Paperclip + RSpec: content_type validation

Question

I am using Paperclip in my Rails application for attaching images. I declared validation for content_type in my model as

Answer 1

This issue is resolved in Paperclip's latest version 4.1.1 released on February 21, 2014.

Both of my following examples pass correctly now.

it "Image is valid" do
    image = File.new("#{Rails.root}/spec/support/right.png")
    expect(FactoryGirl.build(:pin, image: image)).to be_valid
end
it "Image is invalid" do
   image = File.new("#{Rails.root}/spec/support/wrong.png")
   expect(FactoryGirl.build(:pin, image: image)).to have(1).errors_on(:image_content_type)
end

After a little bit of research found out that, When I upload an invalid image,

For example: spoof(renamed) wrong.txt file as wrong.png and upload.

In prior release of Paperclip, wrong.png passes the content_type validation with flying colors without giving any error because Paperclip only used to check the extensions of the uploaded file and not content within.

Whereas, In the current release of Paperclip 4.1.1, same spoofed wrong.png fails the validation and throws the following error in view:

Image has an extension that does not match its contents

Upon investigating server log entries, I found the following:

Command :: file -b --mime-type '/var/folders/tg/8sxl1vss4fb0sqtcrv3lzcfm0000gn/T/a7f21d0002b0d9d91eb158d702cd930320140317-531-swkmb8' [paperclip] Content Type Spoof: Filename wrong.png (["image/png"]), content type discovered from file command: text/plain. See documentation to allow this combination.

Here, you can see that Paperclip actually checked the content of the uploaded file stating text/plain and also erred out saying Content Type Spoof.

Hope my findings will help others to understand how Paperclip's content-type validation has improved over the time.