Added date verification on signed file to download

Author: sgeulette

src/imio/esign/browser/views.py

@@ -1,4 +1,6 @@
 # -*- coding: utf-8 -*-
+from datetime import datetime
+from datetime import timedelta
 from imio.esign import _
 from imio.esign import ESIGN_CREDENTIALS
 from imio.esign import ESIGN_ROOT_URL
@@ -232,6 +234,7 @@ class DownloadFileView(BrowserView):
 
     shortuid_separator = "-"
     named_blob_file_attribute = "file"
+    download_time_delta = timedelta(days=120)
 
     def __init__(self, context, request):
         super(DownloadFileView, self).__init__(context, request)
@@ -250,7 +253,7 @@ def publishTraverse(self, request, name):
         return self
 
     def __call__(self):
-        """Handle the file download request and return an html response."""
+        """Handle the file download request and return a html response."""
         if self.file_id is None:
             message = translate(_("A file identifier must be passed in the url !"), context=self.request)
             return self.html_message(message)
@@ -264,7 +267,20 @@ def __call__(self):
                                   mapping={"uid": safe_encode(self.file_id)}),
                                 context=self.request)
             return self.html_message(message)
-        # TODO Added a date verification
+        # Verify date - check if file is not too old
+        if self.download_time_delta is not None:
+            modification_date = file_obj.modified()
+            if hasattr(modification_date, 'asdatetime'):
+                modification_date = modification_date.asdatetime()
+            modification_date = modification_date.date()
+            if datetime.now().date() - modification_date > self.download_time_delta:
+                message = translate(
+                    _("The download period for this file has expired (was ${valid_date}) !",
+                      mapping={"valid_date": datetime.strftime(modification_date + self.download_time_delta,
+                                                               "%Y-%m-%d")}),
+                    context=self.request)
+                return self.html_message(message)
+        # Get file content
         nbf = getattr(file_obj, self.named_blob_file_attribute, None)
         if nbf is None:
             message = translate(_("The corresponding file content cannot be retrieved (${uid}) !",

src/imio/esign/tests/test_browser_views.py

@@ -1,5 +1,7 @@
 # -*- coding: utf-8 -*-
 """Browser views tests for this package."""
+from datetime import datetime
+from datetime import timedelta
 from imio.esign.browser.views import DownloadFileView
 from imio.esign.testing import IMIO_ESIGN_FUNCTIONAL_TESTING
 from imio.pyutils.utils import shortuid_encode_id
@@ -13,6 +15,7 @@
 
 import collective.iconifiedcategory
 import os
+import time
 import transaction
 import unittest
 
@@ -119,8 +122,20 @@ def test_download_file_view(self):
         result = view()
         self.assertIn("The corresponding file content cannot be retrieved", result)
 
+        # valid id but file too old
+        view.file_id = self.encoded_uid
+        view.download_time_delta = timedelta(days=1)
+        self.test_annex.setModificationDate(datetime.now() - timedelta(days=3))
+        result = view()
+        self.assertIn("The download period for this file has expired", result)
+        view.download_time_delta = None  # Disable date verification
+        result = view()
+        self.assertNotIn("The download period for this file has expired", result)
+        self.assertIsInstance(result, str)
+
         # Download file with valid UID
         view.file_id = self.encoded_uid
+        view.download_time_delta = timedelta(days=7)
         result = view()
         # Check that we got binary data (the file content)
         self.assertIsInstance(result, str)  # In Python 2, binary data is str