From 58cbbb9c7d68ecfb8d734a57fc78264343face5c Mon Sep 17 00:00:00 2001
From: Harsha Kethineni <harshakethineni@flywheel.io>
Date: Fri, 9 Feb 2018 10:54:56 -0600
Subject: [PATCH] Test upload filenames with fwd slash;

Don't sanitize / in packfile upload
---
 api/util.py                                   |  2 +-
 .../integration_tests/python/test_uploads.py  | 35 ++++++++++++++++++-
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/api/util.py b/api/util.py
index 8ca296bf5..1236ef332 100644
--- a/api/util.py
+++ b/api/util.py
@@ -171,7 +171,7 @@ def sanitize_string_to_filename(value):
     http://stackoverflow.com/a/7406369
     """
 
-    keepcharacters = (' ', '.', '_', '-')
+    keepcharacters = (' ', '.', '_', '-', '/')
     return "".join([c for c in value if c.isalnum() or c in keepcharacters]).rstrip()
 
 def obj_from_map(_map):
diff --git a/tests/integration_tests/python/test_uploads.py b/tests/integration_tests/python/test_uploads.py
index e17a9dbfb..eb5c178e0 100644
--- a/tests/integration_tests/python/test_uploads.py
+++ b/tests/integration_tests/python/test_uploads.py
@@ -1,9 +1,12 @@
 import copy
+import cStringIO
 import datetime
 import json
 
 import dateutil.parser
+import os
 import pytest
+import tarfile
 
 
 # TODO switch to upload_file_form in all uid(-match)/label/reaper upload tests
@@ -1069,7 +1072,7 @@ def test_packfile_upload(data_builder, file_form, as_admin, as_root, api_db):
 
     # upload to packfile
     r = as_admin.post('/projects/' + project + '/packfile',
-        params={'token': token}, files=file_form('one.csv'))
+        params={'token': token}, files=file_form('a/one.csv'))
     assert r.ok
 
     metadata_json = json.dumps({
@@ -1131,6 +1134,36 @@ def test_packfile_upload(data_builder, file_form, as_admin, as_root, api_db):
     acquisition = api_db.acquisitions.find_one({'label':'test-packfile-timestamp', 'timestamp':{'$type':'date'}})
     assert acquisition.get('label') == 'test-packfile-timestamp'
 
+    # Download packfile to unzip and check that file has forward slash
+
+    r = as_admin.post('/download', json={
+        'optional': False,
+        'nodes': [
+            {'level': 'acquisition', '_id': str(acquisition.get('_id'))},
+        ]
+    })
+    assert r.ok
+    ticket = r.json()['ticket']
+
+    # Perform the download
+    r = as_admin.get('/download', params={'ticket': ticket})
+    assert r.ok
+
+    tar_file = cStringIO.StringIO(r.content)
+    tar = tarfile.open(mode="r", fileobj=tar_file)
+
+    # Verify a single file in tar with correct file name
+    for tarinfo in tar:
+
+        tar_packfile = cStringIO.StringIO(r.content)
+        tar_pack = tarfile.open(mode="r", fileobj=tar_file)
+
+        for pack_info in tar_pack:
+            assert os.path.basename(tarinfo.name) == 'a/one.csv'
+        tar_pack.close()
+
+    tar.close()
+
 
     # Test that acquisition timestamp is used to differenciate acquisitions and session code for sessions