• last updated 13 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
download-archive reform

File-Storage used to generate downloaded archives in tgz format, to then switch to zip, more user-friendly, in particular outside the Linux world (See https://openacs.org/forums/message-view?message_id=557561). To ease the transition, a couple of parameters and relative API were introduced that would allow to choose the preferred command one should use. During this reform however, default parameter values in the tcl code became inconsistent with those in the info file. Furthermore, the chosen defaults were set as absolute paths to the executable, which is not friendly to non-linux environments, or other scenarios where the "typical" Linux filesystem structure cannot be assumed (e.g. containers, MacOS...).

The only usage of this parameters/api was in fact in the download-archive vuh. In upstream codebase, no package references this file, not even the file-storage itself. Upon review, one could see that the file would also allow to specify a custom download filename via the path, which could be considered questionable. It would also execute the command in a way that once again assumes some form of Linux environment (e.g. invoking bash).

Save for the ability to customize the archive format and the anti-feature of being able to manipulate the archive filename via the path, the script largely relplicates www/download-zip, in a better shape after a few reforms hinted by e.g. penetration tools.

Given the aformentioned considerations, I have decided to make download-archive a simple redirect to download-zip. Specifying the object_id via the path will keep working, while URLs out there expecting the name to change will not fail, but the name will not be modified. The archive format will from now on be assumed to be zip.

  1. … 4 more files in changeset.
Cleanup of external binaries: always use "util::which" to resolve binaries

  1. … 5 more files in changeset.
Test external command dependency for the package

Complete api coverage for the package

Cover remaining export api

Prevent usage of fs::get_archive_command outside a file-storage connection context, as in this case the parameter value will be uspecified

  1. … 1 more file in changeset.
Increase proc coverage

Declare api as tested

Increase proc coverage

Make use of new API "ad_mktmpdir" and "ad_opentmpfile" instead of "ad_tmpnam"

  1. … 5 more files in changeset.
Deprecate twt::user::create and twt::user::delete, superseded by their acs::test::user:: counterparts

  1. … 11 more files in changeset.
Fix self-inflicted bug: one should indeed be able to specify the same form var multiple time, test the behavior for the future

  1. … 2 more files in changeset.
Reimplement upload automated test using a real multipart request, as newer naviserver will reject handcrafted .tmpfile parameters

Bring test closer to reality

Test the behavior of the file-storage when a malicious user would try to store a pre-existing file on the server as its own

The fix for the file-storage is a simple validation to make sure that the tmpfile exists, however, for the generic case of the file widget, we cannot trust the tmpfile value when this was not generated by the server. This will probably cause regression when one wants to show a "preview" of a form, to be continued.

  1. … 2 more files in changeset.
Whitespace cleanup

acs::test::user::delete: added flag -delete_created_acs_objects and fix regression test for file-storage

  1. … 5 more files in changeset.
Fix typo, increase api coverage

  1. … 1 more file in changeset.
Fix test category, add tested api

Fix typo, write a basic test for the involved api

  1. … 1 more file in changeset.
perform proper cleanup after the test

Avoid rollback in web tests

Avoid rollback in 'fs_add_file_to_folder' test in particular

Rollback after tests

fix error message

improve spelling

  1. … 5 more files in changeset.
whitespace changes

  1. … 2 more files in changeset.
extend regression test, add covered procs to webtest

  1. … 1 more file in changeset.
Remove bogus proc name. Fixes 'naming__proc_naming' test case

extend tests by porting obsolete test fs_add_file_to_folder to new web testing framework