verify file size for alternative storage (#40707)

2020-03-13 01:59:05 +01:00 · 2020-03-13 01:59:05 +01:00 · e956f92a8a
parent dc0a00446c
commit e956f92a8a
3 changed files with 32 additions and 11 deletions
--- a/tests/test_upload_storage.py
+++ b/tests/test_upload_storage.py
@ -182,22 +182,42 @@ def test_form_file_field_upload_storage(wscall, pub):
    assert 'href="download?f=0"' in resp.text
    assert 'href="download?f=1"' in resp.text  # link is present on backoffice

+    # file size limit verification
+    formdef.fields[1].max_file_size = '1ko'
+    formdef.store()
+    wscall.return_value = None, 200, json.dumps(
+            {"err": 0, "data": {"redirect_url": "https://crypto.example.net/"}})
+    resp = get_app(pub).get('/test/')
+    resp.forms[0]['f0$file'] = upload_0
+    resp.forms[0]['f1$file'] = upload_1
+    resp = resp.forms[0].submit('submit')
+    assert 'over file size limit (1ko)' in resp.text
+
    # api access (json export)
    resp = admin_app.get('/api/forms/test/1/', status=200)
    assert resp.json['fields']['file']['content'].startswith('/9j/4AAQSkZJRg')
    assert 'storage' not in resp.json['fields']['file']
    assert resp.json['fields']['remote_file']['content'] == ''
    assert resp.json['fields']['remote_file']['storage'] == 'remote'
-    assert resp.json['fields']['remote_file']['storage_attrs'] == {'redirect_url': 'https://crypto.example.net/'}
+    assert resp.json['fields']['remote_file']['storage_attrs'] == {
+        'redirect_url': 'https://crypto.example.net/',
+        'file_size': 1834
+    }

    resp = admin_app.get('/api/forms/test/2/', status=200)
    assert resp.json['fields']['remote_file']['content'] == ''
    assert resp.json['fields']['remote_file']['storage'] == 'remote'
    assert resp.json['fields']['remote_file']['storage_attrs'] == {
-            'redirect_url': 'https://crypto.example.net/',
-            'backoffice_redirect_url': None, 'frontoffice_redirect_url': None}
+        'redirect_url': 'https://crypto.example.net/',
+        'frontoffice_redirect_url': None,
+        'backoffice_redirect_url': None,
+        'file_size': 1834
+    }

    resp = admin_app.get('/api/forms/test/3/', status=200)
    assert resp.json['fields']['remote_file']['content'] == ''
    assert resp.json['fields']['remote_file']['storage'] == 'remote-bo'
-    assert resp.json['fields']['remote_file']['storage_attrs'] == {'redirect_url': 'https://crypto.example.net/'}
+    assert resp.json['fields']['remote_file']['storage_attrs'] == {
+        'redirect_url': 'https://crypto.example.net/',
+        'file_size': 1834
+    }
--- a/wcs/qommon/form.py
+++ b/wcs/qommon/form.py
@ -797,9 +797,9 @@ class FileWithPreviewWidget(CompositeWidget):

        if self.max_file_size:
            # validate file size
-            file_size = os.path.getsize(self.value.fp.name)
-            if file_size > self.max_file_size_bytes:
+            if self.value.file_size > self.max_file_size_bytes:
                self.error = _('over file size limit (%s)') % self.max_file_size
+                return

        if self.file_type:
            # validate file type
--- a/wcs/qommon/upload_storage.py
+++ b/wcs/qommon/upload_storage.py
@ -116,6 +116,7 @@ class UploadStorage(object):
        dirname = os.path.join(get_publisher().app_dir, 'tempfiles')
        filename = os.path.join(dirname, temp_data['unsigned_token'])
        value.token = temp_data['token']
+        value.file_size = os.path.getsize(filename)
        value.fp = open(filename, 'rb')
        return value

@ -164,12 +165,10 @@ class RemoteOpaqueUploadStorage(object):
            return

        upload.__class__ = PicklableUpload
-        dirname = os.path.join(get_publisher().app_dir, 'tempfiles')
-        filename = os.path.join(dirname, upload.token)
-        fd = open(filename, 'wb')
        upload.get_file_pointer().seek(0)
-        base64content = base64.b64encode(upload.get_file_pointer().read())
-        fd.close()
+        content = upload.get_file_pointer().read()
+        base64content = base64.b64encode(content)
+        file_size = len(content)

        post_data = {
                'file': {
@ -199,6 +198,7 @@ class RemoteOpaqueUploadStorage(object):
                    ws_result_data.get('redirect_url'))

        upload.storage_attrs = ws_result_data
+        upload.storage_attrs['file_size'] = file_size

    def get_tempfile(self, temp_data):
        value = PicklableUpload(
@ -209,6 +209,7 @@ class RemoteOpaqueUploadStorage(object):
        value.storage_attrs = temp_data['storage-attrs']
        value.token = temp_data['token']
        value.fp = None
+        value.file_size = value.storage_attrs['file_size']
        return value

    def save(self, upload):