Fix: fix user checks in management scripts (#11928 )

2026-01-30 23:08:59 -06:00 · 2026-01-29 12:45:20 -08:00
20 changed files with 128 additions and 110 deletions
--- a/docker/management_script.sh
+++ b/docker/management_script.sh
@@ -7,6 +7,11 @@ cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
 	python3 manage.py management_command "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py management_command "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py management_command "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/convert_mariadb_uuid
+++ b/docker/rootfs/usr/local/bin/convert_mariadb_uuid
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py convert_mariadb_uuid "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py convert_mariadb_uuid "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py convert_mariadb_uuid "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py convert_mariadb_uuid "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/createsuperuser
+++ b/docker/rootfs/usr/local/bin/createsuperuser
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py createsuperuser "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py createsuperuser "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py createsuperuser "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py createsuperuser "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_archiver
+++ b/docker/rootfs/usr/local/bin/document_archiver
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_archiver "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_archiver "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_archiver "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_archiver "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_create_classifier
+++ b/docker/rootfs/usr/local/bin/document_create_classifier
@@ -6,7 +6,16 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_create_classifier "$@"
+	python3 manage.py document_create_classifier "$@"
+elif [[ $(id -u) == 0 ]]; then
+	s6-setuidgid paperless python3 manage.py document_create_classifier "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_create_classifier "$@"
+else
+	echo "Unknown user."
+	exit 1
+fi
+er "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	s6-setuidgid paperless python3 manage.py document_create_classifier "$@"
 fi
--- a/docker/rootfs/usr/local/bin/document_exporter
+++ b/docker/rootfs/usr/local/bin/document_exporter
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_exporter "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_exporter "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_exporter "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_exporter "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_fuzzy_match
+++ b/docker/rootfs/usr/local/bin/document_fuzzy_match
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_fuzzy_match "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_fuzzy_match "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_fuzzy_match "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_fuzzy_match "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_importer
+++ b/docker/rootfs/usr/local/bin/document_importer
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_importer "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_importer "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_importer "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_importer "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_index
+++ b/docker/rootfs/usr/local/bin/document_index
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_index "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_index "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_index "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_index "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_renamer
+++ b/docker/rootfs/usr/local/bin/document_renamer
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_renamer "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_renamer "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_renamer "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_renamer "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_retagger
+++ b/docker/rootfs/usr/local/bin/document_retagger
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_retagger "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_retagger "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_retagger "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_retagger "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_sanity_checker
+++ b/docker/rootfs/usr/local/bin/document_sanity_checker
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_sanity_checker "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_sanity_checker "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_sanity_checker "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_sanity_checker "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_thumbnails
+++ b/docker/rootfs/usr/local/bin/document_thumbnails
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py document_thumbnails "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_thumbnails "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_thumbnails "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py document_thumbnails "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/mail_fetcher
+++ b/docker/rootfs/usr/local/bin/mail_fetcher
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py mail_fetcher "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py mail_fetcher "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py mail_fetcher "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py mail_fetcher "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/manage_superuser
+++ b/docker/rootfs/usr/local/bin/manage_superuser
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py manage_superuser "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py manage_superuser "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py manage_superuser "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py manage_superuser "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/prune_audit_logs
+++ b/docker/rootfs/usr/local/bin/prune_audit_logs
@@ -6,7 +6,12 @@ set -e
 cd "${PAPERLESS_SRC_DIR}"

 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-		python3 manage.py prune_audit_logs "$@"
-elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py prune_audit_logs "$@"
+elif [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py prune_audit_logs "$@"
+elif [[ $(id -un) == "paperless" ]]; then
+	python3 manage.py prune_audit_logs "$@"
+else
+	echo "Unknown user."
+	exit 1
 fi
--- a/src/documents/consumer.py
+++ b/src/documents/consumer.py
@@ -5,7 +5,6 @@ import tempfile
 from enum import Enum
 from pathlib import Path
 from typing import TYPE_CHECKING
-from typing import Final

 import magic
 from django.conf import settings
@@ -50,8 +49,6 @@ from documents.utils import copy_file_with_basic_stats
 from documents.utils import run_subprocess
 from paperless_mail.parsers import MailDocumentParser

-LOGGING_NAME: Final[str] = "paperless.consumer"
-

 class WorkflowTriggerPlugin(
    NoCleanupPluginMixin,
@@ -159,7 +156,7 @@ class ConsumerPlugin(
    ConsumerPluginMixin,
    ConsumeTaskPlugin,
 ):
-    logging_name = LOGGING_NAME
+    logging_name = "paperless.consumer"

    def run_pre_consume_script(self):
        """
@@ -756,7 +753,7 @@ class ConsumerPreflightPlugin(
    ConsumeTaskPlugin,
 ):
    NAME: str = "ConsumerPreflightPlugin"
-    logging_name = LOGGING_NAME
+    logging_name = "paperless.consumer"

    def pre_check_file_exists(self):
        """
@@ -831,32 +828,6 @@ class ConsumerPreflightPlugin(
        settings.ORIGINALS_DIR.mkdir(parents=True, exist_ok=True)
        settings.ARCHIVE_DIR.mkdir(parents=True, exist_ok=True)

-    def run(self) -> None:
-        self._send_progress(
-            0,
-            100,
-            ProgressStatusOptions.STARTED,
-            ConsumerStatusShortMessage.NEW_FILE,
-        )
-
-        # Make sure that preconditions for consuming the file are met.
-
-        self.pre_check_file_exists()
-        self.pre_check_duplicate()
-        self.pre_check_directories()
-
-
-class AsnCheckPlugin(
-    NoCleanupPluginMixin,
-    NoSetupPluginMixin,
-    AlwaysRunPluginMixin,
-    LoggingMixin,
-    ConsumerPluginMixin,
-    ConsumeTaskPlugin,
-):
-    NAME: str = "AsnCheckPlugin"
-    logging_name = LOGGING_NAME
-
    def pre_check_asn_value(self):
        """
        Check that if override_asn is given, it is unique and within a valid range
@@ -894,4 +865,16 @@ class AsnCheckPlugin(
            )

    def run(self) -> None:
+        self._send_progress(
+            0,
+            100,
+            ProgressStatusOptions.STARTED,
+            ConsumerStatusShortMessage.NEW_FILE,
+        )
+
+        # Make sure that preconditions for consuming the file are met.
+
+        self.pre_check_file_exists()
+        self.pre_check_duplicate()
+        self.pre_check_directories()
        self.pre_check_asn_value()
--- a/src/documents/tasks.py
+++ b/src/documents/tasks.py
@@ -29,7 +29,6 @@ from documents.bulk_download import OriginalsOnlyStrategy
 from documents.caching import clear_document_caches
 from documents.classifier import DocumentClassifier
 from documents.classifier import load_classifier
-from documents.consumer import AsnCheckPlugin
 from documents.consumer import ConsumerPlugin
 from documents.consumer import ConsumerPreflightPlugin
 from documents.consumer import WorkflowTriggerPlugin
@@ -158,10 +157,8 @@ def consume_file(

    plugins: list[type[ConsumeTaskPlugin]] = [
        ConsumerPreflightPlugin,
-        AsnCheckPlugin,
        CollatePlugin,
        BarcodePlugin,
-        AsnCheckPlugin,  # Re-run ASN check after barcode reading
        WorkflowTriggerPlugin,
        ConsumerPlugin,
    ]
--- a/src/documents/tests/test_barcodes.py
+++ b/src/documents/tests/test_barcodes.py
@@ -11,7 +11,6 @@ from django.test import override_settings

 from documents import tasks
 from documents.barcodes import BarcodePlugin
-from documents.consumer import ConsumerError
 from documents.data_models import ConsumableDocument
 from documents.data_models import DocumentMetadataOverrides
 from documents.data_models import DocumentSource
@@ -94,41 +93,6 @@ class TestBarcode(

            self.assertDictEqual(separator_page_numbers, {1: False})

-    @override_settings(CONSUMER_ENABLE_ASN_BARCODE=True)
-    def test_asn_barcode_duplicate_in_trash_fails(self):
-        """
-        GIVEN:
-            - A document with ASN barcode 123 is in the trash
-        WHEN:
-            - A file with the same barcode ASN is consumed
-        THEN:
-            - The ASN check is re-run and consumption fails
-        """
-        test_file = self.BARCODE_SAMPLE_DIR / "barcode-39-asn-123.pdf"
-
-        first_doc = Document.objects.create(
-            title="First ASN 123",
-            content="",
-            checksum="asn123first",
-            mime_type="application/pdf",
-            archive_serial_number=123,
-        )
-
-        first_doc.delete()
-
-        dupe_asn = settings.SCRATCH_DIR / "barcode-39-asn-123-second.pdf"
-        shutil.copy(test_file, dupe_asn)
-
-        with mock.patch("documents.tasks.ProgressManager", DummyProgressManager):
-            with self.assertRaisesRegex(ConsumerError, r"ASN 123.*trash"):
-                tasks.consume_file(
-                    ConsumableDocument(
-                        source=DocumentSource.ConsumeFolder,
-                        original_file=dupe_asn,
-                    ),
-                    None,
-                )
-
    @override_settings(
        CONSUMER_BARCODE_TIFF_SUPPORT=True,
    )
--- a/src/documents/tests/utils.py
+++ b/src/documents/tests/utils.py
@@ -20,7 +20,6 @@ from django.db.migrations.executor import MigrationExecutor
 from django.test import TransactionTestCase
 from django.test import override_settings

-from documents.consumer import AsnCheckPlugin
 from documents.consumer import ConsumerPlugin
 from documents.consumer import ConsumerPreflightPlugin
 from documents.data_models import ConsumableDocument
@@ -372,14 +371,6 @@ class GetConsumerMixin:
            "task-id",
        )
        preflight_plugin.setup()
-        asncheck_plugin = AsnCheckPlugin(
-            doc,
-            overrides or DocumentMetadataOverrides(),
-            self.status,  # type: ignore
-            self.dirs.scratch_dir,
-            "task-id",
-        )
-        asncheck_plugin.setup()
        reader = ConsumerPlugin(
            doc,
            overrides or DocumentMetadataOverrides(),
@@ -390,7 +381,6 @@ class GetConsumerMixin:
        reader.setup()
        try:
            preflight_plugin.run()
-            asncheck_plugin.run()
            yield reader
        finally:
            reader.cleanup()