go/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-11-23 22:04:50 +02:00
Code Issues Releases Activity

web: fix content type for folders form

Browse Source 
Fixes #367
This commit is contained in:
Nicola Murino
2021-04-01 19:42:18 +02:00
parent 2f56375121
commit 6eb43baf3d
3 changed files with 51 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
httpd/httpd_test.go
View File

@@ -6189,26 +6189,32 @@ func TestAddWebFoldersMock(t *testing.T) {
form.Set("mapped_path", mappedPath)
form.Set("name", folderName)
form.Set("description", folderDesc)
req, err := http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode()))
b, contentType, err := getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err)
req.Header.Set("Content-Type", contentType)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr := executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "unable to verify form token")
form.Set(csrfFormToken, csrfToken)
req, err = http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode()))
b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err)
req.Header.Set("Content-Type", contentType)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr)
// adding the same folder will fail since the name must be unique
req, err = http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode()))
b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
// invalid form
@@ -6277,18 +6283,22 @@ func TestS3WebFolderMock(t *testing.T) {
form.Set("s3_upload_part_size", strconv.Itoa(S3UploadPartSize))
form.Set("s3_upload_concurrency", "a")
form.Set(csrfFormToken, csrfToken)
req, err := http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode()))
b, contentType, err := getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr := executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
form.Set("s3_upload_concurrency", strconv.Itoa(S3UploadConcurrency))
req, err = http.NewRequest(http.MethodPost, webFolderPath, strings.NewReader(form.Encode()))
b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, webFolderPath, &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr)
@@ -6315,18 +6325,22 @@ func TestS3WebFolderMock(t *testing.T) {
// update
S3UploadConcurrency = 10
form.Set("s3_upload_concurrency", "b")
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode()))
b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
form.Set("s3_upload_concurrency", strconv.Itoa(S3UploadConcurrency))
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode()))
b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr)
@@ -6380,19 +6394,23 @@ func TestUpdateWebFolderMock(t *testing.T) {
form.Set("name", folderName)
form.Set("description", folderDesc)
form.Set(csrfFormToken, "")
req, err := http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode()))
b, contentType, err := getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err := http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr := executeRequest(req)
checkResponseCode(t, http.StatusForbidden, rr)
assert.Contains(t, rr.Body.String(), "unable to verify form token")
form.Set(csrfFormToken, csrfToken)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode()))
b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
checkResponseCode(t, http.StatusSeeOther, rr)
@@ -6407,26 +6425,32 @@ func TestUpdateWebFolderMock(t *testing.T) {
assert.Equal(t, folderDesc, folder.Description)
// parse form error
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName)+"??a=a%B3%A2%G3", strings.NewReader(form.Encode()))
b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName)+"??a=a%B3%A2%G3", &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)
assert.Contains(t, rr.Body.String(), "invalid URL escape")
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName+"1"), strings.NewReader(form.Encode()))
b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName+"1"), &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
checkResponseCode(t, http.StatusNotFound, rr)
form.Set("mapped_path", "arelative/path")
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), strings.NewReader(form.Encode()))
b, contentType, err = getMultipartFormData(form, "", "")
assert.NoError(t, err)
req, err = http.NewRequest(http.MethodPost, path.Join(webFolderPath, folderName), &b)
assert.NoError(t, err)
setJWTCookieForReq(req, webToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Content-Type", contentType)
rr = executeRequest(req)
checkResponseCode(t, http.StatusOK, rr)

4
httpd/web.go
View File

@@ -1478,7 +1478,7 @@ func handleWebAddFolderGet(w http.ResponseWriter, r *http.Request) {
func handleWebAddFolderPost(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
folder := vfs.BaseVirtualFolder{}
err := r.ParseForm()
err := r.ParseMultipartForm(maxRequestSize)
if err != nil {
renderFolderPage(w, r, folder, folderPageModeAdd, err.Error())
return
@@ -1529,7 +1529,7 @@ func handleWebUpdateFolderPost(w http.ResponseWriter, r *http.Request) {
return
}
err = r.ParseForm()
err = r.ParseMultipartForm(maxRequestSize)
if err != nil {
renderFolderPage(w, r, folder, folderPageModeUpdate, err.Error())
return

2
templates/folder.html
View File

@@ -27,7 +27,7 @@
</div>
</div>
{{end}}
<form id="folder_form" action="{{.CurrentURL}}" method="POST" autocomplete="off" {{if eq .Mode 3}}target="_blank"{{end}}>
<form id="folder_form" enctype="multipart/form-data" action="{{.CurrentURL}}" method="POST" autocomplete="off" {{if eq .Mode 3}}target="_blank"{{end}}>
{{if eq .Mode 3}}
<div class="form-group row">
<label for="idFolders" class="col-sm-2 col-form-label">Folders</label>