Commit db5bf1f Prevent re-uploading a file with the same name

2 files Authored and Committed by pingou 2 months ago
Prevent re-uploading a file with the same name

Fixes https://pagure.io/pagure/issue/1666

    
 1 @@ -980,8 +980,15 @@
 2                       repo.fullname)
 3                   if not os.path.exists(folder):
 4                       os.makedirs(folder)
 5 -                 filestream.save(os.path.join(folder, filename))
 6 -                 flask.flash('File "%s" uploaded' % filename)
 7 +                 dest = os.path.join(folder, filename)
 8 +                 if os.path.exists(dest):
 9 +                     raise pagure.exceptions.PagureException(
10 +                         'This tarball has already been uploaded')
11 +                 else:
12 +                     filestream.save(dest)
13 +                     flask.flash('File "%s" uploaded' % filename)
14 +             except pagure.exceptions.PagureException as err:
15 +                 flask.flash(str(err), 'error')
16               except Exception as err:  # pragma: no cover
17                   APP.logger.exception(err)
18                   flask.flash('Upload failed', 'error')
 1 @@ -3031,6 +3031,17 @@
 2                   'uploaded\n                    </div>', output.data)
 3               self.assertIn('This project has not been tagged.', output.data)
 4   
 5 +             # Try uploading the same file -- fails
 6 +             with open(img, mode='rb') as stream:
 7 +                 data = {'filestream': stream, 'csrf_token': csrf_token}
 8 +                 output = self.app.post(
 9 +                     '/test/upload/', data=data, follow_redirects=True)
10 +             self.assertEqual(output.status_code, 200)
11 +             self.assertIn(
12 +                 '</button>\n                      This tarball has already '
13 +                 'been uploaded', output.data)
14 +             self.assertIn('This project has not been tagged.', output.data)
15 + 
16       @patch('pagure.ui.repo.admin_session_timedout')
17       def test_add_token(self, ast):
18           """ Test the add_token endpoint. """
19 @@ -3083,7 +3094,7 @@
20   
21               data = {'csrf_token': csrf_token, 'acls': ['issue_create']}
22   
23 -             # Upload successful
24 +             # New token created
25               data = {'csrf_token': csrf_token, 'acls': ['issue_create']}
26               output = self.app.post(
27                   '/test/token/new/', data=data, follow_redirects=True)