mirror of
				https://github.com/paperless-ngx/paperless-ngx.git
				synced 2025-10-24 15:29:06 -04:00 
			
		
		
		
	Fix some tests from b1c406680f345f4aeec0989424dbcc839c75e438
This commit is contained in:
		
							parent
							
								
									b6dbbec019
								
							
						
					
					
						commit
						0ccc2da9bb
					
				| @ -80,7 +80,7 @@ describe('StoragePathListComponent', () => { | ||||
|       path: 'a'.repeat(100), | ||||
|     } | ||||
|     expect(component.extraColumns[0].valueFn(path)).toEqual( | ||||
|       `<code>${'a'.repeat(49)}...</code>` | ||||
|       `${'a'.repeat(49)}...` | ||||
|     ) | ||||
|   }) | ||||
| }) | ||||
|  | ||||
| @ -2,6 +2,7 @@ import json | ||||
| from pathlib import Path | ||||
| 
 | ||||
| from django.contrib.auth.models import User | ||||
| from django.core.files.uploadedfile import SimpleUploadedFile | ||||
| from rest_framework import status | ||||
| from rest_framework.test import APITestCase | ||||
| 
 | ||||
| @ -154,13 +155,18 @@ class TestApiAppConfig(DirectoriesMixin, APITestCase): | ||||
|         response = self.client.get("/logo/") | ||||
|         self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) | ||||
| 
 | ||||
|         with (Path(__file__).parent / "samples" / "simple.jpg").open("rb") as f: | ||||
|             self.client.patch( | ||||
|                 f"{self.ENDPOINT}1/", | ||||
|                 { | ||||
|                     "app_logo": f, | ||||
|                 }, | ||||
|             ) | ||||
|         self.client.patch( | ||||
|             f"{self.ENDPOINT}1/", | ||||
|             { | ||||
|                 "app_logo": SimpleUploadedFile( | ||||
|                     name="simple.jpg", | ||||
|                     content=( | ||||
|                         Path(__file__).parent / "samples" / "simple.jpg" | ||||
|                     ).read_bytes(), | ||||
|                     content_type="image/jpeg", | ||||
|                 ), | ||||
|             }, | ||||
|         ) | ||||
| 
 | ||||
|         # Logo exists at /logo/simple.jpg | ||||
|         response = self.client.get("/logo/simple.jpg") | ||||
| @ -170,13 +176,18 @@ class TestApiAppConfig(DirectoriesMixin, APITestCase): | ||||
|         config = ApplicationConfiguration.objects.first() | ||||
|         old_logo = config.app_logo | ||||
|         self.assertTrue(Path(old_logo.path).exists()) | ||||
|         with (Path(__file__).parent / "samples" / "simple.png").open("rb") as f: | ||||
|             self.client.patch( | ||||
|                 f"{self.ENDPOINT}1/", | ||||
|                 { | ||||
|                     "app_logo": f, | ||||
|                 }, | ||||
|             ) | ||||
|         self.client.patch( | ||||
|             f"{self.ENDPOINT}1/", | ||||
|             { | ||||
|                 "app_logo": SimpleUploadedFile( | ||||
|                     name="simple.png", | ||||
|                     content=( | ||||
|                         Path(__file__).parent / "samples" / "simple.png" | ||||
|                     ).read_bytes(), | ||||
|                     content_type="image/png", | ||||
|                 ), | ||||
|             }, | ||||
|         ) | ||||
|         self.assertFalse(Path(old_logo.path).exists()) | ||||
| 
 | ||||
|     def test_api_rejects_malicious_svg_logo(self): | ||||
|  | ||||
| @ -2951,17 +2951,14 @@ class TrashView(ListModelMixin, PassUserMixin): | ||||
|         return Response({"result": "OK", "doc_ids": doc_ids}) | ||||
| 
 | ||||
| 
 | ||||
| def serve_logo(request, filename): | ||||
| def serve_logo(request, filename=None): | ||||
|     """ | ||||
|     Serves the configured logo file with Content-Disposition: attachment. | ||||
|     Prevents inline execution of SVGs. See GHSA-6p53-hqqw-8j62 | ||||
|     """ | ||||
|     logger.warning("Serving app logo...") | ||||
|     config = ApplicationConfiguration.objects.first() | ||||
|     app_logo = config.app_logo | ||||
| 
 | ||||
|     logger.warning(f"Serving logo: {app_logo}") | ||||
| 
 | ||||
|     if not app_logo: | ||||
|         raise Http404("No logo configured") | ||||
| 
 | ||||
| @ -2972,4 +2969,5 @@ def serve_logo(request, filename): | ||||
|         app_logo.open("rb"), | ||||
|         content_type=content_type, | ||||
|         filename=app_logo.name, | ||||
|     ).as_attachment() | ||||
|         as_attachment=True, | ||||
|     ) | ||||
|  | ||||
| @ -265,7 +265,7 @@ urlpatterns = [ | ||||
|         # TODO: with localization, this is even worse! :/ | ||||
|     ), | ||||
|     # App logo | ||||
|     path("logo/<path:filename>", serve_logo, name="app_logo"), | ||||
|     re_path(r"^logo(?:/(?P<filename>.+))?/?$", serve_logo, name="app_logo"), | ||||
|     # allauth | ||||
|     path( | ||||
|         "accounts/", | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user