[CalendarServer-changes] [15552] CalendarServer/trunk

source_changes at macosforge.org source_changes at macosforge.org
Mon Apr 25 15:07:02 PDT 2016 

Revision: 15552
          http://trac.calendarserver.org//changeset/15552
Author:   cdaboo at apple.com
Date:     2016-04-25 15:07:02 -0700 (Mon, 25 Apr 2016)
Log Message:
-----------
Make sure ATTACH managed parameters cannot be inadvertently removed by a client

Modified Paths:
--------------
    CalendarServer/trunk/requirements-dev.txt
    CalendarServer/trunk/txdav/caldav/datastore/sql.py
    CalendarServer/trunk/txdav/caldav/datastore/test/test_attachments.py

Modified: CalendarServer/trunk/requirements-dev.txt
===================================================================
--- CalendarServer/trunk/requirements-dev.txt	2016-04-25 22:05:51 UTC (rev 15551)
+++ CalendarServer/trunk/requirements-dev.txt	2016-04-25 22:07:02 UTC (rev 15552)
@@ -5,4 +5,4 @@
 q
 tl.eggdeps
 --editable svn+http://svn.calendarserver.org/repository/calendarserver/CalDAVClientLibrary/trunk@15425#egg=CalDAVClientLibrary
---editable svn+http://svn.calendarserver.org/repository/calendarserver/CalDAVTester/trunk@15549#egg=CalDAVTester
+--editable svn+http://svn.calendarserver.org/repository/calendarserver/CalDAVTester/trunk@15551#egg=CalDAVTester

Modified: CalendarServer/trunk/txdav/caldav/datastore/sql.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/sql.py	2016-04-25 22:05:51 UTC (rev 15551)
+++ CalendarServer/trunk/txdav/caldav/datastore/sql.py	2016-04-25 22:07:02 UTC (rev 15552)
@@ -4686,6 +4686,23 @@
         # Determine what was removed
         removed = set(oldattached_keys) - set(newattached_keys)
 
+        # Make sure that clients don't accidently remove the parameters we care about
+        if not inserting:
+            for managed_id in list(removed):
+                oldattachment = oldattached[managed_id][0]
+                oldattachment_value = oldattachment.value()
+                found_match = False
+                for newattachment in newattachments:
+                    if newattachment.value() == oldattachment_value:
+                        newattachment.setParameter("MANAGED-ID", oldattachment.parameterValue("MANAGED-ID"))
+                        newattachment.setParameter("FMTTYPE", oldattachment.parameterValue("FMTTYPE"))
+                        newattachment.setParameter("FILENAME", oldattachment.parameterValue("FILENAME"))
+                        newattachment.setParameter("SIZE", oldattachment.parameterValue("SIZE"))
+                        found_match = True
+                if found_match:
+                    removed.remove(managed_id)
+
+
         # Determine what was added
         added = set(newattached_keys) - set(oldattached_keys)
         changed = {}

Modified: CalendarServer/trunk/txdav/caldav/datastore/test/test_attachments.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/test/test_attachments.py	2016-04-25 22:05:51 UTC (rev 15551)
+++ CalendarServer/trunk/txdav/caldav/datastore/test/test_attachments.py	2016-04-25 22:07:02 UTC (rev 15552)
@@ -1440,7 +1440,62 @@
         self.assertEqual(quota, 0)
 
 
+    @inlineCallbacks
+    def test_resourceCheckAttachments_clientRemovesParameters(self):
+        """
+        L{ICalendarObject.resourceCheckAttachments} will properly handle clients stripping parameters.
+        """
 
+        # Create attachment
+        obj = yield self.calendarObjectUnderTest()
+        yield obj.addAttachment(None, MimeType("text", "x-fixture"), "new.attachment", MemoryStream("new attachment text"))
+        yield self.commit()
+
+        # Verify parameters exist
+        obj = yield self.calendarObjectUnderTest()
+        component = yield obj.componentForUser()
+        attachments = component.getAllPropertiesInAnyComponent("ATTACH", depth=1,)
+        self.assertEqual(len(attachments), 1)
+        attach = attachments[0]
+        managed_id = attach.parameterValue("MANAGED-ID")
+        fmttype = attach.parameterValue("FMTTYPE")
+        filename = attach.parameterValue("FILENAME")
+        size = attach.parameterValue("SIZE")
+
+        self.assertEqual(fmttype, "text/x-fixture")
+        self.assertEqual(filename, "new.attachment")
+        self.assertEqual(int(size), 19)
+
+        # Remove parameters and write it back
+        attach.removeParameter("MANAGED-ID")
+        attach.removeParameter("FMTTYPE")
+        attach.removeParameter("FILENAME")
+        attach.removeParameter("SIZE")
+        yield obj.setComponent(component.duplicate())
+        yield self.commit()
+
+        # Verify parameters recovered
+        obj = yield self.calendarObjectUnderTest()
+        component = yield obj.componentForUser()
+        attachments = component.getAllPropertiesInAnyComponent("ATTACH", depth=1,)
+        self.assertEqual(len(attachments), 1)
+        attach = attachments[0]
+        managed_id2 = attach.parameterValue("MANAGED-ID")
+        fmttype2 = attach.parameterValue("FMTTYPE")
+        filename2 = attach.parameterValue("FILENAME")
+        size2 = attach.parameterValue("SIZE")
+
+        self.assertEqual(managed_id2, managed_id)
+        self.assertEqual(fmttype2, "text/x-fixture")
+        self.assertEqual(filename2, "new.attachment")
+        self.assertEqual(int(size2), 19)
+
+        attachment = yield obj.attachmentWithManagedID(managed_id2)
+        data = yield self.attachmentToString(attachment)
+        self.assertEquals(data, "new attachment text")
+
+
+
 now = DateTime.getToday().getYear()
 
 PLAIN_ICS = """BEGIN:VCALENDAR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160425/251778a5/attachment-0001.html>

More information about the calendarserver-changes mailing list