[#4658] Added extra mimetypes to the validator

* Added extra (legacy) mime types for ZIP files on Windows to the validator check * Added data migration to update existing file components * Added merge migration, since this is being forward-ported from stable/2.6.x Forwardport-of: #4690
open-formulieren · Sep 20, 2024 · 180ab23 · 180ab23
1 parent 92b0160
commit 180ab23
Show file tree

Hide file tree

Showing 10 changed files with 177 additions and 2 deletions.
diff --git a/src/openforms/config/constants.py b/src/openforms/config/constants.py
@@ -85,7 +85,10 @@ class UploadFileType(models.TextChoices):
         "application/vnd.oasis.opendocument.*,application/vnd.stardivision.*,application/vnd.sun.xml.*",
         _("Open Office"),
     )
-    zip = "application/zip", _(".zip")
+    zip = (
+        "application/zip,application/zip-compressed,application/x-zip-compressed",
+        _(".zip"),
+    )
     rar = "application/vnd.rar", _(".rar")
     tar = "application/x-tar", _(".tar")
     msg = "application/vnd.ms-outlook", _(".msg")

diff --git a/...nforms/config/migrations/0059_alter_globalconfiguration_form_upload_default_file_types.py b/...nforms/config/migrations/0059_alter_globalconfiguration_form_upload_default_file_types.py
@@ -0,0 +1,63 @@
+# Generated by Django 4.2.11 on 2024-09-20 09:03
+
+from django.db import migrations, models
+
+import django_jsonform.models.fields
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("config", "0001_initial_to_v250"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="globalconfiguration",
+            name="form_upload_default_file_types",
+            field=django_jsonform.models.fields.ArrayField(
+                base_field=models.CharField(
+                    choices=[
+                        ("*", "any filetype"),
+                        ("image/heic", ".heic"),
+                        ("image/png", ".png"),
+                        ("image/jpeg", ".jpg"),
+                        ("application/pdf", ".pdf"),
+                        ("application/vnd.ms-excel", ".xls"),
+                        (
+                            "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+                            ".xlsx",
+                        ),
+                        ("text/csv", ".csv"),
+                        ("text/plain", ".txt"),
+                        ("application/msword", ".doc"),
+                        (
+                            "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+                            ".docx",
+                        ),
+                        (
+                            "application/vnd.oasis.opendocument.*,application/vnd.stardivision.*,application/vnd.sun.xml.*",
+                            "Open Office",
+                        ),
+                        (
+                            "application/zip,application/zip-compressed,application/x-zip-compressed",
+                            ".zip",
+                        ),
+                        ("application/vnd.rar", ".rar"),
+                        ("application/x-tar", ".tar"),
+                        ("application/vnd.ms-outlook", ".msg"),
+                        (
+                            "application/acad.dwg,application/autocad_dwg.dwg,application/dwg.dwg,application/x-acad.dwg,application/x-autocad.dwg,application/x-dwg.dwg,drawing/dwg.dwg,image/vnd.dwg,image/x-dwg.dwg",
+                            ".dwg",
+                        ),
+                    ],
+                    max_length=256,
+                ),
+                blank=True,
+                default=list,
+                help_text="Provide a list of default allowed file upload types. If empty, all extensions are allowed.",
+                size=None,
+                verbose_name="Default allowed file upload types",
+            ),
+        ),
+    ]
diff --git a/src/openforms/config/migrations/0060_merge_20240920_1816.py b/src/openforms/config/migrations/0060_merge_20240920_1816.py
@@ -0,0 +1,13 @@
+# Generated by Django 4.2.16 on 2024-09-20 16:16
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("config", "0056_disable_prefill_objects_api_plugin"),
+        ("config", "0059_alter_globalconfiguration_form_upload_default_file_types"),
+    ]
+
+    operations = []
diff --git a/src/openforms/formio/api/validators.py b/src/openforms/formio/api/validators.py
@@ -101,6 +101,16 @@ def __call__(self, value: UploadedFile) -> None:
             "image/heif",
         ):
             return
+
+        # gh #4658
+        # Windows use application/x-zip-compressed as a mimetype for .zip files, which
+        # is deprecated but still we need to support it. Instead, the common case for
+        # zip files is application/zip or application/zip-compressed mimetype.
+        elif mime_type == "application/zip" and value.content_type in (
+            "application/zip-compressed",
+            "application/x-zip-compressed",
+        ):
+            return
         elif mime_type != value.content_type:
             raise serializers.ValidationError(
                 _("The provided file is not a {file_type}.").format(

diff --git a/src/openforms/formio/migration_converters.py b/src/openforms/formio/migration_converters.py
@@ -127,6 +127,33 @@ def fix_file_default_value(component: Component) -> bool:
             return False
 
 
+def ensure_extra_zip_mimetypes_exist_in_file_type(component: Component) -> bool:
+    component = cast(FileComponent, component)
+    if not (file_type := glom(component, "file.type", default=None)) or not (
+        file_pattern := component.get("filePattern", None)
+    ):
+        return False
+
+    file_pattern_list = file_pattern.split(",")
+    needed_mime_types = ("application/x-zip-compressed", "application/zip-compressed")
+
+    def add_if_missing(current_list: list[str]):
+        for item in needed_mime_types:
+            if item not in current_list:
+                current_list.append(item)
+
+    if not ("application/zip" in file_type or "application/zip" in file_pattern_list):
+        return False
+
+    # file type
+    add_if_missing(file_type)
+    assign(component, "file.type", file_type)
+    # file pattern
+    add_if_missing(file_pattern_list)
+    component["filePattern"] = ",".join(file_pattern_list)
+    return True
+
+
 def ensure_licensplate_validate_pattern(component: Component) -> bool:
     # assume that it's the correct pattern if it's set
     if "validate" in component and "pattern" in component["validate"]:
@@ -283,6 +310,7 @@ def rename_identifier_role_authorizee(component: Component) -> bool:
     },
     "file": {
         "fix_default_value": fix_file_default_value,
+        "ensure_extra_zip_mimetypes_exist_in_file_type": ensure_extra_zip_mimetypes_exist_in_file_type,
     },
     "textarea": {
         "fix_empty_validate_lengths": fix_empty_validate_lengths,

diff --git a/src/openforms/formio/tests/files/test-zip.zip b/src/openforms/formio/tests/files/test-zip.zip
diff --git a/src/openforms/formio/tests/test_validators.py b/src/openforms/formio/tests/test_validators.py
@@ -166,14 +166,28 @@ def test_heic_brand_heif_files_are_recognized_as_heic(self):
 
     def test_heic_brand_heif_files_are_not_recognized_as_png(self):
         # lib magic has a hard time recognizing the HEVC is used and a heif container actutally is heic
-        validator = validators.MimeTypeValidator({"image/png"})  # accept any
+        validator = validators.MimeTypeValidator({"image/png"})
         sample_2 = SimpleUploadedFile(
             "sample2.heic", b"\x00\x00\x00\x18ftypheic", content_type="image/heif"
         )
 
         with self.assertRaises(ValidationError):
             validator(sample_2)
 
+    def test_multiple_valid_mimetypes_in_zip_files_are_transformed(self):
+        valid_types = ("application/x-zip-compressed", "application/zip-compressed")
+        legacy_zip_file = TEST_FILES / "test-zip.zip"
+        validator = validators.MimeTypeValidator()
+
+        for valid_type in valid_types:
+            sample = SimpleUploadedFile(
+                "test-zip.zip",
+                legacy_zip_file.read_bytes(),
+                content_type=valid_type,
+            )
+
+            validator(sample)
+
     def test_validate_files_multiple_mime_types(self):
         """Assert that validation of files associated with multiple mime types works
 

diff --git a/src/openforms/forms/migrations/0097_extra_mimetypes_in_file_type.py b/src/openforms/forms/migrations/0097_extra_mimetypes_in_file_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 4.2.11 on 2024-09-20 09:02
+
+from django.db import migrations
+
+from ..migration_operations import ConvertComponentsOperation
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("forms", "0092_v250_to_v267"),
+    ]
+
+    operations = [
+        ConvertComponentsOperation(
+            "file", "ensure_extra_zip_mimetypes_exist_in_file_type"
+        ),
+    ]
diff --git a/src/openforms/forms/migrations/0098_merge_20240920_1808.py b/src/openforms/forms/migrations/0098_merge_20240920_1808.py
@@ -0,0 +1,13 @@
+# Generated by Django 4.2.15 on 2024-09-20 16:08
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("forms", "0097_extra_mimetypes_in_file_type"),
+        ("forms", "0097_v267_to_v270"),
+    ]
+
+    operations = []
diff --git a/src/openforms/forms/migrations/0100_merge_20240920_1816.py b/src/openforms/forms/migrations/0100_merge_20240920_1816.py
@@ -0,0 +1,13 @@
+# Generated by Django 4.2.16 on 2024-09-20 16:16
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("forms", "0098_merge_20240920_1808"),
+        ("forms", "0099_form_show_summary_progress"),
+    ]
+
+    operations = []