Commit c3166b7e authored by Jérome Perrin's avatar Jérome Perrin Committed by Arnaud Fontaine

Revert "Revert "erp5_web_shadir: more useful checks""

This reverts commit 00e8d126.
parent ca94590f
...@@ -25,10 +25,11 @@ ...@@ -25,10 +25,11 @@
# #
############################################################################## ##############################################################################
import hashlib import hashlib
import json import json
import validictory from base64 import b64decode
from binascii import a2b_hex
from zExceptions import BadRequest
from Products.ERP5Type.UnrestrictedMethod import super_user from Products.ERP5Type.UnrestrictedMethod import super_user
...@@ -39,17 +40,10 @@ def WebSection_getDocumentValue(self, key, portal=None, language=None,\ ...@@ -39,17 +40,10 @@ def WebSection_getDocumentValue(self, key, portal=None, language=None,\
- POST /<key> - POST /<key>
+ parameters required: + parameters required:
* file: the name of the file
* urlmd5: mdsum of orginal url
* sha512: the hash (sha512) of the file content * sha512: the hash (sha512) of the file content
+ parameters not required:
* valid-until: the date which the file must be expired
* architecture: computer architecture
Used to add information on shadir server. Used to add information on shadir server.
- GET /<key> - GET /<key>
Return list of information for a given key Return list of information for a given key
Raise HTTP error (404) if key does not exist Raise HTTP error (404) if key does not exist
...@@ -83,16 +77,17 @@ def WebSection_setObject(self, id, ob, **kw): ...@@ -83,16 +77,17 @@ def WebSection_setObject(self, id, ob, **kw):
""" """
portal = self.getPortalObject() portal = self.getPortalObject()
data = self.REQUEST.get('BODY') data = self.REQUEST.get('BODY')
schema = self.WebSite_getJSONSchema() try:
structure = json.loads(data) metadata, signature = json.loads(data)
# 0 elementh in structure is json in json metadata = json.loads(metadata)
# 1 elementh is just signature # a few basic checks
structure = [json.loads(structure[0]), structure[1]] b64decode(signature)
if len(a2b_hex(metadata['sha512'])) != 64:
validictory.validate(structure, schema) raise Exception('sha512: invalid length')
except Exception as e:
file_name = structure[0].get('file', None) raise BadRequest(str(e))
expiration_date = structure[0].get('expiration_date', None)
expiration_date = metadata.get('expiration_date')
data_set = portal.portal_catalog.getResultValue(portal_type='Data Set', data_set = portal.portal_catalog.getResultValue(portal_type='Data Set',
reference=id) reference=id)
...@@ -105,7 +100,6 @@ def WebSection_setObject(self, id, ob, **kw): ...@@ -105,7 +100,6 @@ def WebSection_setObject(self, id, ob, **kw):
reference = hashlib.sha512(data).hexdigest() reference = hashlib.sha512(data).hexdigest()
ob.setFilename(file_name)
ob.setFollowUp(data_set.getRelativeUrl()) ob.setFollowUp(data_set.getRelativeUrl())
ob.setContentType('application/json') ob.setContentType('application/json')
ob.setReference(reference) ob.setReference(reference)
...@@ -131,4 +125,3 @@ def WebSection_putFactory(self, name, typ, body): ...@@ -131,4 +125,3 @@ def WebSection_putFactory(self, name, typ, body):
filename=name, filename=name,
discover_metadata=False) discover_metadata=False)
return document return document
...@@ -74,33 +74,6 @@ ...@@ -74,33 +74,6 @@
<key> <string>action</string> </key> <key> <string>action</string> </key>
<value> <string>validate</string> </value> <value> <string>validate</string> </value>
</item> </item>
<item>
<key> <string>actor</string> </key>
<value> <string>ERP5TypeTestCase</string> </value>
</item>
<item>
<key> <string>comment</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>time</string> </key>
<value>
<object>
<klass>
<global name="DateTime" module="DateTime.DateTime"/>
</klass>
<tuple>
<none/>
</tuple>
<state>
<tuple>
<float>1377844502.87</float>
<string>GMT+9</string>
</tuple>
</state>
</object>
</value>
</item>
<item> <item>
<key> <string>validation_state</string> </key> <key> <string>validation_state</string> </key>
<value> <string>validated</string> </value> <value> <string>validated</string> </value>
......
return {
'type': 'array',
'items': [
{'type': 'object',
'properties':{
'file':{
'type': 'string',
'required': True,
},
'urlmd5': {
'type': 'string',
'required': True,
},
'sha512': {
'type': 'string',
'required': True,
},
'creation_date': {
'type': 'string',
'required': False,
},
'expiration_date': {
'type': 'string',
'required': False,
},
'distribution': {
'type': 'string',
'required': False,
},
'architecture': {
'type': 'string',
'required': False,
},
}
},
{'type': 'string',
'blank': True},
]
}
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>WebSite_getJSONSchema</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment