From 84b88c0ec34af238e362bdea1ed2042691c7d772 Mon Sep 17 00:00:00 2001
From: taitus <sebastia.roig@gmail.com>
Date: Wed, 12 Jul 2023 09:38:40 +0200
Subject: [PATCH] Allow testing remove metadata from PDF

In order to test that we remove metadata from PDF we need add
"pdf-reader" gem.

With this gem we can check the info from the PDF and ensure that
this info is removed.
---
 Gemfile                                    |   1 +
 Gemfile.lock                               |  12 +++++++++
 spec/fixtures/files/logo_with_metadata.pdf | Bin 0 -> 6453 bytes
 spec/system/documents_spec.rb              |  27 +++++++++++++++++++++
 4 files changed, 40 insertions(+)
 create mode 100644 spec/fixtures/files/logo_with_metadata.pdf
 create mode 100644 spec/system/documents_spec.rb

diff --git a/Gemfile b/Gemfile
index 02fc71637..cfd4d3942 100644
--- a/Gemfile
+++ b/Gemfile
@@ -86,6 +86,7 @@ group :test do
   gem "capybara", "~> 3.39.2"
   gem "capybara-webmock", "~> 0.7.0"
   gem "email_spec", "~> 2.2.2"
+  gem "pdf-reader"
   gem "rspec-rails", "~> 5.1.2"
   gem "selenium-webdriver", "~> 4.13.1"
   gem "simplecov", "~> 0.22.0", require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index f8d8a642e..337d7f88e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -6,6 +6,7 @@ GEM
 GEM
   remote: https://rubygems.org/
   specs:
+    Ascii85 (1.1.0)
     actioncable (6.1.7.6)
       actionpack (= 6.1.7.6)
       activesupport (= 6.1.7.6)
@@ -70,6 +71,7 @@ GEM
     acts_as_votable (0.14.0)
     addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
+    afm (0.2.2)
     ahoy_matey (4.2.1)
       activesupport (>= 5.2)
       device_detector
@@ -259,6 +261,7 @@ GEM
     gyoku (1.4.0)
       builder (>= 2.1.2)
       rexml (~> 3.0)
+    hashery (2.1.2)
     hashie (5.0.0)
     highline (2.0.3)
     htmlentities (4.3.4)
@@ -412,6 +415,12 @@ GEM
     parser (3.2.2.3)
       ast (~> 2.4.1)
       racc
+    pdf-reader (2.11.0)
+      Ascii85 (~> 1.0)
+      afm (~> 0.2.1)
+      hashery (~> 2.0)
+      ruby-rc4
+      ttfunk
     pg (1.4.3)
     pg_search (2.3.6)
       activerecord (>= 5.2)
@@ -549,6 +558,7 @@ GEM
       rubocop-capybara (~> 2.17)
       rubocop-factory_bot (~> 2.22)
     ruby-progressbar (1.13.0)
+    ruby-rc4 (0.1.5)
     ruby-vips (2.1.4)
       ffi (~> 1.12)
     ruby2_keywords (0.0.5)
@@ -630,6 +640,7 @@ GEM
     tilt (2.0.10)
     timeout (0.4.1)
     tomlrb (2.0.3)
+    ttfunk (1.7.0)
     turbolinks (5.2.1)
       turbolinks-source (~> 5.2)
     turbolinks-source (5.2.0)
@@ -739,6 +750,7 @@ DEPENDENCIES
   omniauth-rails_csrf_protection (~> 1.0.1)
   omniauth-twitter (~> 1.4.0)
   paranoia (~> 2.6.2)
+  pdf-reader
   pg (~> 1.4.3)
   pg_search (~> 2.3.6)
   pronto (~> 0.11.1)
diff --git a/spec/fixtures/files/logo_with_metadata.pdf b/spec/fixtures/files/logo_with_metadata.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..ec1a1c48929489a0b9336994e7dd6ebaef2ee321
GIT binary patch
literal 6453
zcmb7J2UJr_w>~Mf&=Pu;&_$4hE=uoJx>AJzp?4x+0SVFt=^dnZ!2$}>Q4mlBk!}GZ
zT|ht)l_D?kUcLVB-SysjbIv+zGP7sq`}W@1YoC1tjWx7RN{GwA1S{vaw_%b<G}716
z1E!z=Lz!Rl!y-}Y7#zmS*A<2`#<*ewk<vr~QyA(THXzX5*9VD`;Fr{tfhj4$us+VD
zg{S`5K+D|=hYdiYw7f7ltOnM}*BJ{#8DM=}ac)RCInts)TmTm1O$!SFiJDWIA2&w>
zYG(RoWYmoOQ6=V4eo+c!hv8!-3u6(fuX?zmN(_oPsFV31aICXOy=#qw7p5vXzqV*I
z$FpiK^$xtBnGzrX45PFpEPw6%3zY==4_JTkvNUq^z&hbzD6@->xSvdQy@?EAsPpd5
zM0}^vFq96~-PH~Ev#aYvWa8&bB7(#PTqKIA`+E5XnE7Fxut*7szm!4}^1&fd#@GNS
ztRL<o#tVj0bH@b|f2;d?`}z8iW>3LTzx1M^ZvNl2A}J$-{!=eUQ%7?ETu)0^3jl#Y
zfDZ8jj@|(300ays-NXhZ-ei<yWKbv>jDmukk_JXYLk***rln(m)6ya6sHx#Ba0DY0
zGcz*{Ju4dv6B`2)GZSeO5QMk}N=8LSM#V%+P0RHEZby#+1SMb$7(+k^0E_@Z5TK(T
zfP(~;)PUcOf}D&J3?a^O{v3z=IR_yFL&-rDN3Q`I2nYbfA#eZyeIfD$psdruGT&1H
zQ1WQq+S8q$(XgF1N&v|9oyo$3q-WbvU`8I*skMvES3~!QJ6~Ub3gvw*pHnfE+tlxh
zN$u2sMV#7cIq=J4+0|Zr6ll2rY76;OM2%;y^;(Q_t5~(3qOj9wVd2gnE2HI1Tk^ke
z?O)w9o*!M?{^K+N_)APRG%L_P2MMs#o}Ov*H6S9TCsISg0T7hPfO!Ai$N&hG9L^#G
z1|iXmM1GV++8{FU!5VXHMUfl-M1<l$534nVT30Vc(r%~!w(5LIR&<de#KU1U#ycVE
zs>QpwPZ|43@$}pXu5XVllCrMeYSFq_+Wb?rwtDvCBGdV%iZ{a{JS_J`r`2i>`+6yE
z#*LRS^KwWTPsx&9PrS+1)%<h#=l+%rz0{DfV@-s$-;WQ&uJIle%On~I5)A+h`NaYt
z8U;dhAV~&ZBp>=G4Wj*&K?e)TjdLf5Z1S7reFEMtK6)lkeUtXZ<j}EtpXz(gSS87^
z{)6^P4V4$_<1fa+T#`)r8Hl~Nini~}4f>`HHZPnIa$eNgL>PYwyl9x*h+!<mN-V~v
z&Zm(EKF8FiO3o)YK5`FuwOIaKKQrt2{7HG`N+LcK5g!Oj1%ZOd{zeD_6ZK36XO@sQ
z@h|QkK`<~PdC^-;su=ve?VoVLB)H#}7%A>1slmw-?KB)@7Hg{#$lD%VM1)Uf)|a3;
zK8=rQK`vOg#CCZ;*I%M{oJkj>7Ad$uZc}KRxfSr%>~tGVleGFXrtecB<+u+csf&;4
zwk}6s&#V_wT-c#S9JfhlF1EXTjY-#+;$*K>ZP)Wa^_Z1d?UXkLV1pC;KM1vYw*-y5
zk^48@Q)lRG;$6?<Gne8FcpMI*IKvK?26}YVJAuX{z)<u$YH~?d;KL{-o^Eb`KTqk$
z*gsopDD<vNm8|m2D}+?mh+2KnSJM)wNi7^N?6g%oNIL#|=jBPkHm)Y7LBUPOnW&;0
z9Obb+o=?p0u_cChWbz~K(3<u*$`EQS6SUf7^bxU>(OJ)D9xIAkv0N=A>Q{p3#$Yfd
z8JO&se!(CJfPliKFoCJ}M;Le|R81K9$(WGnEj539G2w5&CRYaUyL^7SlH6RpQKMgC
zch$x;kZ#0Vckqnn17Y+A%UJ%C#@|CK3Ii<~XOUOpQ&*boY^K)A!XEmM>Ym#@y~>ea
z`atXap$vh~jIcc0$f(C7egv$NiEInLOyJkoxvWzYYpQVsIIsoXG!O7gRyA%;4IUdh
z?S5jW&yL>&{cS5ZcwKjqFJ={n@W<IREFYfb#^FtxOqi(e_nU~ia!Y6UI@PCChjG#N
z+lb_3e=d0Q12ud{C?`8fsr+OnESmr6{#^BNQT(TT>3l}aeRY2eq15ez-zONG7MSYN
z#6q%oHow0IWvX(zG3bcU@|UR?roW8o!{IS_0(A3j*0bLWzBJs-)oZ}c;bQa6c1Hw9
zP%UEa^4cNy$`-lbKTS&yzQJ+UWajtK9J@0&11tQnM;B+axlghNADsB_1C!#)uc!h-
zkSqY8G5$#WR?1%vP7Eu`yc^*^!i$6^U&wk*H@Fo2h$yOv32kucLRL^UQaKfViBk6C
zeibovs>4xoVPLwvNsFIm*z_SdbsX9(S8#RLtN-BoOT)s3(flEWMuiW)bzcUnO=Gqt
z*3#}ZU}ehd>bC3~$8i>Aq6!SB6j*Lu&KXS}KnbHm+fGAEE#j~8Dc&<0cIl^rBGvVV
z1cI4#I>24_Z@)-tC_X#U8;y%e=|8BQGVHuJJKf+wzfwc#b#>I`MV_n&{YpIG9?U~@
zqMyMZAVnQ`s;)q)r+1UCbE>{zT&-9pNcz6zQow)<OkXfnS1k99_bZ}+5lK75SOBK@
z&sYUVNMQW&BU?ySUbM;YXa(Qv3a_SnR(9q@@_LQ>{h!_AvGgb2d@k@-sP&HLL&sCI
zN1A+BIey%6w5~G4yMt268H~JqX=3!*!`BS_(x5#iooOieN9IrYB2(Tg2nfAz#Kp!>
zb)E7Pqj<zQ?kLM3X3UgD4CZGSflwMILKH+0jRPhJk^NynfEP|QVevKwiT1~*5Vn2?
zDfsS7w7P#z`iN}(&3{@r4Rp%IS;lUA?$A{@u6xe&bA-^4exTyR&ki5w9eF?LyJ`hC
zuoRs4yI-TF89SIW7+bQUR;EW=pIGjLb@yA?KBWMx^6#BFBfOKsA!4j8sct)`Bs)}b
zD3+U=wlgXAh3k^SS$Z(bmL;cF1AB+`MB)w6xicRt^JsdjJi3)kXhNv<cRX%9WU!-o
zn6@FcrBlImOPC^@iRQjo6YF&`f^<$wo`*60{&nO%ZMTT|N9axLb5jEXW7(ZKFE5@6
z3lailtAY1`19(kJv}n_=fcy7F$#(qyVE+fsD<o&<f|HU4qO1S%b%5yXfP^X%jrlvu
zfRy0}vxnxrW7yhRn*Ap+bX=#54$WV@#Foz59?q%YWlsB{O;Q-jwJ5n{Pf~|lR13Q7
z9QUJ?A~&G4Y@DCt1IH+;H#n-;sfNv|tkYyzHb*%%$Hqdr+r98(4~u-APM;7@H-QOP
zF_)Y2e+5(6XyW6kDsUQ)AIv|nC#Qlx9B-!$&z?Wd_9P>cOB<MvV4A)yO}m%<GBg?K
z*vefe@I$1YJU3gGZla~8Cd0zQV!_@rIro^DrutdBt^rMa>^aVG0D$b`!Js3cCcF9e
zgG;NOA%27>G1SE0In82?m*zVwkEZ`Ef&DWvKZ}%tp;Sq^wGSyDMQLDz+?}wd+G_u#
zmj9M=OUg<}{+V2cfC@5$&CRA+Vusu0+Fvs8Aq96hE>j_2ozY>2n#Adb8-t@Gg@QE5
zw3rYg=bX*EK-w{UPMS>A*CQM!sXoDtpLUyQXfD1>@TA(TlleT8d)Q|+JH6aAIqkX`
zI@tmkA4EVO<19hp(#4icAJ@8V85p1Ud<C<?L3Ea&E`o~-RQsC-c<i8EF(;===V`<4
zNAYmy);D6E#zKJ;N7qvL<kSVo0hs2vtU{O&>moSatf7}(@(B8DCqqOsT0)Ygn5yJ9
z-+a#<uieTe(bj?NETM&B4yz&dHtAalt;RFCf`rlpXt8a!;GApeRSImoxo$47`1Sbc
z=(l_W0L_$RKe#MZ>=h@e$;AFK?h_cGOz)9z3!uC4UEb{$5K`f~5D$&hb*w;4X1g!0
z^t<eBH<*2Qln_mSVn~P$F&N%yq`8S^4Zq`?sR<Ia^3HKf*{I{%*sz*da{JynJ$o$7
z>`<})^1j8k(E9K#)r4DCvtH}BQSB_iu7GtOcSA>p1<>eCuChqDZM2C5K9K>9Gx?v7
zMSERH?RiflOnqa0-764O=qWC`BDY@{;rpyJTK;R!^N;)I&Q!1}<N0-&rLdZd6_pkG
z8iRv0bXmjBhhO1G^Ih`pF9x27<rj9bZbz+Hn5?8zMaH?cMk(Melf|83k=Mov*Vtr*
zDcHjbJek}s+5@3c^2W`&6#c%6fI2@!z(@HqICRYhE&=QBXmhJexf7TqdHKik9uKu`
zybr-ZmCtNxmnO+MK(IuNy>vFxs~gOaOo1zcN#n)QU@-?;u5c+o$P5yQ4A+4}G9ltR
zV0RVheO09?0H!K21q!<E;RlT2FTaGIjga*tw}qbXqV=Pu3D;JEMR)6?K{I%F%7`sE
zbBStAGD{hKj@ksA)0*;<x~lOhCP=S(TrxaW<@-yaDz+2XYl_v46?gb?94(Y~*Y}Dj
zULvK*4?&@kh-~mEhIR^g7(RXX3>T&L<L7f4A<X#{tX*#idd)0KbWM+037lJiSd{(a
zG)k3zO2~+oB_-#!hFY?v05Rlvrtp=4t2J|z>B=}CCF-R3FF?p+iZR)2EKk|zW2_Pg
zj^{8Fj(X_vY^UsV2CPf6E^sOQ_lR=G@p~1P!nc)!sALg&i6?u`IV3sQ+|9ZNnZm4}
z;iBv7Vt>!&7uL*XE9oOs4{f5KOlS>XdqPVP+74+uF~hVOLEjy?<#?6119pw;+OgRr
zo~NC{$yC-*&j@<nOr(I9fH|Cla+&fl67g8t1Yc!@<BNu0>alecxp#9)wM~~x=xiF3
zZnOZasenjMBi>xsgU?P#QK+3aZQ!)Cb^x1|$_1l(fkLFcAbqN`ar$u~CL=vAO||K>
z@_LU{E~#8nFE^#F@)@(N$!;mIHfq-h)eA*wr%7df&YB;nORG)s%vj61B50I8nH8L6
zFJ35Y&wEYpN5w%i*rZ#f+YDcN_gt|Sq4BX|l&)rONrq#rW3FSI<MsD4y(WTfsrb|;
z2BT_~)w{0*%XvA}M$0d~YHl=aJpCH`8qKXOSGGTzw%WVHv(mmpg%!lwEFNFvTI5)4
zcxFoe813*)%9Oo4AuXXbA?dU9(xc(|;Wx5(+%FupiDY~~;dA0@2499t1}Gz`#=ydN
zoN2tE#=FL74DBK0f$^C3*dG_KO&qQq4!$*9U@v{Na1it1ZcE(d<~@%uPd+GqNaM)m
z=-^=Iu;9p&ek#MB>ytZ>yO_Hy-Ph=5P5l6By=cAs-~u`$=i{Kci(tbI`Qp0zjmncF
zN@eeA73-X;8Z2E)&o&G(+NFxy$f-8jHkk#h8R?@eQTBICHj9-^3hN5XI<-4(u088|
ziG1yFLp86vsyM#56LSkwN^s(@NvRz<QEFX!=IJS?hyL-~O7k{CcjF3lQ*{#u49%v-
zX3QO0h8u@zJeS;rq-$kb`%3P<wX(XcHBlu0M4|s`>7~5yqST5vEN>LBykoH!+YmE5
zxhBSAC1OQp>D~C@?%tEvJ-MECPN99#9`jBOLly6q9@JHzoDJ&S2tAW)clRAj>)F=f
zUAkSqeW85`3dNX^n0C6aQ@Ehxt&ySQh_w|$^U!v}JcaNT;d`UHm9qs_Ln1@8L#5O-
ztXr&OC)ol<{0Yrm0V(3n;tBR4e#K)JZ!+es*Y*YtCli;0dc1qyO({+vHt&nl>(i%b
z-{?!POk3s{roIrHb?1D_`8!RiUmZ6+HY=4*E5#`#Dlv8hb<~EUzF`i*he3PqK2L5f
z?@jI-K~F(%Q?0<tpjyy#6iU>RR19Pnp-;L&-K`Nks8{v^wqq<{wFC8_C<Q7R8aw8_
zKsIqP>Dxl<mzpg?!a{<fCml64)O%WWlKNluYu`v@(Ps(P8qn_59M?9~yrP+<sh?#j
zX4SBum0+EKtWad(;bgud5EM}T_0>E5nECbhu=$VTQnr~5>#qYIELJ}su1~h_w(>u5
zjFX3Z7Jd}R__%t}pnk{xQSc&kGOaacKXv)3=yKw=-8bw(3N$P7e&mQoR*zkrlWx5(
zv+g|DNcF+o#ryW3@C()H$?2scQq?2XFWe&=zcr4k31Z^!irPsj3b&)4NSC73Tb{X(
zf3#pMQ5i`wI38%_(wcqqhrt(}1c5xk>sHha9`|QlwXucIOa>84I}5oBKF_%aJ`e1N
z$+*Y_Uv%vV`VoE5E%VWnt}be#-uBI-v%z-VErc%}Yf0WnZ=LC_=UUGbv7EC$@iSv4
zMJ9JU9NZc<m!7IUQZpg66W{CUyn4Nuy*A#tG}L*#$>O^(^2PD_`}p@pf^SpTX01Zc
ze}6Z)8@bV5zFWQ@JQqY6{Px{y%V*0RN2?3dFYD**>J|q-m3(SyJ-^;@4rAl*K<}R9
zoYW{;b-!Kjj)(Sm<%hBlc#fpprS=b3nl=hv_r00yob|po3QC0ZQYal`;%d9r|JB&D
zPSv{?^OkV?$?#gqhn7y)YxdVPHgvXAhP9)#%ljTDT^v6%HYrynmoED_G4<)adH+7&
z!?`c&R~TzojipK-eS@CjmEV5f_l;-s7LCI6rTEaARpG<J-G?u&<E@J)-cH0lER%J=
zVsK@4HGH&ydx-m_a^BI^orK+-+=gea`ok$h%=vlpg~4H;)SgCd--u(4Iei|d)Y7={
zs-XUE{mgTG)}0I6j{>USwC^8SWYxOX%iEm^EeLJjh(1i5IM#YA(|$e7ef7bncl)Ye
z!(rxp-OUcN(B(b5ebmfuOX%XwqXJII4f4H@;vH9xF1%G-4V^h0p{S<6pgef_)S=s<
z)B1dgFwE%0ts3RJ!|`vEF4gTj>qV0e!ws>nNzu*fsH2SUcZ{Bp4Ob6~YBg$o(5}-S
zPWYbi?()5z-mT{eS)=n&ogzOTe$5!EEes3ZZ+CSZ=-KidS<6w@o2lxM-<#O=UUptt
z7!7vctf-8isqIkS#UB>$JMHwPtgah<Gs-ATR1UsMb?_-f$lGOU_G{$l{eMeM|3_(+
zSXnj0dBad=k#eMrG$0U%l$QA4b5jYapC!~kOTzh4#&({MRp1Ar)S)kpS3(y`bP>El
zOc5F6Uy9)owt+T=CPu0Hbw?dpY}8R|_CCHr!7i?oWH9h4p6e8Ezha;Y4ruaVF(g0;
zaG;6Y!btM2y;?^^UuhrD3v>_4gK$)rrO*q1`Iy}Jsz&5)1cAd7BDa!UrRLuF;_Iv_
zkCXdt(}RAI&myJy{*%lzidcvq1)Y`K7o$Edl&f8J3(v!qf>Q!CqswRH4yvyNbqi8)
zHjK)-N`$??P-yL0yR-qJcB(V1d>5a^2-aO>@w~5M@hs;@M1nOfYO9M?K{&<dCOKP9
z);UGa2cI4Zx_<ZV2tCo5Sd!P-V=ZTaf1v1ngFjUIq4o9I?oMsHlhbEdM5U8cq{G0e
zT(`g7PBP(1%Wvzjm7}um7L}4mJ2dvO>z23)d75{HxN>xWyycUV|IJh+Et9JBQj!wC
zOXH-9K52|p@;7t8Oe|;1z)+^XzBnZ5or75G*Y$DnMgC<Ul&%KSMnPRtRSK;sA)_j(
zDXn=*N>xHmR#rkzT~bp*URFa=PC^O!e~Z}t`o3Ukigh8K;fxJI+MtPt6KBpNZ6t`N
zOA@;p21q#~o?j*Ne|xWy{g0A)NWPPU!?&YClfgJVJ_TQh$5ZLxskGqTP`+$cC^f%2
zpb?RgLST>VecIp7Rb_Z^GC3LWfB*!0viyHhSs)G*fC~vAVw9DTCVnLm)HKq9{TBow
B?1umV

literal 0
HcmV?d00001

diff --git a/spec/system/documents_spec.rb b/spec/system/documents_spec.rb
new file mode 100644
index 000000000..d9815be69
--- /dev/null
+++ b/spec/system/documents_spec.rb
@@ -0,0 +1,27 @@
+require "rails_helper"
+
+describe "Documents" do
+  describe "Metadata" do
+    scenario "download document without metadata" do
+      login_as(create(:user))
+      visit new_proposal_path
+
+      fill_in "Proposal title", with: "debate"
+      fill_in "Proposal summary", with: "In summary, what we want is..."
+      fill_in "Full name of the person submitting the proposal", with: "Isabel Garcia"
+      documentable_attach_new_file(file_fixture("logo_with_metadata.pdf"))
+      check "I agree to the Privacy Policy and the Terms and conditions of use"
+
+      click_button "Create proposal"
+
+      io = URI.parse("#{app_host}#{polymorphic_path(Document.last.attachment)}").open
+      reader = PDF::Reader.new(io)
+
+      expect(reader.info[:Keywords]).not_to eq "Test Metadata"
+      expect(reader.info[:Author]).not_to eq "Test Developer"
+      expect(reader.info[:Title]).not_to eq "logo_with_metadata.pdf"
+      expect(reader.info[:Producer]).not_to eq "Test Producer"
+      expect(reader.info).to eq({})
+    end
+  end
+end