aboutsummaryrefslogtreecommitdiffstats
path: root/activestorage
diff options
context:
space:
mode:
authorGeorge Claghorn <george@basecamp.com>2018-07-15 20:12:53 -0400
committerGeorge Claghorn <george@basecamp.com>2018-07-15 20:12:53 -0400
commit94f2558f6a5bd315334d1b57a9aeeef48abfea20 (patch)
treee5daf377d227b0472a6060dacd5610105e9c2331 /activestorage
parent390097531bd17369f05a23eba58c37b850ac95dd (diff)
downloadrails-94f2558f6a5bd315334d1b57a9aeeef48abfea20.tar.gz
rails-94f2558f6a5bd315334d1b57a9aeeef48abfea20.tar.bz2
rails-94f2558f6a5bd315334d1b57a9aeeef48abfea20.zip
Restore inadvertently-removed fallback
Diffstat (limited to 'activestorage')
-rw-r--r--activestorage/app/controllers/active_storage/disk_controller.rb3
-rw-r--r--activestorage/test/controllers/disk_controller_test.rb6
2 files changed, 8 insertions, 1 deletions
diff --git a/activestorage/app/controllers/active_storage/disk_controller.rb b/activestorage/app/controllers/active_storage/disk_controller.rb
index 436cd0ccd8..75cc11d6ff 100644
--- a/activestorage/app/controllers/active_storage/disk_controller.rb
+++ b/activestorage/app/controllers/active_storage/disk_controller.rb
@@ -19,10 +19,11 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
if token = decode_verified_token
if acceptable_content?(token)
disk_service.upload token[:key], request.body, checksum: token[:checksum]
- head :no_content
else
head :unprocessable_entity
end
+ else
+ head :not_found
end
rescue ActiveStorage::IntegrityError
head :unprocessable_entity
diff --git a/activestorage/test/controllers/disk_controller_test.rb b/activestorage/test/controllers/disk_controller_test.rb
index 32b930730d..c053052f6f 100644
--- a/activestorage/test/controllers/disk_controller_test.rb
+++ b/activestorage/test/controllers/disk_controller_test.rb
@@ -67,4 +67,10 @@ class ActiveStorage::DiskControllerTest < ActionDispatch::IntegrationTest
assert_response :unprocessable_entity
assert_not blob.service.exist?(blob.key)
end
+
+ test "directly uploading blob with invalid token" do
+ put update_rails_disk_service_url(encoded_token: "invalid"),
+ params: "Something else entirely!", headers: { "Content-Type" => "text/plain" }
+ assert_response :not_found
+ end
end