Skip to content

Commit

Permalink
Merge pull request #5744 from nyaruka/prevent_importing_flows_too_new
Browse files Browse the repository at this point in the history
Prevent importing of flows with a spec version that is ahead of the engine
  • Loading branch information
rowanseymour authored Dec 12, 2024
2 parents 7f9b7ad + 1f5823a commit c175ad9
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 65 deletions.
58 changes: 0 additions & 58 deletions media/test_flows/too_old.json

This file was deleted.

22 changes: 15 additions & 7 deletions temba/orgs/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -1227,19 +1227,27 @@ def test_import_voice_flows_expiration_time(self):
self.assertEqual(voice_flow.expires_after_minutes, 5)

def test_import(self):
self.login(self.admin)
create_url = reverse("orgs.orgimport_create")

OrgImport.objects.all().delete()
self.login(self.admin)

post_data = dict(file=open("%s/test_flows/too_old.json" % settings.MEDIA_ROOT, "rb"))
response = self.client.post(reverse("orgs.orgimport_create"), post_data)
# try to import a file with a version that's too old
response = self.client.post(create_url, {"file": io.BytesIO(b'{"version":"2","flows":[]}')})
self.assertFormError(
response.context["form"], "file", "This file is no longer valid. Please export a new version and try again."
)

# try to import a file with a flow with a version that's too new
response = self.client.post(
create_url, {"file": io.BytesIO(b'{"version":"13","flows":[{"spec_version": "1324.3.0"}]}')}
)
self.assertFormError(
response.context["form"], "file", "This file contains flows with a version that is too new."
)

# try a file which can be migrated forwards
response = self.client.post(
reverse("orgs.orgimport_create"),
create_url,
{"file": open("%s/test_flows/favorites_v4.json" % settings.MEDIA_ROOT, "rb")},
)
self.assertEqual(302, response.status_code)
Expand All @@ -1260,12 +1268,12 @@ def test_import(self):
# test import using data that is not parsable
junk_binary_data = io.BytesIO(b"\x00!\x00b\xee\x9dh^\x01\x00\x00\x04\x00\x02[Content_Types].xml \xa2\x04\x02(")
post_data = dict(file=junk_binary_data)
response = self.client.post(reverse("orgs.orgimport_create"), post_data)
response = self.client.post(create_url, post_data)
self.assertFormError(response.context["form"], "file", "This file is not a valid flow definition file.")

junk_json_data = io.BytesIO(b'{"key": "data')
post_data = dict(file=junk_json_data)
response = self.client.post(reverse("orgs.orgimport_create"), post_data)
response = self.client.post(create_url, post_data)
self.assertFormError(response.context["form"], "file", "This file is not a valid flow definition file.")

def test_import_errors(self):
Expand Down
5 changes: 5 additions & 0 deletions temba/orgs/views/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -2340,6 +2340,11 @@ def clean_file(self):
if Version(str(json_data.get("version", 0))) < Version(Org.EARLIEST_IMPORT_VERSION):
raise ValidationError(_("This file is no longer valid. Please export a new version and try again."))

for flow in json_data.get("flows", []):
spec = flow.get("spec_version")
if spec and Version(spec) > Version(Flow.CURRENT_SPEC_VERSION):
raise ValidationError(_("This file contains flows with a version that is too new."))

return self.cleaned_data["file"]

class Meta:
Expand Down

0 comments on commit c175ad9

Please sign in to comment.