fix(mime): allow file extension checking if all fails

alexandria/core/factories.py

@@ -136,7 +136,7 @@ class FileFactory(BaseFactory):
 
     name = factory.Maybe(
         factory.LazyAttribute(lambda o: o.variant == models.File.Variant.ORIGINAL),
-        yes_declaration=Faker("name"),
+        yes_declaration=Faker("file_name", extension="png"),
         no_declaration=factory.LazyAttribute(
             lambda o: f"{o.original.name}_preview.jpg"
         ),

alexandria/core/serializers.py

@@ -1,8 +1,8 @@
 import json
 import logging
 
-from django.db.transaction import atomic
 from django.conf import settings
+from django.db.transaction import atomic
 from django.template.defaultfilters import slugify
 from django.utils import translation
 from generic_permissions.validation import ValidatorMixin

alexandria/core/tests/test_validation.py

@@ -7,7 +7,7 @@
 from alexandria.core.models import Document
 
 
-def test_validation(db, reset_config_classes, document, file, admin_client):
+def test_custom_validation(db, reset_config_classes, document, file, admin_client):
     call_counter = Counter()
 
     class TestValidator:

alexandria/core/tests/test_visibility.py

@@ -80,10 +80,10 @@ def test_own_and_admin_visibility(
         client.force_authenticate(OIDCUser(token="foo", claims={"sub": user.username}))
         expected_count = 1
 
-    file_factory(
-        created_by_user=requesting_user, document__created_by_user=requesting_user
-    )
-    file_factory(created_by_user="admin", document__created_by_user="admin")
+    document_same = document_factory(created_by_user=requesting_user)
+    document_admin = document_factory(created_by_user="admin")
+    file_factory(created_by_user=requesting_user, document=document_same)
+    file_factory(created_by_user="admin", document=document_admin)
 
     resp = client.get(reverse("document-list"))
     assert len(resp.json()["data"]) == expected_count

alexandria/core/validations.py

@@ -1,5 +1,6 @@
 from mimetypes import guess_type
 
+import magic
 from django.utils.translation import gettext_lazy as _
 from django_clamd.validators import validate_file_infection
 from generic_permissions.validation import validator_for
@@ -40,6 +41,10 @@ def validate_file(self, data, context):
             guess, encoding = guess_type(data["name"])
             if guess is not None:
                 mime_type = guess
+            else:
+                data["content"].seek(0)
+                mime_type = magic.from_buffer(data["content"].read(), mime=True)
+                data["content"].seek(0)
 
         validate_mime_type(mime_type, data["document"].category)
         data["mime_type"] = mime_type

initial_data.json

@@ -12,7 +12,7 @@
       "metainfo": {},
       "name": "{\"en\": \"All involved\"}",
       "description": "{\"en\": \"\"}",
-      "allowed_mime_types": "[\"application/pdf\"]",
+      "allowed_mime_types": "[\"application/pdf\", \"image/jpeg\", \"image/png\", \"image/gif\", \"application/msword\", \"application/vnd.openxmlformats-officedocument.wordprocessingml.document\", \"application/vnd.ms-excel\", \"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\", \"application/vnd.ms-powerpoint\", \"application/vnd.openxmlformats-officedocument.presentationml.presentation\", \"application/vnd.ms-outlook\", \"msg\"]",
       "color": "#CB68C1",
       "parent": null
     }

pyproject.toml

@@ -37,6 +37,7 @@ django-storages = { extras = ['s3'], version = "^1.14.2" }
 boto3 = "^1.29.7"
 tqdm = "^4.66.1"
 manabi = "^1.3.3"
+python-magic = "^0.4.27"
 
 [tool.poetry.group.dev.dependencies]
 black = "24.3.0"