gpg: #106: Check also signature if overwrite.

- Re-organized call to core.store - Added `.asc` mimetype
2016-01-19 04:55:49 -06:00 · 2016-01-19 04:55:49 -06:00 · 64d0f3aef7
commit 64d0f3aef7
parent 2fff9a2c21
2 changed files with 19 additions and 7 deletions
--- a/pypiserver/_app.py
+++ b/pypiserver/_app.py
@ -151,23 +151,34 @@ def update():
    try:
        gpg_signature = request.files['gpg_signature']
    except KeyError:
-        gpg_filename = gpg_save = None
-    else:
-        gpg_filename = gpg_signature.filename
-        gpg_save = gpg_signature.save
+        gpg_signature = None

    if "/" in content.filename:
        raise HTTPError(400, output="bad filename")

-    if not config.overwrite and core.exists(packages.root, content.raw_filename):
+    if gpg_signature is not None and "/" in gpg_signature.filename:
+        raise HTTPError(400, output="bad filename")
+
+    if not config.overwrite and core.exists(packages.root, content.filename):
        log.warn("Cannot upload package(%s) since it already exists! \n" +
                 "  You may use `--overwrite` option when starting server to disable this check. ",
                 content.raw_filename)
        msg = "Package already exists! Start server with `--overwrite` option?"
        raise HTTPError(409, msg)

-    core.store(packages.root, content.filename, content.save,
-               gpg_filename, gpg_save)
+    if not config.overwrite and core.exists(packages.root,
+                                            gpg_signature.filename):
+        log.warn("Cannot upload package(%s) because its signature already "
+                 "exists! \n  You may use the `--overwrite` option when"
+                 "starting the server to disable this check.")
+        raise HTTPError(409, outut="signature file already exists")
+
+    if gpg_signature is None:
+        core.store(packages.root, content.filename, content.save)
+    else:
+        core.store(packages.root, content.filename, content.save,
+                   gpg_signature.filename, gpg_signature.save)
+
    return ""


--- a/pypiserver/core.py
+++ b/pypiserver/core.py
@ -91,6 +91,7 @@ def auth_by_htpasswd_file(htPsswdFile, username, password):

 mimetypes.add_type("application/octet-stream", ".egg")
 mimetypes.add_type("application/octet-stream", ".whl")
+mimetypes.add_type("text/plain", ".asc")


 #### Next 2 functions adapted from :mod:`distribute.pkg_resources`.