fix: enable cleanup for storage attribute

add checks to prevent misconfigured usage complete coverage
projectcaluma · Jan 16, 2024 · 3e5f8a3 · 3e5f8a3
1 parent a26a939
commit 3e5f8a3
Show file tree

Hide file tree

Showing 9 changed files with 72 additions and 135 deletions.
diff --git a/alexandria/core/factories.py b/alexandria/core/factories.py
@@ -107,7 +107,7 @@ class FileFactory(BaseFactory):
 
     name = factory.Maybe(
         factory.LazyAttribute(lambda o: o.variant == models.File.Variant.ORIGINAL),
-        yes_declaration=factory.Sequence(lambda n: "Version #%i" % ((int(n) + 1) / 2)),
+        yes_declaration=Faker("name"),
         no_declaration=factory.LazyAttribute(
             lambda o: f"{o.original.name}_preview.jpg"
         ),

diff --git a/alexandria/core/management/commands/encrypt_files.py b/alexandria/core/management/commands/encrypt_files.py
@@ -12,6 +12,17 @@ def add_arguments(self, parser):
         parser.add_argument("--dry", dest="dry", action="store_true", default=False)
 
     def handle(self, *args, **options):
+        if (
+            not settings.ALEXANDRIA_ENABLE_AT_REST_ENCRYPTION
+            or settings.ALEXANDRIA_ENCRYPTION_METHOD
+            == File.EncryptionStatus.NOT_ENCRYPTED
+        ):
+            return self.stdout.write(
+                self.style.WARNING(
+                    "Encryption is not enabled. Skipping encryption of files."
+                )
+            )
+
         for file in tqdm(
             File.objects.filter(encryption_status=File.EncryptionStatus.NOT_ENCRYPTED)
         ):

diff --git a/alexandria/core/presign_urls.py b/alexandria/core/presign_urls.py
@@ -4,6 +4,7 @@
 from django.conf import settings
 from django.utils import timezone
 from django.utils.http import urlsafe_base64_encode
+from rest_framework.exceptions import ValidationError
 from rest_framework_json_api.relations import reverse
 
 
@@ -45,10 +46,8 @@ def verify_signed_components(pk, hostname, expires, scheme, token_sig):
     host, expires, signature = make_signature_components(pk, hostname, expires, scheme)
 
     if int(now.timestamp()) > expires:
-        raise TimeoutError()
-    try:
-        assert token_sig == signature
-    except AssertionError:
-        raise
+        raise ValidationError("Download URL expired.")
+    if not token_sig == signature:
+        raise ValidationError("Invalid signature.")
 
     return True
diff --git a/alexandria/core/storage_clients.py b/alexandria/core/storage_clients.py
diff --git a/alexandria/core/tests/snapshots/snap_test_api.py b/alexandria/core/tests/snapshots/snap_test_api.py
@@ -112,10 +112,10 @@
 snapshots["test_api_create[FileViewSet] 1"] = {
     "queries": [
         'SELECT "alexandria_core_document"."created_at", "alexandria_core_document"."created_by_user", "alexandria_core_document"."created_by_group", "alexandria_core_document"."modified_at", "alexandria_core_document"."modified_by_user", "alexandria_core_document"."modified_by_group", "alexandria_core_document"."metainfo", "alexandria_core_document"."id", "alexandria_core_document"."title", "alexandria_core_document"."description", "alexandria_core_document"."category_id", "alexandria_core_document"."date" FROM "alexandria_core_document" WHERE "alexandria_core_document"."id" = \'9dd4e461-268c-8034-f5c8-564e155c67a6\'::uuid LIMIT 21',
-        'INSERT INTO "alexandria_core_file" ("created_at", "created_by_user", "created_by_group", "modified_at", "modified_by_user", "modified_by_group", "metainfo", "id", "variant", "original_id", "name", "document_id", "checksum", "encryption_status", "content") VALUES (\'2017-05-21T00:00:00+00:00\'::timestamptz, \'admin\', \'admin\', \'2017-05-21T00:00:00+00:00\'::timestamptz, \'admin\', \'admin\', \'{}\', \'f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad\'::uuid, \'original\', NULL, \'Version #33\', \'9dd4e461-268c-8034-f5c8-564e155c67a6\'::uuid, \'sha256:945db0f84bf4ec45cf1c4835cb61848210d64c3867f5a3d78f55ca18e4a98879\', NULL, \'f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad_Version_33\')',
+        'INSERT INTO "alexandria_core_file" ("created_at", "created_by_user", "created_by_group", "modified_at", "modified_by_user", "modified_by_group", "metainfo", "id", "variant", "original_id", "name", "document_id", "checksum", "encryption_status", "content") VALUES (\'2017-05-21T00:00:00+00:00\'::timestamptz, \'admin\', \'admin\', \'2017-05-21T00:00:00+00:00\'::timestamptz, \'admin\', \'admin\', \'{}\', \'f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad\'::uuid, \'original\', NULL, \'Jason Lopez\', \'9dd4e461-268c-8034-f5c8-564e155c67a6\'::uuid, \'sha256:945db0f84bf4ec45cf1c4835cb61848210d64c3867f5a3d78f55ca18e4a98879\', NULL, \'f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad_Jason_Lopez\')',
         """UPDATE "alexandria_core_document" SET "created_at" = \'2017-05-21T00:00:00+00:00\'::timestamptz, "created_by_user" = \'admin\', "created_by_group" = \'admin\', "modified_at" = \'2017-05-21T00:00:00+00:00\'::timestamptz, "modified_by_user" = \'admin\', "modified_by_group" = \'admin\', "metainfo" = \'{}\', "title" = hstore(ARRAY[\'en\',\'de\',\'fr\'], ARRAY[\'Michael Edwards\',\'\',\'\']), "description" = hstore(ARRAY[\'en\',\'de\',\'fr\'], ARRAY[\'Open else look tree arm responsibility week. Environmental statement bag someone them style.
 Public these health team change. Tax final upon stay sing middle suggest.\',\'\',\'\']), "category_id" = \'note-act-source\', "date" = \'1999-11-26\'::date WHERE "alexandria_core_document"."id" = \'9dd4e461-268c-8034-f5c8-564e155c67a6\'::uuid""",
-        'INSERT INTO "alexandria_core_file" ("created_at", "created_by_user", "created_by_group", "modified_at", "modified_by_user", "modified_by_group", "metainfo", "id", "variant", "original_id", "name", "document_id", "checksum", "encryption_status", "content") VALUES (\'2017-05-21T00:00:00+00:00\'::timestamptz, NULL, NULL, \'2017-05-21T00:00:00+00:00\'::timestamptz, NULL, NULL, \'{}\', \'ea416ed0-759d-46a8-de58-f63a59077499\'::uuid, \'thumbnail\', \'f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad\'::uuid, \'Version #33_preview.jpg\', \'9dd4e461-268c-8034-f5c8-564e155c67a6\'::uuid, \'sha256:0b5121c3edeb9ac0ac4d2f2cfa34773e43b68017bba0dfc859bdfdeae4392cc2\', NULL, \'ea416ed0-759d-46a8-de58-f63a59077499_Version_33_preview.jpg\')',
+        'INSERT INTO "alexandria_core_file" ("created_at", "created_by_user", "created_by_group", "modified_at", "modified_by_user", "modified_by_group", "metainfo", "id", "variant", "original_id", "name", "document_id", "checksum", "encryption_status", "content") VALUES (\'2017-05-21T00:00:00+00:00\'::timestamptz, NULL, NULL, \'2017-05-21T00:00:00+00:00\'::timestamptz, NULL, NULL, \'{}\', \'ea416ed0-759d-46a8-de58-f63a59077499\'::uuid, \'thumbnail\', \'f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad\'::uuid, \'Jason Lopez_preview.jpg\', \'9dd4e461-268c-8034-f5c8-564e155c67a6\'::uuid, \'sha256:0b5121c3edeb9ac0ac4d2f2cfa34773e43b68017bba0dfc859bdfdeae4392cc2\', NULL, \'ea416ed0-759d-46a8-de58-f63a59077499_Jason_Lopez_preview.jpg\')',
         'SELECT "alexandria_core_file"."created_at", "alexandria_core_file"."created_by_user", "alexandria_core_file"."created_by_group", "alexandria_core_file"."modified_at", "alexandria_core_file"."modified_by_user", "alexandria_core_file"."modified_by_group", "alexandria_core_file"."metainfo", "alexandria_core_file"."id", "alexandria_core_file"."variant", "alexandria_core_file"."original_id", "alexandria_core_file"."name", "alexandria_core_file"."document_id", "alexandria_core_file"."checksum", "alexandria_core_file"."encryption_status", "alexandria_core_file"."content" FROM "alexandria_core_file" WHERE "alexandria_core_file"."original_id" = \'f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad\'::uuid ORDER BY "alexandria_core_file"."created_at" DESC',
         'SELECT (1) AS "a" FROM "alexandria_core_document" WHERE ("alexandria_core_document"."id" = \'9dd4e461-268c-8034-f5c8-564e155c67a6\'::uuid AND "alexandria_core_document"."id" = \'9dd4e461-268c-8034-f5c8-564e155c67a6\'::uuid) LIMIT 1',
     ],
@@ -131,7 +131,7 @@
     "request_payload": {
         "content": GenericRepr("<_io.BytesIO object at 0x100000000>"),
         "document": "9dd4e461-268c-8034-f5c8-564e155c67a6",
-        "name": "Version #33",
+        "name": "Jason Lopez",
         "variant": "original",
     },
     "response": {
@@ -146,7 +146,7 @@
                 "modified-at": "2017-05-21T00:00:00Z",
                 "modified-by-group": "admin",
                 "modified-by-user": "admin",
-                "name": "Version #33",
+                "name": "Jason Lopez",
                 "variant": "original",
             },
             "id": "f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad",
@@ -569,7 +569,7 @@
                 "modified-at": "2017-05-21T00:00:00Z",
                 "modified-by-group": "admin",
                 "modified-by-user": "admin",
-                "name": "Version #32",
+                "name": "Jason Lopez",
                 "variant": "original",
             },
             "id": "9336ebf2-5087-d91c-818e-e6e9ec29f8c1",
@@ -1065,7 +1065,7 @@
         'SELECT "alexandria_core_mark"."created_at", "alexandria_core_mark"."created_by_user", "alexandria_core_mark"."created_by_group", "alexandria_core_mark"."modified_at", "alexandria_core_mark"."modified_by_user", "alexandria_core_mark"."modified_by_group", "alexandria_core_mark"."metainfo", "alexandria_core_mark"."slug", "alexandria_core_mark"."name", "alexandria_core_mark"."description" FROM "alexandria_core_mark" INNER JOIN "alexandria_core_document_marks" ON ("alexandria_core_mark"."slug" = "alexandria_core_document_marks"."mark_id") WHERE "alexandria_core_document_marks"."document_id" = \'f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad\'::uuid',
         'SELECT (1) AS "a" FROM "alexandria_core_document" WHERE ("alexandria_core_document"."id" = \'fb0e22c7-9ac7-5679-e988-1e6ba183b354\'::uuid AND "alexandria_core_document"."id" = \'fb0e22c7-9ac7-5679-e988-1e6ba183b354\'::uuid) LIMIT 1',
         'SELECT "alexandria_core_file"."created_at", "alexandria_core_file"."created_by_user", "alexandria_core_file"."created_by_group", "alexandria_core_file"."modified_at", "alexandria_core_file"."modified_by_user", "alexandria_core_file"."modified_by_group", "alexandria_core_file"."metainfo", "alexandria_core_file"."id", "alexandria_core_file"."variant", "alexandria_core_file"."original_id", "alexandria_core_file"."name", "alexandria_core_file"."document_id", "alexandria_core_file"."checksum", "alexandria_core_file"."encryption_status", "alexandria_core_file"."content" FROM "alexandria_core_file" WHERE "alexandria_core_file"."document_id" = \'fb0e22c7-9ac7-5679-e988-1e6ba183b354\'::uuid ORDER BY "alexandria_core_file"."created_at" DESC',
-        'SELECT (1) AS "a" FROM "alexandria_core_category" WHERE ("alexandria_core_category"."slug" = \'moment-poor\' AND "alexandria_core_category"."slug" = \'moment-poor\') LIMIT 1',
+        'SELECT (1) AS "a" FROM "alexandria_core_category" WHERE ("alexandria_core_category"."slug" = \'party-coach-note\' AND "alexandria_core_category"."slug" = \'party-coach-note\') LIMIT 1',
         'SELECT "alexandria_core_tag"."created_at", "alexandria_core_tag"."created_by_user", "alexandria_core_tag"."created_by_group", "alexandria_core_tag"."modified_at", "alexandria_core_tag"."modified_by_user", "alexandria_core_tag"."modified_by_group", "alexandria_core_tag"."metainfo", "alexandria_core_tag"."id", "alexandria_core_tag"."name", "alexandria_core_tag"."description", "alexandria_core_tag"."tag_synonym_group_id" FROM "alexandria_core_tag" INNER JOIN "alexandria_core_document_tags" ON ("alexandria_core_tag"."id" = "alexandria_core_document_tags"."tag_id") WHERE "alexandria_core_document_tags"."document_id" = \'fb0e22c7-9ac7-5679-e988-1e6ba183b354\'::uuid',
         'SELECT "alexandria_core_mark"."created_at", "alexandria_core_mark"."created_by_user", "alexandria_core_mark"."created_by_group", "alexandria_core_mark"."modified_at", "alexandria_core_mark"."modified_by_user", "alexandria_core_mark"."modified_by_group", "alexandria_core_mark"."metainfo", "alexandria_core_mark"."slug", "alexandria_core_mark"."name", "alexandria_core_mark"."description" FROM "alexandria_core_mark" INNER JOIN "alexandria_core_document_marks" ON ("alexandria_core_mark"."slug" = "alexandria_core_document_marks"."mark_id") WHERE "alexandria_core_document_marks"."document_id" = \'fb0e22c7-9ac7-5679-e988-1e6ba183b354\'::uuid',
     ],
@@ -1091,7 +1091,7 @@
                     "modified-at": "2017-05-21T00:00:00Z",
                     "modified-by-group": "admin",
                     "modified-by-user": "admin",
-                    "name": "Version #34",
+                    "name": "Jason Lopez",
                     "variant": "original",
                 },
                 "id": "9336ebf2-5087-d91c-818e-e6e9ec29f8c1",
@@ -1118,7 +1118,7 @@
                     "modified-at": "2017-05-21T00:00:00Z",
                     "modified-by-group": "admin",
                     "modified-by-user": "admin",
-                    "name": "Version #35",
+                    "name": "Rebecca Gonzalez",
                     "variant": "original",
                 },
                 "id": "ea416ed0-759d-46a8-de58-f63a59077499",
@@ -1145,7 +1145,7 @@
                     "modified-at": "2017-05-21T00:00:00Z",
                     "modified-by-group": "admin",
                     "modified-by-user": "admin",
-                    "name": "Version #35",
+                    "name": "William Kennedy",
                     "variant": "original",
                 },
                 "id": "dad3a37a-a9d5-0688-b515-7698acfd7aee",
@@ -1208,15 +1208,15 @@
                     "date": "2005-06-14",
                     "description": {
                         "de": "",
-                        "en": """Bank arm serious live by itself. Project find white continue none president. Idea eye plan third program.
-Son success provide beyond. Officer player possible issue ahead suffer.""",
+                        "en": """Serious live by. Run then project find white continue.
+Effort partner area media increase meeting. Son success provide beyond. Officer player possible issue ahead suffer.""",
                         "fr": "",
                     },
                     "metainfo": {},
                     "modified-at": "2017-05-21T00:00:00Z",
                     "modified-by-group": "admin",
                     "modified-by-user": "admin",
-                    "title": {"de": "", "en": "Rebecca Gonzalez", "fr": ""},
+                    "title": {"de": "", "en": "Olivia Miller", "fr": ""},
                 },
                 "id": "f561aaf6-ef0b-f14d-4208-bb46a4ccb3ad",
                 "relationships": {
@@ -1242,22 +1242,24 @@
                     "created-at": "2017-05-21T00:00:00Z",
                     "created-by-group": "admin",
                     "created-by-user": "admin",
-                    "date": "1973-06-29",
+                    "date": "1977-12-09",
                     "description": {
                         "de": "",
-                        "en": """Cell series star. Agency season worry take value eye sell.
-Human less power relate fine religious. Loss increase firm friend ability. Their office though television return main.""",
+                        "en": """Star Republican agency season. Take value eye sell them he.
+Same season natural think Mr course tree. Within never whose five hold food.""",
                         "fr": "",
                     },
                     "metainfo": {},
                     "modified-at": "2017-05-21T00:00:00Z",
                     "modified-by-group": "admin",
                     "modified-by-user": "admin",
-                    "title": {"de": "", "en": "William Kennedy", "fr": ""},
+                    "title": {"de": "", "en": "Carol Mata", "fr": ""},
                 },
                 "id": "fb0e22c7-9ac7-5679-e988-1e6ba183b354",
                 "relationships": {
-                    "category": {"data": {"id": "moment-poor", "type": "categories"}},
+                    "category": {
+                        "data": {"id": "party-coach-note", "type": "categories"}
+                    },
                     "files": {
                         "data": [
                             {

diff --git a/alexandria/core/tests/test_views.py b/alexandria/core/tests/test_views.py
@@ -384,14 +384,16 @@ def test_document_delete_some_tags(admin_client, tag_factory, document_factory):
 
 
 @pytest.mark.parametrize(
-    "presigned, expected_status", [(True, HTTP_200_OK), (False, HTTP_403_FORBIDDEN)]
+    "presigned, expected_status",
+    [(True, HTTP_200_OK), (False, HTTP_403_FORBIDDEN)],
 )
 def test_download_file(admin_client, file, presigned, expected_status):
     if not presigned:
         url = reverse("file-download", args=[file.pk])
     else:
         response = admin_client.get(reverse("file-detail", args=(file.pk,)))
         url = response.json()["data"]["attributes"]["download-url"]
+
     result = admin_client.get(url)
     assert result.status_code == expected_status
 
@@ -404,7 +406,7 @@ def test_presigned_url_expired(admin_client, client, file, freezer, settings):
         delta=timezone.timedelta(seconds=settings.ALEXANDRIA_DOWNLOAD_URL_LIFETIME + 5)
     )
     response = client.get(url)
-    assert response.status_code == HTTP_403_FORBIDDEN
+    assert response.status_code == HTTP_400_BAD_REQUEST
 
 
 def test_presigned_url_tempered_signature(admin_client, client, file):
@@ -416,4 +418,15 @@ def test_presigned_url_tempered_signature(admin_client, client, file):
     val = str(int(val) + 1000)
     url = f"{without_params}?{signature}&{key}={val}"
     response = client.get(url)
-    assert response.status_code == HTTP_403_FORBIDDEN
+    assert response.status_code == HTTP_400_BAD_REQUEST
+
+
+def test_presigned_url_different_file(admin_client, file, file_factory):
+    response = admin_client.get(reverse("file-detail", args=(file.pk,)))
+    url = response.json()["data"]["attributes"]["download-url"]
+
+    other_file = file_factory()
+    url = url.replace(str(file.pk), str(other_file.pk))
+
+    response = admin_client.get(url)
+    assert response.status_code == HTTP_400_BAD_REQUEST