add verifiers to files in cross-shard api_user_content

test plan: - have a course containing a page that embeds a course file as an image in the page - do an API request, via an account domain in another shard, to retrieve the page content (e.g., http://shard2.canvas.dev/api/v1/courses/1~1/pages/the-page) and be sure to use token authentication (e.g., Authorization: Bearer {{token}}) - ensure the URLs embedded in the API result: 1. point at /courses/1~1/files/1~X 2. include a valid verifier fixes ADMIN-1303 Change-Id: I4c813eae5f18be5f1042e44762e1953fc658a1bf Reviewed-on: https://gerrit.instructure.com/164761 Tested-by: Jenkins Reviewed-by: Dan Minkevitch <[email protected]> Product-Review: Dan Minkevitch <[email protected]> QA-Review: Dan Minkevitch <[email protected]>
ibnIrshad · Sep 19, 2018 · a9d6a18 · a9d6a18
1 parent 8c30236
commit a9d6a18
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 19 deletions.
diff --git a/lib/api.rb b/lib/api.rb
@@ -512,18 +512,20 @@ def api_user_content(html, context = @context, user = @current_user, preloaded_a
       protocol = HostUrl.protocol
     end
 
-    rewriter = UserContent::HtmlRewriter.new(context, user)
-    rewriter.set_handler('files') do |match|
-      UserContent::FilesHandler.new(
-        match: match,
-        context: context,
-        user: user,
-        preloaded_attachments: preloaded_attachments,
-        is_public: is_public,
-        in_app: (respond_to?(:in_app?, true) && in_app?)
-      ).processed_url
+    html = context.shard.activate do
+      rewriter = UserContent::HtmlRewriter.new(context, user)
+      rewriter.set_handler('files') do |match|
+        UserContent::FilesHandler.new(
+          match: match,
+          context: context,
+          user: user,
+          preloaded_attachments: preloaded_attachments,
+          is_public: is_public,
+          in_app: (respond_to?(:in_app?, true) && in_app?)
+        ).processed_url
+      end
+      rewriter.translate_content(html)
     end
-    html = rewriter.translate_content(html)
 
     url_helper = Html::UrlProxy.new(self,
                                     context,

diff --git a/spec/lib/api_spec.rb b/spec/lib/api_spec.rb
@@ -755,14 +755,15 @@ def course_assignment_url(course, assignment)
       specs_require_sharding
 
       it 'transposes ids in urls' do
-        @shard1.activate do
+        html = @shard1.activate do
           a = Account.create!
-          student_in_course(account: a)
+          student_in_course(account: a, active_all: true)
+          @file = attachment_model(context: @course, folder: Folder.root_folders(@course).first)
+          <<-HTML
+<img src="/courses/#{@course.id}/files/#{@file.id}/download?wrap=1" data-api-returntype="File" data-api-endpoint="https://canvas.vanity.edu/api/v1/courses/#{@course.id}/files/#{@file.id}">
+<a href="/courses/#{@course.id}/pages/module-1" data-api-returntype="Page" data-api-endpoint="https://canvas.vanity.edu/api/v1/courses/#{@course.id}/pages/module-1">link</a>
+          HTML
         end
-        html = <<-HTML
-<img src="/courses/34/files/2082/download?wrap=1" data-api-returntype="File" data-api-endpoint="https://canvas.vanity.edu/api/v1/courses/34/files/2082">
-<a href="/courses/34/pages/module-1" data-api-returntype="Page" data-api-endpoint="https://canvas.vanity.edu/api/v1/courses/34/pages/module-1">link</a>
-        HTML
 
         @k = klass.new
         @k.instance_variable_set(:@domain_root_account, Account.default)
@@ -774,8 +775,8 @@ def course_assignment_url(course, assignment)
 
         res = @k.api_user_content(html, @course, @student)
         expect(res).to eq <<-HTML
-<img src="https://school.instructure.com/courses/#{@shard1.id}~34/files/#{@shard1.id}~2082/download?wrap=1" data-api-returntype="File" data-api-endpoint="https://school.instructure.com/api/v1/courses/#{@shard1.id}~34/files/#{@shard1.id}~2082">
-<a href="https://school.instructure.com/courses/#{@shard1.id}~34/pages/module-1" data-api-returntype="Page" data-api-endpoint="https://school.instructure.com/api/v1/courses/#{@shard1.id}~34/pages/module-1">link</a>
+<img src="https://school.instructure.com/courses/#{@shard1.id}~#{@course.local_id}/files/#{@shard1.id}~#{@file.local_id}/download?verifier=#{@file.uuid}&amp;wrap=1" data-api-returntype="File" data-api-endpoint="https://school.instructure.com/api/v1/courses/#{@shard1.id}~#{@course.local_id}/files/#{@shard1.id}~#{@file.local_id}">
+<a href="https://school.instructure.com/courses/#{@shard1.id}~#{@course.local_id}/pages/module-1" data-api-returntype="Page" data-api-endpoint="https://school.instructure.com/api/v1/courses/#{@shard1.id}~#{@course.local_id}/pages/module-1">link</a>
         HTML
       end
     end