - context "when the whitelist is an array of values" do - it "does not raise an integrity error when the file has a whitelisted extension" do - allow(@uploader).to receive(:extension_whitelist).and_return(%w(jpg gif png)) + context "when there is an allowlist" do + context "when the allowlist is an array of values" do + it "does not raise an integrity error when the file has an allowlisted extension" do + allow(@uploader).to receive(:extension_allowlist).and_return(%w(jpg gif png)) expect(running { @uploader.cache!(File.open(file_path('test.jpg'))) }).not_to raise_error end - it "raises an integrity error if the file has not a whitelisted extension" do - allow(@uploader).to receive(:extension_whitelist).and_return(%w(txt doc xls)) + it "raises an integrity error if the file has not an allowlisted extension" do + allow(@uploader).to receive(:extension_allowlist).and_return(%w(txt doc xls)) expect(running { @uploader.cache!(File.open(file_path('test.jpg'))) - }).to raise_error(CarrierWave::IntegrityError) + }).to raise_error(CarrierWave::IntegrityError, 'You are not allowed to upload "jpg" files, allowed types: txt, doc, xls') end it "raises an integrity error if the file has not an allowlisted extension" do @@ -51,16 +51,16 @@ }).to raise_error(CarrierWave::IntegrityError) end - it "raises an integrity error if the file has not a whitelisted extension, using start of string matcher" do - allow(@uploader).to receive(:extension_whitelist).and_return(%w(txt)) + it "raises an integrity error if the file has not an allowlisted extension, using start of string matcher" do + allow(@uploader).to receive(:extension_allowlist).and_return(%w(txt)) expect(running { @uploader.cache!(File.open(file_path('bork.ttxt'))) }).to raise_error(CarrierWave::IntegrityError) end - it "raises an integrity error if the file has not a whitelisted extension, using end of string matcher" do - allow(@uploader).to receive(:extension_whitelist).and_return(%w(txt)) + it "raises an integrity error if the file has not an allowlisted extension, using end of string matcher" do + allow(@uploader).to receive(:extension_allowlist).and_return(%w(txt)) expect(running { @uploader.cache!(File.open(file_path('bork.txtt'))) @@ -68,7 +68,7 @@ end it "compares extensions in a case insensitive manner when capitalized extension provided" do - allow(@uploader).to receive(:extension_whitelist).and_return(%w(jpg gif png)) + allow(@uploader).to receive(:extension_allowlist).and_return(%w(jpg gif png)) expect(running { @uploader.cache!(File.open(file_path('case.JPG'))) @@ -76,7 +76,7 @@ end it "compares extensions in a case insensitive manner when lowercase extension provided" do - allow(@uploader).to receive(:extension_whitelist).and_return(%w(JPG GIF PNG)) + allow(@uploader).to receive(:extension_allowlist).and_return(%w(JPG GIF PNG)) expect(running { @uploader.cache!(File.open(file_path('test.jpg'))) @@ -84,7 +84,7 @@ end it "accepts extensions as regular expressions" do - allow(@uploader).to receive(:extension_whitelist).and_return([/jpe?g/, 'gif', 'png']) + allow(@uploader).to receive(:extension_allowlist).and_return([/jpe?g/, 'gif', 'png']) expect(running { @uploader.cache!(File.open(file_path('test.jpeg'))) @@ -93,27 +93,53 @@ it "accepts extensions as regular expressions in a case insensitive manner" do - allow(@uploader).to receive(:extension_whitelist).and_return([/jpe?g/, 'gif', 'png']) + allow(@uploader).to receive(:extension_allowlist).and_return([/jpe?g/, 'gif', 'png']) expect(running { @uploader.cache!(File.open(file_path('case.JPG'))) }).not_to raise_error end end - context "when the whitelist is a single value" do + context "when the allowlist is a single value" do it "accepts a single extension string value" do - allow(@uploader).to receive(:extension_whitelist).and_return('jpeg') + allow(@uploader).to receive(:extension_allowlist).and_return('jpeg') expect { @uploader.cache!(File.open(file_path('test.jpg'))) }.to raise_error(CarrierWave::IntegrityError) end it "accepts a single extension regular expression value" do - allow(@uploader).to receive(:extension_whitelist).and_return(/jpe?g/) + allow(@uploader).to receive(:extension_allowlist).and_return(/jpe?g/) expect { @uploader.cache!(File.open(file_path('bork.txt')))}.to raise_error(CarrierWave::IntegrityError) end end end + + context "when there is a whitelist" do + it "uses the whitelist but shows deprecation" do + allow(@uploader).to receive(:extension_whitelist).and_return(%w(txt doc xls)) + + expect(ActiveSupport::Deprecation).to receive(:warn).with('#extension_whitelist is deprecated, use #extension_allowlist instead.') + expect(running { + @uploader.cache!(File.open(file_path('test.jpg'))) + }).to raise_error(CarrierWave::IntegrityError) + end + + it "looks for extension_whitelist first for I18n translation" do + allow(@uploader).to receive(:extension_allowlist).and_return(%w(txt doc xls)) + + change_locale_and_store_translations(:nl, :errors => { + :messages => { + :extension_allowlist_error => "this will not be used", + :extension_whitelist_error => "Het is niet toegestaan om %{extension} bestanden te uploaden; toegestane bestandstypes: %{allowed_types}" + } + }) do + expect(running { + @uploader.cache!(File.open(file_path('test.jpg'))) + }).to raise_error(CarrierWave::IntegrityError, 'Het is niet toegestaan om "jpg" bestanden te uploaden; toegestane bestandstypes: txt, doc, xls') + end + end + end end end