Adds secure :hash interpolation and fixes time zone brittleness in :timestamp interpolation

13c86cf1 · John Mileham · fc792c89 · 13c86cf1 · 13c86cf1 · 13c86cf1
Commit 13c86cf1 authored Feb 10, 2011 by John Mileham
7 changed files
--- a/gemfiles/rails3.gemfile
+++ b/gemfiles/rails3.gemfile
@@ -2,7 +2,7 @@
 source "http://rubygems.org"
 gem "ruby-debug"
-gem "rails", ">=3.0.3"
+gem "rails", "~>3.0.0"
 gem "rake"
 gem "sqlite3-ruby", "~>1.3.0"
 gem "shoulda"

--- a/gemfiles/rails3.gemfile.lock
+++ b/gemfiles/rails3.gemfile.lock
@@ -90,7 +90,7 @@ DEPENDENCIES
  appraisal
  aws-s3
  mocha
-  rails (>= 3.0.3)
+  rails (~> 3.0.0)
  rake
  ruby-debug
  shoulda

--- a/lib/paperclip/attachment.rb
+++ b/lib/paperclip/attachment.rb
@@ -17,7 +17,10 @@ module Paperclip
        :default_style         => :original,
        :storage               => :filesystem,
        :use_timestamp         => true,
-        :whiny             => Paperclip.options[:whiny] || Paperclip.options[:whiny_thumbnails]
+        :whiny                 => Paperclip.options[:whiny] || Paperclip.options[:whiny_thumbnails],
+        :use_default_time_zone => true,
+        :hash_digest           => "SHA1",
+        :hash_data             => ":class/:attachment/:id/:style/:updated_at"
      }
    end
@@ -43,6 +46,10 @@ module Paperclip
      @storage               = options[:storage]
      @use_timestamp         = options[:use_timestamp]
      @whiny                 = options[:whiny_thumbnails] || options[:whiny]
+      @use_default_time_zone = options[:use_default_time_zone]
+      @hash_digest           = options[:hash_digest]
+      @hash_data             = options[:hash_data]
+      @hash_secret           = options[:hash_secret]
      @convert_options       = options[:convert_options]
      @processors            = options[:processors]
      @options               = options
@@ -197,6 +204,21 @@ module Paperclip
      time && time.to_f.to_i
    end
+    # The time zone to use for timestamp interpolation.  Using the default
+    # time zone ensures that results are consistent across all threads.
+    def time_zone
+      @use_default_time_zone ? Time.zone_default : Time.zone
+    end
+    # Returns a unique hash suitable for obfuscating the URL of an otherwise
+    # publicly viewable attachment.
+    def hash
+      raise ArgumentError, "Unable to generate hash without :hash_secret" unless @hash_secret
+      require 'openssl' unless defined?(OpenSSL)
+      data = interpolate(@hash_data)
+      OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get(@hash_digest).new, @hash_secret, data)
+    end
    def generate_fingerprint(source)
      data = source.read
      source.rewind if source.respond_to?(:rewind)

--- a/lib/paperclip/interpolations.rb
+++ b/lib/paperclip/interpolations.rb
@@ -48,8 +48,18 @@ module Paperclip
    end
    # Returns the timestamp as defined by the <attachment>_updated_at field
+    # in the server default time zone unless :use_global_time_zone is set
+    # to false.  Note that a Rails.config.time_zone change will still 
+    # invalidate any path or URL that uses :timestamp.  For a
+    # time_zone-agnostic timestamp, use #updated_at.
    def timestamp attachment, style_name
-      attachment.instance_read(:updated_at).to_s
+      attachment.instance_read(:updated_at).in_time_zone(attachment.time_zone).to_s
+    end
+    # Returns an integer timestamp that is time zone-neutral, so that paths
+    # remain valid even if a server's time zone changes.
+    def updated_at attachment, style_name
+      attachment.updated_at
    end
    # Returns the Rails.root constant.
@@ -94,6 +104,12 @@ module Paperclip
      attachment.fingerprint
    end
+    # Returns a the attachment hash.  See Paperclip::Attachment#hash for
+    # more details.
+    def hash attachment, style_name
+      attachment.hash
+    end
    # Returns the id of the instance in a split path form. e.g. returns
    # 000/001/234 for an id of 1234.
    def id_partition attachment, style_name

--- a/test/attachment_test.rb
+++ b/test/attachment_test.rb
@@ -97,6 +97,78 @@ class AttachmentTest < Test::Unit::TestCase
    end
  end
+  context "An attachment with :timestamp interpolations" do
+    setup do
+      @file = StringIO.new("...")
+      @zone = 'UTC'
+      Time.stubs(:zone).returns(@zone)
+      @zone_default = 'Eastern Time (US & Canada)'
+      Time.stubs(:zone_default).returns(@zone_default)
+    end
+    context "using default time zone" do
+      setup do
+        rebuild_model :path => ":timestamp", :use_default_time_zone => true
+        @dummy = Dummy.new
+        @dummy.avatar = @file
+      end
+      should "return a time in the default zone" do
+        assert_equal @dummy.avatar_updated_at.in_time_zone(@zone_default).to_s, @dummy.avatar.path
+      end
+    end
+    context "using per-thread time zone" do
+      setup do
+        rebuild_model :path => ":timestamp", :use_default_time_zone => false
+        @dummy = Dummy.new
+        @dummy.avatar = @file
+      end
+      should "return a time in the per-thread zone" do
+        assert_equal @dummy.avatar_updated_at.in_time_zone(@zone).to_s, @dummy.avatar.path
+      end
+    end
+  end
+  context "An attachment with :hash interpolations" do
+    setup do
+      @file = StringIO.new("...")
+    end
+    should "raise if no secret is provided" do
+      @attachment = attachment :path => ":hash"
+      @attachment.assign @file
+      assert_raise ArgumentError do
+        @attachment.path
+      end
+    end
+    context "when secret is set" do
+      setup do
+        @attachment = attachment :path => ":hash", :hash_secret => "w00t"
+        @attachment.stubs(:instance_read).with(:updated_at).returns(Time.at(1234567890))
+        @attachment.stubs(:instance_read).with(:file_name).returns("bla.txt")
+        @attachment.instance.id = 1234
+        @attachment.assign @file
+      end
+      should "interpolate the hash data" do
+        @attachment.expects(:interpolate).with(@attachment.options[:hash_data]).returns("interpolated_stuff")
+        @attachment.hash
+      end
+      should "result in the correct interpolation" do
+        assert_equal "fake_models/avatars/1234/original/1234567890", @attachment.send(:interpolate,@attachment.options[:hash_data])
+      end
+      should "result in a correct hash" do
+        assert_equal "d22b617d1bf10016aa7d046d16427ae203f39fce", @attachment.path
+      end
+    end
+  end
  context "An attachment with a :rails_env interpolation" do
    setup do
      @rails_env = "blah"

--- a/test/helper.rb
+++ b/test/helper.rb
@@ -90,7 +90,7 @@ end
 class FakeModel
  attr_accessor :avatar_file_name,
                :avatar_file_size,
-                :avatar_last_updated,
+                :avatar_updated_at,
                :avatar_content_type,
                :avatar_fingerprint,
                :id

--- a/test/interpolations_test.rb
+++ b/test/interpolations_test.rb
@@ -112,9 +112,25 @@ class InterpolationsTest < Test::Unit::TestCase
  should "return the timestamp" do
    now = Time.now
+    zone = 'UTC'
    attachment = mock
    attachment.expects(:instance_read).with(:updated_at).returns(now)
-    assert_equal now.to_s, Paperclip::Interpolations.timestamp(attachment, :style)
+    attachment.expects(:time_zone).returns(zone)
+    assert_equal now.in_time_zone(zone).to_s, Paperclip::Interpolations.timestamp(attachment, :style)
+  end
+  should "return updated_at" do
+    attachment = mock
+    seconds_since_epoch = 1234567890
+    attachment.expects(:updated_at).returns(seconds_since_epoch)
+    assert_equal seconds_since_epoch, Paperclip::Interpolations.updated_at(attachment, :style)
+  end
+  should "return hash" do
+    attachment = mock
+    fake_hash = "a_wicked_secure_hash"
+    attachment.expects(:hash).returns(fake_hash)
+    assert_equal fake_hash, Paperclip::Interpolations.hash(attachment, :style)
  end
  should "call all expected interpolations with the given arguments" do