From f7cd5fd79ab94c391e1a285973855b6c7b4452a1 Mon Sep 17 00:00:00 2001
From: Pawel Chojnacki <pawel@chojnacki.ws>
Date: Wed, 22 Feb 2017 19:30:53 +0100
Subject: Ensure mutable uploads are not cached without revalidation

---
 spec/controllers/uploads_controller_spec.rb | 82 +++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)

(limited to 'spec/controllers')

diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index c9584ddf18c..f67d26da0ac 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -1,4 +1,9 @@
 require 'spec_helper'
+shared_examples 'content not cached without revalidation' do
+  it 'ensures content will not be cached without revalidation' do
+    expect(subject['Cache-Control']).to eq('max-age=0, private, must-revalidate')
+  end
+end
 
 describe UploadsController do
   let!(:user) { create(:user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
@@ -50,6 +55,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'user', mounted_as: 'avatar', id: user.id, filename: 'image.png'
+              response
+            end
+          end
         end
       end
 
@@ -59,6 +71,13 @@ describe UploadsController do
 
           expect(response).to have_http_status(200)
         end
+
+        it_behaves_like 'content not cached without revalidation' do
+          subject do
+            get :show, model: 'user', mounted_as: 'avatar', id: user.id, filename: 'image.png'
+            response
+          end
+        end
       end
     end
 
@@ -76,6 +95,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'project', mounted_as: 'avatar', id: project.id, filename: 'image.png'
+              response
+            end
+          end
         end
 
         context "when signed in" do
@@ -88,6 +114,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'project', mounted_as: 'avatar', id: project.id, filename: 'image.png'
+              response
+            end
+          end
         end
       end
 
@@ -133,6 +166,13 @@ describe UploadsController do
 
                 expect(response).to have_http_status(200)
               end
+
+              it_behaves_like 'content not cached without revalidation' do
+                subject do
+                  get :show, model: 'project', mounted_as: 'avatar', id: project.id, filename: 'image.png'
+                  response
+                end
+              end
             end
           end
 
@@ -157,6 +197,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'group', mounted_as: 'avatar', id: group.id, filename: 'image.png'
+              response
+            end
+          end
         end
 
         context "when signed in" do
@@ -169,6 +216,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'group', mounted_as: 'avatar', id: group.id, filename: 'image.png'
+              response
+            end
+          end
         end
       end
 
@@ -205,6 +259,13 @@ describe UploadsController do
 
                 expect(response).to have_http_status(200)
               end
+
+              it_behaves_like 'content not cached without revalidation' do
+                subject do
+                  get :show, model: 'group', mounted_as: 'avatar', id: group.id, filename: 'image.png'
+                  response
+                end
+              end
             end
           end
 
@@ -234,6 +295,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'note', mounted_as: 'attachment', id: note.id, filename: 'image.png'
+              response
+            end
+          end
         end
 
         context "when signed in" do
@@ -246,6 +314,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'note', mounted_as: 'attachment', id: note.id, filename: 'image.png'
+              response
+            end
+          end
         end
       end
 
@@ -291,6 +366,13 @@ describe UploadsController do
 
                 expect(response).to have_http_status(200)
               end
+
+              it_behaves_like 'content not cached without revalidation' do
+                subject do
+                  get :show, model: 'note', mounted_as: 'attachment', id: note.id, filename: 'image.png'
+                  response
+                end
+              end
             end
           end
 
-- 
cgit v1.2.1