Changeset 15258 for main/waeup.ikoba/trunk/src/waeup/ikoba/browser

Timestamp:

30 Nov 2018, 07:34:44 (6 years ago)

Author:

Henrik Bettermann

Message:

Do not allow uploading data with trailing whitespaces.

Location:

main/waeup.ikoba/trunk/src/waeup/ikoba/browser

Files:

• pages.py (modified) (1 diff)
• tests/forbidden_file_2.csv (added)
• tests/test_browser.py (modified) (2 diffs)

main/waeup.ikoba/trunk/src/waeup/ikoba/browser/pages.py

@@ -1142 +1142 @@
             invalid_line = check_csv_charset(filecontent.splitlines())
             if invalid_line:
-                self.flash(_(
-                    "Your file contains forbidden characters or "
-                    "has invalid CSV format. "
-                    "First problematic line detected: line %s. "
-                    "Please replace." % invalid_line), type='danger')
+                if invalid_line == -1:
+                    self.flash(_(
+                        "The data in your file contain trailing whitespaces."
+                        "Please replace."), type='danger')
+                else:
+                    self.flash(_(
+                        "Your file contains forbidden characters or "
+                        "has invalid CSV format. "
+                        "First problematic line detected: line %s. "
+                        "Please replace." % invalid_line), type='danger')
                 logger.info('%s - invalid file uploaded: %s' %
                             (ob_class, target))

main/waeup.ikoba/trunk/src/waeup/ikoba/browser/tests/test_browser.py

@@ -36 +36 @@
 from waeup.ikoba.tests.test_async import FunctionalAsyncTestCase
 
+SAMPLE_FILE = os.path.join(os.path.dirname(__file__), 'test_file.csv')
+FORBIDDEN_FILE = os.path.join(os.path.dirname(__file__), 'forbidden_file.csv')
+FORBIDDEN_FILE_2 = os.path.join(
+    os.path.dirname(__file__), 'forbidden_file_2.csv')
 
 class CompanySetup(FunctionalTestCase):
@@ -133 +137 @@
             self.datacenter_path + "/@@show/?logname=myspecial.log&query=.*")
         assert "SOME <TAG> AND ÜMLÄUTS IN LOG" in self.browser.contents
+
+    def test_file_download_delete(self):
+        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+        self.browser.open(self.datacenter_path)
+        self.assertEqual(self.browser.headers['Status'], '200 Ok')
+        self.assertEqual(self.browser.url, self.datacenter_path)
+        self.browser.getLink("Upload data").click()
+        file = open(SAMPLE_FILE)
+        ctrl = self.browser.getControl(name='uploadfile:file')
+        file_ctrl = ctrl.mech_control
+        file_ctrl.add_file(file, filename='my_test_data.csv')
+        self.browser.getControl('Upload').click()
+        self.browser.open(self.datacenter_path)
+        self.browser.getLink('my_test_data_zope.mgr.csv').click()
+        self.assertEqual(self.browser.headers['Status'], '200 Ok')
+        self.assertEqual(self.browser.headers['Content-Type'],
+                         'text/csv; charset=UTF-8')
+        logfile = os.path.join(
+            self.app['datacenter'].storage, 'logs', 'datacenter.log')
+        logcontent = open(logfile).read()
+        self.assertTrue('zope.mgr - browser.pages.FileDownloadView - '
+                        'downloaded: my_test_data_zope.mgr.csv' in logcontent)
+        self.browser.open(self.datacenter_path)
+        ctrl = self.browser.getControl(name='val_id')
+        ctrl.getControl(value='my_test_data_zope.mgr.csv').selected = True
+        self.browser.getControl("Remove selected", index=0).click()
+        self.assertTrue('Successfully deleted: my_test_data_zope.mgr.csv'
+            in self.browser.contents)
+        logcontent = open(logfile).read()
+        self.assertTrue('zope.mgr - browser.pages.DatacenterPage - '
+                        'deleted: my_test_data_zope.mgr.csv' in logcontent)
+        return
+
+    def test_forbidden_file_upload(self):
+        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+        self.browser.open(self.datacenter_path)
+        self.assertEqual(self.browser.headers['Status'], '200 Ok')
+        self.assertEqual(self.browser.url, self.datacenter_path)
+        self.browser.getLink("Upload data").click()
+        file = open(FORBIDDEN_FILE)
+        ctrl = self.browser.getControl(name='uploadfile:file')
+        file_ctrl = ctrl.mech_control
+        file_ctrl.add_file(file, filename='my_corrupted_file.csv')
+        self.browser.getControl('Upload').click()
+        self.assertTrue(
+            'Your file contains forbidden characters or'
+            in self.browser.contents)
+        logfile = os.path.join(
+            self.app['datacenter'].storage, 'logs', 'datacenter.log')
+        logcontent = open(logfile).read()
+        self.assertTrue('zope.mgr - browser.pages.DatacenterUploadPage - '
+            'invalid file uploaded:' in logcontent)
+        return
+
+    def test_forbidden_file_upload_2(self):
+        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+        self.browser.open(self.datacenter_path)
+        self.assertEqual(self.browser.headers['Status'], '200 Ok')
+        self.assertEqual(self.browser.url, self.datacenter_path)
+        self.browser.getLink("Upload data").click()
+        file = open(FORBIDDEN_FILE_2)
+        ctrl = self.browser.getControl(name='uploadfile:file')
+        file_ctrl = ctrl.mech_control
+        file_ctrl.add_file(file, filename='my_corrupted_file.csv')
+        self.browser.getControl('Upload').click()
+        self.assertTrue(
+            'The data in your file contain trailing whitespaces.'
+            in self.browser.contents)
+        logfile = os.path.join(
+            self.app['datacenter'].storage, 'logs', 'datacenter.log')
+        logcontent = open(logfile).read()
+        self.assertTrue('zope.mgr - browser.pages.DatacenterUploadPage - '
+            'invalid file uploaded:' in logcontent)
+        return
 
     def test_user_data_import_permission(self):