fix so google docs can preview an attachment

google docs' servers would get a 500 error when they
tried to access the authenticated_s3_url of a submission

Change-Id: I54fd133a3db15b60a6b4128a3b2ff65f1e5a2204
fixes: #5551
Reviewed-on: https://gerrit.instructure.com/5485
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>

Author: ryankshaw

app/controllers/files_controller.rb

@@ -170,7 +170,7 @@ def show
       @skip_crumb = true
     end
     params[:download] ||= params[:preview]
-    @context = UserProfile.new(@context) if @context == @current_user
+    @context = UserProfile.new(@context) if (@context == @current_user) && @current_user
     add_crumb(t('#crumbs.files', "Files"), named_context_url(@context, :context_files_url)) unless @skip_crumb
     if @attachment.deleted?
       # before telling them it's deleted, try to find another active attachment with the same full path

spec/integration/files_spec.rb

@@ -63,6 +63,29 @@
     # ensure that the user wasn't logged in by the normal means
     controller.instance_variable_get(:@current_user).should be_nil
   end
+  
+  it "should allow access to non-logged-in user agent if it has the right :verifier (lets google docs preview submissions in speedGrader)" do
+    submission_model
+    @submission.attachment = attachment_model(:uploaded_data => stub_png_data, :content_type => 'image/png')
+    @submission.save!
+    HostUrl.stub!(:file_host).and_return('files-test.host')
+    get "http://test.host/users/#{@submission.user.id}/files/#{@submission.attachment.id}/download", :verifier => @submission.attachment.uuid
+    
+    response.should be_redirect
+    uri = URI.parse response['Location']
+    qs = Rack::Utils.parse_nested_query(uri.query)
+    uri.host.should == 'files-test.host'
+    uri.path.should == "/files/#{@submission.attachment.id}/download"
+    qs['verifier'].should == @submission.attachment.uuid
+    location = response['Location']
+    reset!
+
+    get location
+    response.should be_success
+    response.content_type.should == 'image/png'
+    controller.instance_variable_get(:@current_user).should be_nil
+    controller.instance_variable_get(:@context).should be_nil
+  end
 
   it "shouldn't use relative urls for safefiles in other contexts" do
     course_with_teacher_logged_in(:active_all => true)