mirror of
https://github.com/discourse/discourse.git
synced 2025-06-15 10:31:23 +08:00
FIX: ensure extra locales are only available to staff
This commit is contained in:
Régis Hanol
@ -1,7 +1,6 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class ExtraLocalesController < ApplicationController
|
class ExtraLocalesController < ApplicationController
|
||||||
|
|
||||||
layout :false
|
layout :false
|
||||||
|
|
||||||
skip_before_action :check_xhr,
|
skip_before_action :check_xhr,
|
||||||
@ -11,13 +10,14 @@ class ExtraLocalesController < ApplicationController
|
|||||||
|
|
||||||
def show
|
def show
|
||||||
bundle = params[:bundle]
|
bundle = params[:bundle]
|
||||||
raise Discourse::InvalidAccess.new unless bundle =~ /^(admin|wizard)$/
|
|
||||||
if params[:v] && params[:v].length == 32
|
raise Discourse::InvalidAccess.new if bundle !~ /^(admin|wizard)$/ || !current_user&.staff?
|
||||||
|
|
||||||
|
if params[:v]&.size == 32
|
||||||
hash = ExtraLocalesController.bundle_js_hash(bundle)
|
hash = ExtraLocalesController.bundle_js_hash(bundle)
|
||||||
if hash == params[:v]
|
immutable_for(24.hours) if hash == params[:v]
|
||||||
immutable_for 24.hours
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
render plain: ExtraLocalesController.bundle_js(bundle), content_type: "application/javascript"
|
render plain: ExtraLocalesController.bundle_js(bundle), content_type: "application/javascript"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@ -4,16 +4,10 @@ require 'rails_helper'
|
|||||||
|
|
||||||
describe ExtraLocalesController do
|
describe ExtraLocalesController do
|
||||||
context 'show' do
|
context 'show' do
|
||||||
it "caches for 24 hours if version is provided and it matches current hash" do
|
|
||||||
get "/extra-locales/admin", params: { v: ExtraLocalesController.bundle_js_hash('admin') }
|
|
||||||
expect(response.status).to eq(200)
|
|
||||||
expect(response.headers["Cache-Control"]).to eq("max-age=86400, public, immutable")
|
|
||||||
end
|
|
||||||
|
|
||||||
it "does not cache at all if version is invalid" do
|
it "won't work with a weird parameter" do
|
||||||
get "/extra-locales/admin", params: { v: 'a' * 32 }
|
get "/extra-locales/-invalid..character!!"
|
||||||
expect(response.status).to eq(200)
|
expect(response.status).to eq(404)
|
||||||
expect(response.headers["Cache-Control"]).not_to eq("max-age=86400, public, immutable")
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it "needs a valid bundle" do
|
it "needs a valid bundle" do
|
||||||
@ -21,36 +15,56 @@ describe ExtraLocalesController do
|
|||||||
expect(response.status).to eq(403)
|
expect(response.status).to eq(403)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "won't work with a weird parameter" do
|
it "requires staff access" do
|
||||||
get "/extra-locales/-invalid..character!!"
|
get "/extra-locales/admin"
|
||||||
expect(response.status).to eq(404)
|
expect(response.status).to eq(403)
|
||||||
|
|
||||||
|
get "/extra-locales/wizard"
|
||||||
|
expect(response.status).to eq(403)
|
||||||
end
|
end
|
||||||
|
|
||||||
context "with plugin" do
|
context "logged in as a moderator" do
|
||||||
before do
|
|
||||||
JsLocaleHelper.clear_cache!
|
let(:moderator) { Fabricate(:moderator) }
|
||||||
JsLocaleHelper.expects(:plugin_translations)
|
before { sign_in(moderator) }
|
||||||
.with(any_of("en", "en_US"))
|
|
||||||
.returns("admin_js" => {
|
it "caches for 24 hours if version is provided and it matches current hash" do
|
||||||
"admin" => {
|
get "/extra-locales/admin", params: { v: ExtraLocalesController.bundle_js_hash('admin') }
|
||||||
"site_settings" => {
|
expect(response.status).to eq(200)
|
||||||
"categories" => {
|
expect(response.headers["Cache-Control"]).to eq("max-age=86400, public, immutable")
|
||||||
"github_badges" => "Github Badges"
|
end
|
||||||
|
|
||||||
|
it "does not cache at all if version is invalid" do
|
||||||
|
get "/extra-locales/admin", params: { v: 'a' * 32 }
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(response.headers["Cache-Control"]).not_to eq("max-age=86400, public, immutable")
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with plugin" do
|
||||||
|
before do
|
||||||
|
JsLocaleHelper.clear_cache!
|
||||||
|
JsLocaleHelper.expects(:plugin_translations)
|
||||||
|
.with(any_of("en", "en_US"))
|
||||||
|
.returns("admin_js" => {
|
||||||
|
"admin" => {
|
||||||
|
"site_settings" => {
|
||||||
|
"categories" => {
|
||||||
|
"github_badges" => "Github Badges"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}).at_least_once
|
||||||
}).at_least_once
|
end
|
||||||
end
|
|
||||||
|
|
||||||
after do
|
after do
|
||||||
JsLocaleHelper.clear_cache!
|
JsLocaleHelper.clear_cache!
|
||||||
end
|
end
|
||||||
|
|
||||||
it "includes plugin translations" do
|
it "includes plugin translations" do
|
||||||
get "/extra-locales/admin"
|
get "/extra-locales/admin"
|
||||||
|
expect(response.status).to eq(200)
|
||||||
expect(response.status).to eq(200)
|
expect(response.body.include?("github_badges")).to eq(true)
|
||||||
expect(response.body.include?("github_badges")).to eq(true)
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user