From 6cab74139231495eac76d53ab386d132efb1e92f Mon Sep 17 00:00:00 2001
From: Vishnu Narayanan <iamwishnu@gmail.com>
Date: Mon, 11 Aug 2025 12:41:37 +0530
Subject: [PATCH] fix: handle active storage preview error for password
 protected pdfs (#11888)

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
---
 app/controllers/slack_uploads_controller.rb |  7 ++++++-
 app/models/attachment.rb                    |  8 +++-----
 config/application.rb                       |  3 +++
 spec/models/attachment_spec.rb              | 16 ++++++++++++++++
 4 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/app/controllers/slack_uploads_controller.rb b/app/controllers/slack_uploads_controller.rb
index 127e77649..6f157c7d5 100644
--- a/app/controllers/slack_uploads_controller.rb
+++ b/app/controllers/slack_uploads_controller.rb
@@ -17,7 +17,12 @@ class SlackUploadsController < ApplicationController
   end
 
   def blob_url
-    url_for(@blob.representation(resize_to_fill: [250, nil]))
+    # Only generate representations for images
+    if @blob.content_type.start_with?('image/')
+      url_for(@blob.representation(resize_to_fill: [250, nil]))
+    else
+      url_for(@blob)
+    end
   end
 
   def avatar_url
diff --git a/app/models/attachment.rb b/app/models/attachment.rb
index fd114c38c..8c5750148 100644
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -60,11 +60,9 @@ class Attachment < ApplicationRecord
   end
 
   def thumb_url
-    if file.attached? && file.representable?
-      url_for(file.representation(resize_to_fill: [250, nil]))
-    else
-      ''
-    end
+    return '' unless file.attached? && image?
+
+    url_for(file.representation(resize_to_fill: [250, nil]))
   end
 
   def with_attached_file?
diff --git a/config/application.rb b/config/application.rb
index 5316e65bf..92dd9a011 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -61,6 +61,9 @@ module Chatwoot
     # https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
     # FIX ME : fixes breakage of installation config. we need to migrate.
     config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess]
+
+    # Disable PDF/video preview generation as we don't use them
+    config.active_storage.previewers = []
   end
 
   def self.config
diff --git a/spec/models/attachment_spec.rb b/spec/models/attachment_spec.rb
index 241125538..0b03a56ad 100644
--- a/spec/models/attachment_spec.rb
+++ b/spec/models/attachment_spec.rb
@@ -68,6 +68,22 @@ RSpec.describe Attachment do
     end
   end
 
+  describe 'thumb_url' do
+    it 'returns empty string for non-image attachments' do
+      attachment = message.attachments.new(account_id: message.account_id, file_type: :file)
+      attachment.file.attach(io: StringIO.new('fake pdf'), filename: 'test.pdf', content_type: 'application/pdf')
+
+      expect(attachment.thumb_url).to eq('')
+    end
+
+    it 'generates thumb_url for image attachments' do
+      attachment = message.attachments.create!(account_id: message.account_id, file_type: :image)
+      attachment.file.attach(io: StringIO.new('fake image'), filename: 'test.jpg', content_type: 'image/jpeg')
+
+      expect(attachment.thumb_url).to be_present
+    end
+  end
+
   describe 'meta data handling' do
     let(:message) { create(:message) }