def handle_upload(self, request, addon, version_string, guid=None): if 'upload' in request.FILES: filedata = request.FILES['upload'] else: raise forms.ValidationError( ugettext(u'Missing "upload" key in multipart file data.'), status.HTTP_400_BAD_REQUEST) # Parse the file to get and validate package data with the addon. pkg = parse_addon(filedata, addon) if not acl.submission_allowed(request.user, pkg): raise forms.ValidationError( ugettext(u'You cannot submit this type of add-on'), status.HTTP_400_BAD_REQUEST) if not addon and not system_addon_submission_allowed( request.user, pkg): raise forms.ValidationError( ugettext(u'You cannot submit an add-on with a guid ending ' u'"@mozilla.org"'), status.HTTP_400_BAD_REQUEST) if not mozilla_signed_extension_submission_allowed(request.user, pkg): raise forms.ValidationError( ugettext(u'You cannot submit a Mozilla Signed Extension')) if addon is not None and addon.status == amo.STATUS_DISABLED: msg = ugettext( 'You cannot add versions to an addon that has status: %s.' % amo.STATUS_CHOICES_ADDON[amo.STATUS_DISABLED]) raise forms.ValidationError(msg, status.HTTP_400_BAD_REQUEST) version_string = version_string or pkg['version'] if version_string and pkg['version'] != version_string: raise forms.ValidationError( ugettext('Version does not match the manifest file.'), status.HTTP_400_BAD_REQUEST) if (addon is not None and addon.versions.filter(version=version_string).exists()): raise forms.ValidationError(ugettext('Version already exists.'), status.HTTP_409_CONFLICT) package_guid = pkg.get('guid', None) dont_allow_no_guid = (not addon and not package_guid and not pkg.get('is_webextension', False)) if dont_allow_no_guid: raise forms.ValidationError( ugettext('Only WebExtensions are allowed to omit the GUID'), status.HTTP_400_BAD_REQUEST) if guid is not None and not addon and not package_guid: # No guid was present in the package, but one was provided in the # URL, so we take it instead of generating one ourselves. But # first, validate it properly. if len(guid) > 64: raise forms.ValidationError( ugettext( 'Please specify your Add-on GUID in the manifest if it\'s ' 'longer than 64 characters.')) if not amo.ADDON_GUID_PATTERN.match(guid): raise forms.ValidationError(ugettext('Invalid GUID in URL'), status.HTTP_400_BAD_REQUEST) pkg['guid'] = guid # channel will be ignored for new addons. if addon is None: channel = amo.RELEASE_CHANNEL_UNLISTED # New is always unlisted. addon = Addon.create_addon_from_upload_data(data=pkg, user=request.user, upload=filedata, channel=channel) created = True else: created = False channel_param = request.POST.get('channel') channel = amo.CHANNEL_CHOICES_LOOKUP.get(channel_param) if not channel: last_version = (addon.find_latest_version(None, exclude=())) if last_version: channel = last_version.channel else: channel = amo.RELEASE_CHANNEL_UNLISTED # Treat as new. will_have_listed = channel == amo.RELEASE_CHANNEL_LISTED if not addon.has_complete_metadata( has_listed_versions=will_have_listed): raise forms.ValidationError( ugettext('You cannot add a listed version to this addon ' 'via the API due to missing metadata. ' 'Please submit via the website'), status.HTTP_400_BAD_REQUEST) file_upload = handle_upload(filedata=filedata, user=request.user, addon=addon, submit=True, channel=channel) return file_upload, created
def handle_upload(self, request, addon, version_string, guid=None): if 'upload' in request.FILES: filedata = request.FILES['upload'] else: raise forms.ValidationError( ugettext(u'Missing "upload" key in multipart file data.'), status.HTTP_400_BAD_REQUEST) # Parse the file to get and validate package data with the addon. pkg = parse_addon(filedata, addon) if not acl.submission_allowed(request.user, pkg): raise forms.ValidationError( ugettext(u'You cannot submit this type of add-on'), status.HTTP_400_BAD_REQUEST) if not addon and not system_addon_submission_allowed( request.user, pkg): raise forms.ValidationError( ugettext(u'You cannot submit an add-on with a guid ending ' u'"@mozilla.org"'), status.HTTP_400_BAD_REQUEST) if not mozilla_signed_extension_submission_allowed(request.user, pkg): raise forms.ValidationError( ugettext(u'You cannot submit a Mozilla Signed Extension')) if addon is not None and addon.status == amo.STATUS_DISABLED: msg = ugettext( 'You cannot add versions to an addon that has status: %s.' % amo.STATUS_CHOICES_ADDON[amo.STATUS_DISABLED]) raise forms.ValidationError(msg, status.HTTP_400_BAD_REQUEST) version_string = version_string or pkg['version'] if version_string and pkg['version'] != version_string: raise forms.ValidationError( ugettext('Version does not match the manifest file.'), status.HTTP_400_BAD_REQUEST) if (addon is not None and addon.versions.filter(version=version_string).exists()): raise forms.ValidationError( ugettext('Version already exists.'), status.HTTP_409_CONFLICT) package_guid = pkg.get('guid', None) dont_allow_no_guid = ( not addon and not package_guid and not pkg.get('is_webextension', False)) if dont_allow_no_guid: raise forms.ValidationError( ugettext('Only WebExtensions are allowed to omit the GUID'), status.HTTP_400_BAD_REQUEST) if guid is not None and not addon and not package_guid: # No guid was present in the package, but one was provided in the # URL, so we take it instead of generating one ourselves. But # first, validate it properly. if not amo.ADDON_GUID_PATTERN.match(guid): raise forms.ValidationError( ugettext('Invalid GUID in URL'), status.HTTP_400_BAD_REQUEST) pkg['guid'] = guid # channel will be ignored for new addons. if addon is None: channel = amo.RELEASE_CHANNEL_UNLISTED # New is always unlisted. addon = Addon.create_addon_from_upload_data( data=pkg, user=request.user, upload=filedata, channel=channel) created = True else: created = False channel_param = request.POST.get('channel') channel = amo.CHANNEL_CHOICES_LOOKUP.get(channel_param) if not channel: last_version = ( addon.find_latest_version(None, exclude=())) if last_version: channel = last_version.channel else: channel = amo.RELEASE_CHANNEL_UNLISTED # Treat as new. will_have_listed = channel == amo.RELEASE_CHANNEL_LISTED if not addon.has_complete_metadata( has_listed_versions=will_have_listed): raise forms.ValidationError( ugettext('You cannot add a listed version to this addon ' 'via the API due to missing metadata. ' 'Please submit via the website'), status.HTTP_400_BAD_REQUEST) file_upload = handle_upload( filedata=filedata, user=request.user, addon=addon, submit=True, channel=channel) return file_upload, created
def check_xpi_info(xpi_info, addon=None, xpi_file=None, user=None): from olympia.addons.models import Addon, DeniedGuid guid = xpi_info['guid'] is_webextension = xpi_info.get('is_webextension', False) # If we allow the guid to be omitted we assume that one was generated # or existed before and use that one. # An example are WebExtensions that don't require a guid but we generate # one once they're uploaded. Now, if you update that WebExtension we # just use the original guid. if addon and not guid and is_webextension: xpi_info['guid'] = guid = addon.guid if not guid and not is_webextension: raise forms.ValidationError(ugettext('Could not find an add-on ID.')) if guid: current_user = core.get_user() if current_user: deleted_guid_clashes = Addon.unfiltered.exclude( authors__id=current_user.id).filter(guid=guid) else: deleted_guid_clashes = Addon.unfiltered.filter(guid=guid) if addon and addon.guid != guid: msg = ugettext( 'The add-on ID in your manifest.json or install.rdf (%s) ' 'does not match the ID of your add-on on AMO (%s)') raise forms.ValidationError(msg % (guid, addon.guid)) if (not addon and # Non-deleted add-ons. ( Addon.objects.filter(guid=guid).exists() or # DeniedGuid objects for deletions for Mozilla disabled add-ons DeniedGuid.objects.filter(guid=guid).exists() or # Deleted add-ons that don't belong to the uploader. deleted_guid_clashes.exists())): raise forms.ValidationError(ugettext('Duplicate add-on ID found.')) if len(xpi_info['version']) > 32: raise forms.ValidationError( ugettext('Version numbers should have fewer than 32 characters.')) if not VERSION_RE.match(xpi_info['version']): raise forms.ValidationError( ugettext('Version numbers should only contain letters, numbers, ' 'and these punctuation characters: +*.-_.')) if is_webextension and xpi_info.get('type') == amo.ADDON_STATICTHEME: max_size = settings.MAX_STATICTHEME_SIZE if xpi_file and os.path.getsize(xpi_file.name) > max_size: raise forms.ValidationError( ugettext( u'Maximum size for WebExtension themes is {0}.').format( filesizeformat(max_size))) if xpi_file: # Make sure we pass in a copy of `xpi_info` since # `resolve_webext_translations` modifies data in-place translations = Addon.resolve_webext_translations( xpi_info.copy(), xpi_file) verify_mozilla_trademark(translations['name'], core.get_user()) # Parse the file to get and validate package data with the addon. if not acl.submission_allowed(user, xpi_info): raise forms.ValidationError( ugettext(u'You cannot submit this type of add-on')) if not addon and not system_addon_submission_allowed(user, xpi_info): guids = ' or '.join('"' + guid + '"' for guid in amo.SYSTEM_ADDON_GUIDS) raise forms.ValidationError( ugettext(u'You cannot submit an add-on with a guid ending ' u'%s' % guids)) if not mozilla_signed_extension_submission_allowed(user, xpi_info): raise forms.ValidationError( ugettext(u'You cannot submit a Mozilla Signed Extension')) return xpi_info
def check_xpi_info(xpi_info, addon=None, xpi_file=None, user=None): from olympia.addons.models import Addon, DeniedGuid guid = xpi_info['guid'] is_webextension = xpi_info.get('is_webextension', False) # If we allow the guid to be omitted we assume that one was generated # or existed before and use that one. # An example are WebExtensions that don't require a guid but we generate # one once they're uploaded. Now, if you update that WebExtension we # just use the original guid. if addon and not guid and is_webextension: xpi_info['guid'] = guid = addon.guid if not guid and not is_webextension: raise forms.ValidationError(ugettext('Could not find an add-on ID.')) if guid: current_user = core.get_user() if current_user: deleted_guid_clashes = Addon.unfiltered.exclude( authors__id=current_user.id).filter(guid=guid) else: deleted_guid_clashes = Addon.unfiltered.filter(guid=guid) if addon and addon.guid != guid: msg = ugettext( 'The add-on ID in your manifest.json or install.rdf (%s) ' 'does not match the ID of your add-on on AMO (%s)') raise forms.ValidationError(msg % (guid, addon.guid)) if (not addon and # Non-deleted add-ons. (Addon.objects.filter(guid=guid).exists() or # DeniedGuid objects for deletions for Mozilla disabled add-ons DeniedGuid.objects.filter(guid=guid).exists() or # Deleted add-ons that don't belong to the uploader. deleted_guid_clashes.exists())): raise forms.ValidationError(ugettext('Duplicate add-on ID found.')) if len(xpi_info['version']) > 32: raise forms.ValidationError( ugettext('Version numbers should have fewer than 32 characters.')) if not VERSION_RE.match(xpi_info['version']): raise forms.ValidationError( ugettext('Version numbers should only contain letters, numbers, ' 'and these punctuation characters: +*.-_.')) if is_webextension and xpi_info.get('type') == amo.ADDON_STATICTHEME: if not waffle.switch_is_active('allow-static-theme-uploads'): raise forms.ValidationError(ugettext( 'WebExtension theme uploads are currently not supported.')) if xpi_file: # Make sure we pass in a copy of `xpi_info` since # `resolve_webext_translations` modifies data in-place translations = Addon.resolve_webext_translations( xpi_info.copy(), xpi_file) verify_mozilla_trademark(translations['name'], core.get_user()) # Parse the file to get and validate package data with the addon. if not acl.submission_allowed(user, xpi_info): raise forms.ValidationError( ugettext(u'You cannot submit this type of add-on')) if not addon and not system_addon_submission_allowed( user, xpi_info): guids = ' or '.join( '"' + guid + '"' for guid in amo.SYSTEM_ADDON_GUIDS) raise forms.ValidationError( ugettext(u'You cannot submit an add-on with a guid ending ' u'%s' % guids)) if not mozilla_signed_extension_submission_allowed(user, xpi_info): raise forms.ValidationError( ugettext(u'You cannot submit a Mozilla Signed Extension')) return xpi_info