spec/initializers/rack_multipart_patch_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Rack::Multipart do # rubocop:disable RSpec/FilePath
  def multipart_fixture(name, length, boundary = "AaB03x")
    data = <<EOF
--#{boundary}\r
content-disposition: form-data; name="reply"\r
\r
yes\r
--#{boundary}\r
content-disposition: form-data; name="fileupload"; filename="dj.jpg"\r
Content-Type: image/jpeg\r
Content-Transfer-Encoding: base64\r
\r
/9j/4AAQSkZJRgABAQAAAQABAAD//gA+Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg\r
--#{boundary}--\r
EOF

    type = %(multipart/form-data; boundary=#{boundary})

    length ||= data.bytesize

    {
      "CONTENT_TYPE" => type,
      "CONTENT_LENGTH" => length.to_s,
      input: StringIO.new(data)
    }
  end

  context 'with Content-Length under the limit' do
    it 'extracts multipart message' do
      env = Rack::MockRequest.env_for("/", multipart_fixture(:text, nil))

      expect(described_class).to receive(:log_large_multipart?).and_call_original
      expect(described_class).not_to receive(:log_multipart_warning)
      params = described_class.parse_multipart(env)

      expect(params.keys).to include(*%w(reply fileupload))
    end
  end

  context 'with Content-Length over the limit' do
    shared_examples 'logs multipart message' do
      it 'extracts multipart message' do
        env = Rack::MockRequest.env_for("/", multipart_fixture(:text, length))

        expect(described_class).to receive(:log_large_multipart?).and_return(true)
        expect(described_class).to receive(:log_multipart_warning).and_call_original
        expect(described_class).to receive(:log_warn).with({
                                                             message: 'Large multipart body detected',
                                                             path: '/',
                                                             content_length: anything,
                                                             correlation_id: anything
                                                           })
        params = described_class.parse_multipart(env)

        expect(params.keys).to include(*%w(reply fileupload))
      end
    end

    context 'from environment' do
      let(:length) { 1001 }

      before do
        stub_env('RACK_MULTIPART_LOGGING_BYTES', 1000)
      end

      it_behaves_like 'logs multipart message'
    end

    context 'default limit' do
      let(:length) { 100_000_001 }

      it_behaves_like 'logs multipart message'
    end
  end
end