Commit db5bf1f Prevent re-uploading a file with the same name

2 files Authored and Committed by pingou 7 days ago
Prevent re-uploading a file with the same name

Fixes https://pagure.io/pagure/issue/1666

    
@@ -980,8 +980,15 @@
                      repo.fullname)
                  if not os.path.exists(folder):
                      os.makedirs(folder)
-                 filestream.save(os.path.join(folder, filename))
-                 flask.flash('File "%s" uploaded' % filename)
+                 dest = os.path.join(folder, filename)
+                 if os.path.exists(dest):
+                     raise pagure.exceptions.PagureException(
+                         'This tarball has already been uploaded')
+                 else:
+                     filestream.save(dest)
+                     flask.flash('File "%s" uploaded' % filename)
+             except pagure.exceptions.PagureException as err:
+                 flask.flash(str(err), 'error')
              except Exception as err:  # pragma: no cover
                  APP.logger.exception(err)
                  flask.flash('Upload failed', 'error')
@@ -3031,6 +3031,17 @@
                  'uploaded\n                    </div>', output.data)
              self.assertIn('This project has not been tagged.', output.data)
  
+             # Try uploading the same file -- fails
+             with open(img, mode='rb') as stream:
+                 data = {'filestream': stream, 'csrf_token': csrf_token}
+                 output = self.app.post(
+                     '/test/upload/', data=data, follow_redirects=True)
+             self.assertEqual(output.status_code, 200)
+             self.assertIn(
+                 '</button>\n                      This tarball has already '
+                 'been uploaded', output.data)
+             self.assertIn('This project has not been tagged.', output.data)
+ 
      @patch('pagure.ui.repo.admin_session_timedout')
      def test_add_token(self, ast):
          """ Test the add_token endpoint. """
@@ -3083,7 +3094,7 @@
  
              data = {'csrf_token': csrf_token, 'acls': ['issue_create']}
  
-             # Upload successful
+             # New token created
              data = {'csrf_token': csrf_token, 'acls': ['issue_create']}
              output = self.app.post(
                  '/test/token/new/', data=data, follow_redirects=True)