diff --git a/app/controllers/concerns/obfuscate_filename.rb b/app/controllers/concerns/obfuscate_filename.rb index 9c896fb0988..22736ec3abf 100644 --- a/app/controllers/concerns/obfuscate_filename.rb +++ b/app/controllers/concerns/obfuscate_filename.rb @@ -4,19 +4,13 @@ module ObfuscateFilename extend ActiveSupport::Concern class_methods do - def obfuscate_filename(*args) - before_action { obfuscate_filename(*args) } + def obfuscate_filename(path) + before_action do + file = params.dig(*path) + next if file.nil? + + file.original_filename = SecureRandom.hex(8) + File.extname(file.original_filename) + end end end - - def obfuscate_filename(path) - file = params.dig(*path) - return if file.nil? - - file.original_filename = secure_token + File.extname(file.original_filename) - end - - def secure_token(length = 16) - SecureRandom.hex(length / 2) - end end diff --git a/spec/controllers/concerns/obfuscate_filename_spec.rb b/spec/controllers/concerns/obfuscate_filename_spec.rb new file mode 100644 index 00000000000..e06d53c0385 --- /dev/null +++ b/spec/controllers/concerns/obfuscate_filename_spec.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe ApplicationController, type: :controller do + controller do + include ObfuscateFilename + + obfuscate_filename :file + + def file + render plain: params[:file]&.original_filename + end + end + + before do + routes.draw { get 'file' => 'anonymous#file' } + end + + it 'obfusticates filename if the given parameter is specified' do + file = fixture_file_upload('files/imports.txt', 'text/plain') + post 'file', params: { file: file } + expect(response.body).to end_with '.txt' + expect(response.body).not_to include 'imports' + end + + it 'does nothing if the given parameter is not specified' do + post 'file' + end +end