FEATURE: Secure uploads in PMs only (#23398)

This adds a new secure_uploads_pm_only site setting. When secure_uploads is true with this setting, only uploads created in PMs will be marked secure; no uploads in secure categories will be marked as secure, and the login_required site setting has no bearing on upload security either. This is meant to be a stopgap solution to prevent secure uploads in a single place (private messages) for sensitive admin data exports. Ideally we would want a more comprehensive way of saying that certain upload types get secured which is a hybrid/mixed mode secure uploads, but for now this will do the trick.
2025-05-21 18:12:32 +08:00 · 2023-09-06 09:39:09 +10:00
parent de9b567c19
commit c532f6eb3d
14 changed files with 283 additions and 43 deletions
--- a/spec/tasks/uploads_spec.rb
+++ b/spec/tasks/uploads_spec.rb
@ -54,22 +54,47 @@ RSpec.describe "tasks/uploads" do
          expect(upload3.reload.access_control_post).to eq(post3)
        end

-        it "sets everything attached to a post as secure and rebakes all those posts if login is required" do
-          SiteSetting.login_required = true
-          freeze_time
+        context "when login_required" do
+          before { SiteSetting.login_required = true }

-          post1.update_columns(baked_at: 1.week.ago)
-          post2.update_columns(baked_at: 1.week.ago)
-          post3.update_columns(baked_at: 1.week.ago)
+          it "sets everything attached to a post as secure and rebakes all those posts" do
+            freeze_time

-          invoke_task
+            post1.update_columns(baked_at: 1.week.ago)
+            post2.update_columns(baked_at: 1.week.ago)
+            post3.update_columns(baked_at: 1.week.ago)

-          expect(post1.reload.baked_at).not_to eq_time(1.week.ago)
-          expect(post2.reload.baked_at).not_to eq_time(1.week.ago)
-          expect(post3.reload.baked_at).not_to eq_time(1.week.ago)
-          expect(upload2.reload.secure).to eq(true)
-          expect(upload1.reload.secure).to eq(true)
-          expect(upload3.reload.secure).to eq(true)
+            invoke_task
+
+            expect(post1.reload.baked_at).not_to eq_time(1.week.ago)
+            expect(post2.reload.baked_at).not_to eq_time(1.week.ago)
+            expect(post3.reload.baked_at).not_to eq_time(1.week.ago)
+            expect(upload2.reload.secure).to eq(true)
+            expect(upload1.reload.secure).to eq(true)
+            expect(upload3.reload.secure).to eq(true)
+          end
+
+          context "when secure_uploads_pm_only" do
+            before { SiteSetting.secure_uploads_pm_only = true }
+
+            it "only sets everything attached to a private message post as secure and rebakes all those posts" do
+              freeze_time
+
+              post1.update_columns(baked_at: 1.week.ago)
+              post2.update_columns(baked_at: 1.week.ago)
+              post3.update_columns(baked_at: 1.week.ago)
+              post3.topic.update(archetype: "private_message", category: nil)
+
+              invoke_task
+
+              expect(post1.reload.baked_at).to eq_time(1.week.ago)
+              expect(post2.reload.baked_at).to eq_time(1.week.ago)
+              expect(post3.reload.baked_at).not_to eq_time(1.week.ago)
+              expect(upload1.reload.secure).to eq(false)
+              expect(upload2.reload.secure).to eq(true)
+              expect(upload3.reload.secure).to eq(true)
+            end
+          end
        end

        it "sets the uploads that are media and attachments in the read restricted topic category to secure" do