From a70b967919e37311a69f267a49519976244f7c55 Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Tue, 12 Dec 2023 00:20:27 +0100 Subject: [PATCH 1/6] Set constraints for images in uploader --- app/uploaders/base_uploader.rb | 8 +++++--- app/views/settings/profile/edit.html.haml | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/app/uploaders/base_uploader.rb b/app/uploaders/base_uploader.rb index fea89216..5478042c 100644 --- a/app/uploaders/base_uploader.rb +++ b/app/uploaders/base_uploader.rb @@ -11,9 +11,11 @@ class BaseUploader < CarrierWave::Uploader::Base # Process cropping on upload process :cropping - def store_dir - "/uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}" - end + def content_type_whitelist = %w[image/jpeg image/gif image/png] + + def store_dir = "/uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}" + + def size_range = (1.byte)..(2.megabytes) def paperclip_path return "/users/:attachment/:id_partition/:style/:basename.:extension" if APP_CONFIG["fog"].blank? diff --git a/app/views/settings/profile/edit.html.haml b/app/views/settings/profile/edit.html.haml index d2311e51..262ddfaf 100644 --- a/app/views/settings/profile/edit.html.haml +++ b/app/views/settings/profile/edit.html.haml @@ -7,7 +7,7 @@ .flex-shrink-0 = render AvatarComponent.new(user: current_user, size: "lg", classes: ["me-3"]) .flex-grow-1 - = f.file_field :profile_picture, accept: APP_CONFIG[:accepted_image_formats].join(","), data: { cropper_target: "input", action: "cropper#change" } + = f.file_field :profile_picture, accept: current_user.profile_picture.content_type_whitelist.join(','), data: { cropper_target: "input", action: "cropper#change" } .row.d-none{ data: { cropper_target: "controls" } } .col-sm-10.col-md-8 @@ -22,7 +22,7 @@ .col-xs-12.col-md-6 %img.mw-100.me-3{ src: current_user.profile_header.url(:mobile) } .col-xs-12.col-md-6.mt-3.mt-sm-0.ps-3.pe-3 - = f.file_field :profile_header, accept: APP_CONFIG[:accepted_image_formats].join(","), data: { cropper_target: "input", action: "cropper#change" } + = f.file_field :profile_header, accept: current_user.profile_header.content_type_whitelist.join(','), data: { cropper_target: "input", action: "cropper#change" } .row.d-none{ data: { cropper_target: "controls" } } .col-sm-10.col-md-8 From 77a801d6ad746ce4b6b126f70e0cb4b5c2aa25bf Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Tue, 12 Dec 2023 00:20:40 +0100 Subject: [PATCH 2/6] Remove animation for image uploads --- app/uploaders/base_uploader.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/app/uploaders/base_uploader.rb b/app/uploaders/base_uploader.rb index 5478042c..c93fbffa 100644 --- a/app/uploaders/base_uploader.rb +++ b/app/uploaders/base_uploader.rb @@ -8,7 +8,7 @@ class BaseUploader < CarrierWave::Uploader::Base # Store original size version :original - # Process cropping on upload + process :remove_animation process :cropping def content_type_whitelist = %w[image/jpeg image/gif image/png] @@ -33,4 +33,10 @@ class BaseUploader < CarrierWave::Uploader::Base image.crop "#{w}x#{h}+#{x}+#{y}" end end + + def remove_animation + return unless content_type == "image/gif" + + manipulate!(&:collapse!) + end end From 2721e050c67f87c96861968c7d759f786806be51 Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Tue, 12 Dec 2023 00:22:36 +0100 Subject: [PATCH 3/6] Remove accepted_image_formats from justask.yml.example --- config/justask.yml.example | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/config/justask.yml.example b/config/justask.yml.example index 97616e4c..22f309a4 100644 --- a/config/justask.yml.example +++ b/config/justask.yml.example @@ -81,19 +81,6 @@ hcaptcha: # TOTP Drift period in seconds otp_drift_period: 30 -# This list controls the "accept" attribute on file upload fields -# This ensures mobile users get an appropriate file picker (one for only images) -# as well as preventing the upload of videos or formats we don't support -# including making iOS automatically convert HEIC files to JPEG -accepted_image_formats: - - image/jpeg - - .jpg - - .jpeg - - image/png - - .png - - image/gif - - .gif - # This list controls which hosts are excempt from the linkfilter # Note: `hostname` is always included by default allowed_hosts_in_markdown: From 4df74d6ff52edd3d809ee8a8c5eb6629374faa6e Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Sun, 17 Dec 2023 22:58:25 +0100 Subject: [PATCH 4/6] Ensure errors display when updating profile images --- app/controllers/settings/profile_picture_controller.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/settings/profile_picture_controller.rb b/app/controllers/settings/profile_picture_controller.rb index c44e1200..68359fe7 100644 --- a/app/controllers/settings/profile_picture_controller.rb +++ b/app/controllers/settings/profile_picture_controller.rb @@ -12,9 +12,10 @@ class Settings::ProfilePictureController < ApplicationController text += t(".notice.profile_header") if user_attributes[:profile_header] flash[:success] = text else - flash[:error] = t(".error") + # CarrierWave resets the image to the default upon an error + current_user.reload end - redirect_to settings_profile_path + render "settings/profile/edit" end end From 6d9ef9ee6463752482799a6e551333107fb2ad3e Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Sun, 17 Dec 2023 23:04:16 +0100 Subject: [PATCH 5/6] Update test for profile picture controller to render form instead of redirecting --- spec/controllers/settings/profile_picture_controller_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/controllers/settings/profile_picture_controller_spec.rb b/spec/controllers/settings/profile_picture_controller_spec.rb index 727e8f61..bb3f464d 100644 --- a/spec/controllers/settings/profile_picture_controller_spec.rb +++ b/spec/controllers/settings/profile_picture_controller_spec.rb @@ -32,7 +32,8 @@ describe Settings::ProfilePictureController, type: :controller do it "redirects to the edit_user_profile page" do subject - expect(response).to redirect_to(:settings_profile) + expect(response).to have_http_status(:ok) + expect(response).to have_rendered(:edit) end end end From 401498eccbaae83929b7e5c77415e41a76aef475 Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Sun, 17 Dec 2023 23:09:35 +0100 Subject: [PATCH 6/6] Bump upload max filesize --- app/uploaders/base_uploader.rb | 2 +- app/uploaders/profile_header_uploader.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/uploaders/base_uploader.rb b/app/uploaders/base_uploader.rb index c93fbffa..ddf5152c 100644 --- a/app/uploaders/base_uploader.rb +++ b/app/uploaders/base_uploader.rb @@ -15,7 +15,7 @@ class BaseUploader < CarrierWave::Uploader::Base def store_dir = "/uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}" - def size_range = (1.byte)..(2.megabytes) + def size_range = (1.byte)..(5.megabytes) def paperclip_path return "/users/:attachment/:id_partition/:style/:basename.:extension" if APP_CONFIG["fog"].blank? diff --git a/app/uploaders/profile_header_uploader.rb b/app/uploaders/profile_header_uploader.rb index 23a47588..649ab10e 100644 --- a/app/uploaders/profile_header_uploader.rb +++ b/app/uploaders/profile_header_uploader.rb @@ -1,7 +1,7 @@ class ProfileHeaderUploader < BaseUploader - def default_url(*args) - "/images/header/#{[version_name || args.first, 'no_header.jpg'].compact.join('/')}" - end + def default_url(*args) = "/images/header/#{[version_name || args.first, 'no_header.jpg'].compact.join('/')}" + + def size_range = (1.byte)..(10.megabytes) version :web do process resize_to_fit: [1500, 350]