I'm not sure how this would have worked before

2025-04-02 13:45:10 -05:00 · 2016-03-28 19:56:17 +01:00 · 2016-03-28 19:56:17 +01:00 · 14375e19ef
commit 14375e19ef
parent 3827c52194
1 changed files with 32 additions and 10 deletions
--- a/src/documents/forms.py
+++ b/src/documents/forms.py
@ -34,42 +34,64 @@ class UploadForm(forms.Form):
    document = forms.FileField()
    signature = forms.CharField(max_length=256)

+    def __init__(self, *args, **kwargs):
+        forms.Form.__init__(*args, **kwargs)
+        self._file_type = None
+
    def clean_correspondent(self):
        """
        I suppose it might look cleaner to use .get_or_create() here, but that
        would also allow someone to fill up the db with bogus correspondents
        before all validation was met.
        """
+
        corresp = self.cleaned_data.get("correspondent")
+
        if not corresp:
            return None
+
        if not Correspondent.SAFE_REGEX.match(corresp) or " - " in corresp:
            raise forms.ValidationError(
                "That correspondent name is suspicious.")
+
        return corresp

    def clean_title(self):
+
        title = self.cleaned_data.get("title")
+
        if not title:
            return None
+
        if not Correspondent.SAFE_REGEX.match(title) or " - " in title:
            raise forms.ValidationError("That title is suspicious.")

+        return title
+
    def clean_document(self):
+
        document = self.cleaned_data.get("document").read()
+
        with magic.Magic(flags=magic.MAGIC_MIME_TYPE) as m:
            file_type = m.id_buffer(document)
+
        if file_type not in self.TYPE_LOOKUP:
            raise forms.ValidationError("The file type is invalid.")
-        return document, self.TYPE_LOOKUP[file_type]
+
+        self._file_type = self.TYPE_LOOKUP[file_type]
+
+        return document

    def clean(self):
-        corresp = self.clened_data("correspondent")
-        title = self.cleaned_data("title")
-        signature = self.cleaned_data("signature")
+
+        corresp = self.clened_data.get("correspondent")
+        title = self.cleaned_data.get("title")
+        signature = self.cleaned_data.get("signature")
+
        if sha256(corresp + title + self.SECRET).hexdigest() == signature:
-            return True
-        return False
+            return self.cleaned_data
+
+        raise forms.ValidationError("The signature provided did not validate")

    def save(self):
        """
@ -78,14 +100,14 @@ class UploadForm(forms.Form):
        form do that as well.  Think of it as a poor-man's queue server.
        """

-        correspondent = self.clened_data("correspondent")
-        title = self.cleaned_data("title")
-        document, file_type = self.cleaned_data.get("document")
+        correspondent = self.clened_data.get("correspondent")
+        title = self.cleaned_data.get("title")
+        document = self.cleaned_data.get("document")

        t = int(mktime(datetime.now()))
        file_name = os.path.join(
            Consumer.CONSUME,
-            "{} - {}.{}".format(correspondent, title, file_type)
+            "{} - {}.{}".format(correspondent, title, self._file_type)
        )

        with open(file_name, "wb") as f: