There is a bug in the plaintext gem in its `Plaintext::Resolve#text`: it
executes external commands to extract text from files. This can return
`nil` when it has no output, and it's then converted to a string using
`to_s`.
`nil.to_s` returns a frozen empty string since ruby 2.7. When it then
calls `text.gsub!(/\s+/m, ' ')` later in the `#text` method, the
`FrozenError` occurs.
The fix is to patch the `Plaintext::Resolver#text` method to create a
mutable copy of the text if it's frozen.
https://community.openproject.org/wp/67664
When storing attachments on S3, the file is not fully uploaded until the
direct upload finishes (hook called from client browser when file is
finished uploading).
The `FinishDirectUploadService#schedule_jobs` now calls
`attachment.enqueue_jobs` to ensure the same jobs are run on attachment
creation (useful when s3 storage is not used) and on attachment upload
completion. This means virus scanning job is now triggered correctly.
https://community.openproject.org/wp/67642
Attachments::ExtractFulltextJob is run twice:
- one time on creation
- one time when the direct upload is completed
When it runs on creation, and the attachments are stored on S3, the
attachment is in 'prepared' status and is not complete yet.
Due to a bug in carrierwave which is fixed since June 2023 (see
https://github.com/carrierwaveuploader/carrierwave/issues/2524), the
`#local_file` method raises the error "NoMethodError: undefined method
'body' for nil:NilClass". There is a separate issue for upgrading this
dependency one day: https://community.openproject.org/wp/67626.
The fix is to call `#local_file` only if the attachment is readable.
Additionnally:
- error handling has been updated to raise the error instead of
swallowing it silently, so well have proper reporting in AppSignal
next time.
- when a custom S3 endpoint is used (for local testing with minio for
instance), this custom endpoint is added to the CSP.
Co-authored-by: Jan Sandbrink <j.sandbrink@openproject.com>
* Fix argument alignment since f08bea3467
The FactoryBot.* prefix has been removed in f08bea3467. Since then
rubocop complains about Layout/ArgumentAlignment. This commit fixes it.
* do not fix alignments for modules/*/spec yet
hoping to be under the limit of 65535 characters for reviewdog to report on rubocop errors
* Add setting for whitelist
* Make attachments API BaseServices compatible
* Add prepare service and contract
* Correctly pass the filename to the UploadedFile
* Add presence check to filename
* Fix expected validation message
* We no longer raise a multipart error when metadata is empty
* Fix filesize validation on prepared uploads
* Add parser error if invalid metadata json
* When attachment is not saved, use filename property
* Return correct error message on JSON parser erroro
* Fix specs
* Use attachment upload representer
* Fix direct uploads mocks with new service layer
* Lint
* Fix export job using attachment service
* Fix IFC controller using attachment prepare service
* Fix export job
* RenameRename params_getter to params_source
* Fix mail handler using attachment service
* Fix usage of attachment create service in documents
* Reuse shared examples for document attachment spec
* Fix stubbed attachment service in export job spec
* Use admin user in backup spec
* Fix export job for bim
* Fix attachment integration spec
* Fix issues_controller spec
* Make budget resource spec reuse common examples
* Fix attachment parsing representer spec
* Replace prepare part of attachment spec into separate service spec
* Clear cache for login spec
* Convert document create/update into services
* Budget services
* Allow options to be passed to property twin
* Remove setting author on budget initialize
* Replace meetings update with services
* Replace ifc models attachment handling with services
* Don't check uploader if changed by system
* Fix uploader being changed by system
* Replace wiki page attach_files with attachable services
* Replace avatar saving
* Replace snapshot attach_files
* Skip double validation when container present
* Set snapshot through attachment service
* Remove attach_files
* Validate content type in contract
* Enforce writing the content type without accepting user input
* Expect changed content_type
* Fix content of viewpoint image to get correct content type
* Fix tsv spec
* Add create contract spec
* Bypass whitelist in internal services when conflicting with user
* Fix expects in specs after whitelist bypass
* Render contract errors for wiki
* Add before_hook to bodied to allow to pre-authorize permissions
* Budget errors from contract
* Document errors from contract
If the lock version is increased, it might happen while the user is still editing the description. The user might have added an image to the description and continues typing. In the backend, the FinishDirectUploadJob is run before the user presses the checkmark to send the updated description. In that case, a 409 conflict would be signaled if the lock version were to be updated in the meantime.
* linting
* use Carrierwave's replacement for filename
This avoids having the name altered by Carrierwave later on in the Attachments::FinishDirectUploadJob job where the file is fetched and then the attachment is stored.
* separate cases for no attachment and no local file
* correct journalizing on direct upload
In case the container of an attachment is journalized, the container needs to have added a journal to it when an attachment is uploaded. Without that, the attachment is only picked up in the journals once the container is altered again (possibly by a different user). This will then lead to a history which does not reflect the actual upload.
Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded.
Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
Christophe Bliard