def test_werkzeug_cases(self): """Test that Werkzeug's tests still pass for our wrapped version""" # Copied from Werkzeug # BSD licensed - original at github.com/mitsuhiko/werkzeug, # /tests/test_utils.py, line 282, commit 811b438 assert_equal('My_cool_movie.mov', secure_filename('My cool movie.mov')) assert_equal('etc_passwd', secure_filename('../../../etc/passwd')) assert_equal('i_contain_cool_umlauts.txt', secure_filename(u'i contain cool \xfcml\xe4uts.txt'))
def file_as_article(figshare): upload = request.files['file'] filename = secure_filename(upload.filename) article = { 'title': filename, 'files': [upload] } return article
def test_werkzeug_cases(self): """Test that Werkzeug's tests still pass for our wrapped version""" # Copied from Werkzeug # BSD licensed - original at github.com/mitsuhiko/werkzeug, # /tests/test_utils.py, line 282, commit 811b438 assert_equal( 'My_cool_movie.mov', secure_filename('My cool movie.mov') ) assert_equal( 'etc_passwd', secure_filename('../../../etc/passwd') ) assert_equal( 'i_contain_cool_umlauts.txt', secure_filename(u'i contain cool \xfcml\xe4uts.txt') )
def test_leading_underscores(self): assert_equal( '__init__.py', secure_filename('__init__.py') )
def test_leading_underscores(self): assert_equal('__init__.py', secure_filename('__init__.py'))
def dataverse_upload_file(node_addon, auth, **kwargs): node = node_addon.owner user_settings = node_addon.user_settings try: name = request.args['name'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) now = datetime.datetime.utcnow() can_edit = node.can_edit(auth) and not node.is_registration can_view = node.can_view(auth) try: connection = connect_from_settings_or_403(user_settings) except HTTPError as error: if error.code == httplib.FORBIDDEN: connection = None else: raise dataverse = get_dataverse(connection, node_addon.dataverse_alias) study = get_study(dataverse, node_addon.study_hdl) filename = secure_filename(name) status_code = httplib.CREATED old_id = None # Fail if file is too small (Dataverse issue) content = request.data if len(content) < 5: raise HTTPError(httplib.UNSUPPORTED_MEDIA_TYPE) # Replace file if old version exists old_file = get_file(study, filename) if old_file is not None: status_code = httplib.OK old_id = old_file.id delete_file(old_file) # Check if file was deleted if get_file_by_id(study, old_id) is not None: raise HTTPError(httplib.BAD_REQUEST) upload_file(study, filename, content) file = get_file(study, filename) if file is None: raise HTTPError(httplib.BAD_REQUEST) node.add_log( action='dataverse_file_added', params={ 'project': node.parent_id, 'node': node._primary_key, 'filename': filename, 'path': node.web_url_for('dataverse_view_file', path=file.id), 'study': study.title, }, auth=auth, log_date=now, ) info = { 'addon': 'dataverse', 'file_id': file.id, 'old_id': old_id, 'name': filename, 'path': filename, 'size': [ len(content), rubeus.format_filesize(len(content)) ], rubeus.KIND: rubeus.FILE, 'urls': { 'view': node.web_url_for('dataverse_view_file', path=file.id), 'download': node.web_url_for('dataverse_download_file', path=file.id), 'delete': node.api_url_for('dataverse_delete_file', path=file.id), }, 'permissions': { 'view': can_view, 'edit': can_edit, }, } return info, status_code
def file_as_article(figshare): upload = request.files['file'] filename = secure_filename(upload.filename) article = {'title': filename, 'files': [upload]} return article
def dataverse_upload_file(node_addon, auth, **kwargs): node = node_addon.owner user_settings = node_addon.user_settings try: name = request.args['name'] except KeyError: raise HTTPError(http.BAD_REQUEST) now = datetime.datetime.utcnow() can_edit = node.can_edit(auth) and not node.is_registration can_view = node.can_view(auth) try: connection = connect_from_settings_or_403(user_settings) except HTTPError as error: if error.code == 403: connection = None else: raise dataverse = get_dataverse(connection, node_addon.dataverse_alias) study = get_study(dataverse, node_addon.study_hdl) filename = secure_filename(name) action = 'file_uploaded' old_id = None # Fail if file is too small (Dataverse issue) content = request.data if len(content) < 5: raise HTTPError(http.UNSUPPORTED_MEDIA_TYPE) # Replace file if old version exists old_file = get_file(study, filename) if old_file is not None: action = 'file_updated' old_id = old_file.id delete_file(old_file) # Check if file was deleted if get_file_by_id(study, old_id) is not None: raise HTTPError(http.BAD_REQUEST) upload_file(study, filename, content) file = get_file(study, filename) if file is None: raise HTTPError(http.BAD_REQUEST) node.add_log( action='dataverse_file_added', params={ 'project': node.parent_id, 'node': node._primary_key, 'filename': filename, 'path': node.web_url_for('dataverse_view_file', path=file.id), 'study': study.title, }, auth=auth, log_date=now, ) info = { 'addon': 'dataverse', 'file_id': file.id, 'old_id': old_id, 'name': filename, 'path': filename, 'size': [len(content), rubeus.format_filesize(len(content))], rubeus.KIND: rubeus.FILE, 'urls': { 'view': node.web_url_for('dataverse_view_file', path=file.id), 'download': node.web_url_for('dataverse_download_file', path=file.id), 'delete': node.api_url_for('dataverse_delete_file', path=file.id), }, 'permissions': { 'view': can_view, 'edit': can_edit, }, 'actionTaken': action, } return info, 201
def create_temp_file(self, upload): filename = secure_filename(upload.filename) f = TemporaryFile('w+b') f.write(upload.read()) f.seek(0) return filename, f
def github_upload_file(auth, node_addon, **kwargs): node = kwargs['node'] or kwargs['project'] user = auth.user now = datetime.datetime.utcnow() path = get_path(kwargs, required=False) or '' branch = request.args.get('branch') sha = request.args.get('sha') if branch is None: raise HTTPError(http.BAD_REQUEST) connection = GitHub.from_settings(node_addon.user_settings) upload = request.files.get('file') filename = secure_filename(upload.filename) content = upload.read() # Check max file size upload.seek(0, os.SEEK_END) size = upload.tell() if size > node_addon.config.max_file_size * 1024 * 1024: raise HTTPError(http.BAD_REQUEST) # Get SHA of existing file if present; requires an additional call to the # GitHub API try: tree = connection.tree(node_addon.user, node_addon.repo, sha=sha or branch).tree except EmptyRepoError: tree = [] except NotFoundError: raise HTTPError(http.BAD_REQUEST) existing = [ thing for thing in tree if thing.path == os.path.join(path, filename) ] sha = existing[0].sha if existing else None author = { 'name': user.fullname, 'email': '{0}@osf.io'.format(user._id), } if existing: data = connection.update_file(node_addon.user, node_addon.repo, os.path.join(path, filename), MESSAGES['update'], content, sha=sha, branch=branch, author=author) else: data = connection.create_file(node_addon.user, node_addon.repo, os.path.join(path, filename), MESSAGES['add'], content, branch=branch, author=author) if data is not None: ref = ref_to_params(sha=data['commit'].sha) view_url = os.path.join(node.url, 'github', 'file', path, filename) + '/' + ref download_url = os.path.join(node.url, 'github', 'file', path, filename, 'download') + '/' + ref node.add_log( action=('github_' + (models.NodeLog.FILE_UPDATED if sha else models.NodeLog.FILE_ADDED)), params={ 'project': node.parent_id, 'node': node._primary_key, 'path': os.path.join(path, filename), 'urls': { 'view': view_url, 'download': download_url, }, 'github': { 'user': node_addon.user, 'repo': node_addon.repo, 'sha': data['commit'].sha, }, }, auth=auth, log_date=now, ) # Fail if file size is not provided; this happens when the file was # too large to upload to GitHub if data['content'].size is None: logger.error( 'Could not upload file {0} to GitHub: No size provided'.format( filename)) raise HTTPError(http.BAD_REQUEST) info = { 'addon': 'github', 'name': filename, 'size': [ data['content'].size, rubeus.format_filesize(data['content'].size), ], 'kind': 'file', 'urls': build_github_urls( data['content'], node.url, node.api_url, branch, sha, ), 'permissions': { 'view': True, 'edit': True, }, } return info, 201 raise HTTPError(http.BAD_REQUEST)
def github_upload_file(auth, node_addon, **kwargs): node = kwargs['node'] or kwargs['project'] user = auth.user now = datetime.datetime.utcnow() path = get_path(kwargs, required=False) or '' branch = request.args.get('branch') sha = request.args.get('sha') if branch is None: raise HTTPError(http.BAD_REQUEST) connection = GitHub.from_settings(node_addon.user_settings) upload = request.files.get('file') filename = secure_filename(upload.filename) content = upload.read() # Check max file size upload.seek(0, os.SEEK_END) size = upload.tell() if size > node_addon.config.max_file_size * 1024 * 1024: raise HTTPError(http.BAD_REQUEST) # Get SHA of existing file if present; requires an additional call to the # GitHub API try: tree = connection.tree( node_addon.user, node_addon.repo, sha=sha or branch ).tree except EmptyRepoError: tree = [] except NotFoundError: raise HTTPError(http.BAD_REQUEST) existing = [ thing for thing in tree if thing.path == os.path.join(path, filename) ] sha = existing[0].sha if existing else None author = { 'name': user.fullname, 'email': '{0}@osf.io'.format(user._id), } if existing: data = connection.update_file( node_addon.user, node_addon.repo, os.path.join(path, filename), MESSAGES['update'], content, sha=sha, branch=branch, author=author ) else: data = connection.create_file( node_addon.user, node_addon.repo, os.path.join(path, filename), MESSAGES['add'], content, branch=branch, author=author ) if data is not None: ref = ref_to_params(sha=data['commit'].sha) view_url = os.path.join( node.url, 'github', 'file', path, filename ) + '/' + ref download_url = os.path.join( node.url, 'github', 'file', path, filename, 'download' ) + '/' + ref node.add_log( action=( 'github_' + ( models.NodeLog.FILE_UPDATED if sha else models.NodeLog.FILE_ADDED ) ), params={ 'project': node.parent_id, 'node': node._primary_key, 'path': os.path.join(path, filename), 'urls': { 'view': view_url, 'download': download_url, }, 'github': { 'user': node_addon.user, 'repo': node_addon.repo, 'sha': data['commit'].sha, }, }, auth=auth, log_date=now, ) # Fail if file size is not provided; this happens when the file was # too large to upload to GitHub if data['content'].size is None: logger.error( 'Could not upload file {0} to GitHub: No size provided'.format( filename ) ) raise HTTPError(http.BAD_REQUEST) info = { 'addon': 'github', 'name': filename, 'size': [ data['content'].size, rubeus.format_filesize(data['content'].size), ], 'kind': 'file', 'urls': build_github_urls( data['content'], node.url, node.api_url, branch, sha, ), 'permissions': { 'view': True, 'edit': True, }, } return info, 201 raise HTTPError(http.BAD_REQUEST)