utils | Shared build infrastructure for Prometheus projects | Continuous Deployment library

I'm thinking the suspect is an unsuccessful migration. Let's undo it and try again

I'm not familiar with MirageJS so I might be off, but can you use globalScript (https://stenciljs.com/docs/config) and then run your Mirage server there?

a) Even if obviously it could be better, is this solution is acceptable or not at all ?

I think it has some problems you want to address, but the general idea of using the filesystem and storing just filenames can be acceptable, depending on how many users you need to serve and what guarantees regarding data consistency and concurrent accesses you want to make.

I would consider the uploaded file temporary data that may be lost on system failure. If you want to provide any guarantees of not losing the data, you want to store it in a database instead of on the filesystem.

b) I pass 'uploaded_file' from one view to another using "request.session" is it a good practice? Is there another way to do it without using GET variables?

There are up- and downsides to using request.session.

• attackers can not change the filename and thus retrieve data of other users. This is also the reason why you should not use a GET parameter here: If you used one, attackers could simpy change that parameter and get access to files of other users.
• users can upload a file, go and do other stuff, and later come back to actually import the file, however:
• if users end their session, you lose the filename. Also, users can not upload the file on one device, change to another device, and then go on with the import, since the other device will have a different session.

The last point correlates with the leftover files problem: If you lose your information about which files are still needed, it makes cleaning up harder (although, in theory, you can retrieve which files are still needed from the session store).

If it is a problem that sessions might end or change because users clear their cookies or change devices, you could consider adding the filename to the UserProfile in the database. This way, it is not bound to sessions.

c) At first my wish was to avoid to save the csv-file. But I could not figure out how to do it? Reading all the file to request.session seems not a good idea for me. Is there some possibility to upload the file into memory in Django?

You want to store state. The go-to ways of storing state are the database or a session store. You could load the whole CSVFile and put it into the database as text. Whether this is acceptable depends on your databases ability to handle large, unstructured data. Traditional databases were not originally built for that, however, most of them can handle small binary files pretty well nowadays. A database could give you advantages like ACID guarantees where concurrent writes to the same file on the file system will likely break the file. See this discussion on the dba stackexchange

Your database likely has documentation on the topic, e.g. there is this page about binary data in postgres.

d) If I have to use the tmp-file. How should I handle the situation if user abandon upload at the middle (for example, he sees the confirmation page, but does not click "yes" and decide to re-write his file). How to remove the tmp-file?

Some ideas:

• Limit the count of uploaded files per user to one by design. Currently, your filename is based on a timestamp. This breaks if two users simultaneously decide to upload a file: They will both get the same timestamp, and the file on disk may be corrupted. If you instead use the user's primary key, this guarantees that you have at most one file per user. If they later upload another file, their old file will be overwritten. If your user count is small enough that you can store one leftover file per user, you don't need additional cleaning. However, if the same user simultaneusly uploads two files, this still breaks.
• Use a unique identifier, like a UUID, and delete the old stored file whenever the user uploads a new file. This requires you to still have the old filename, so session storage can not be used with this. You will still always have the last file of the user in the filesystem.
• Use a unique identifier for the filename and set some arbitrary maximum storage duration. Set up a cronjob or similar that regularly goes through the files and deletes all files that have been stored longer than your specified maximum duration. If a user uploads a file, but does not do the actual import soon enough, their data is deleted, and they would have to do the upload again. Here, your code has to handle the case that the file with the stored filename does not exist anymore (and may even be deleted while you are reading the file).

You probably want to limit your server to one file stored per user so that attackers can not fill your filesystem.

e) Small additional question : what kind of checks there are in Django about uploaded file? For example, how could I check that the file is at least a text-file? Should I do it?

You definitely want to set up some maximum file size for the file, as described e.g. here. You could limit the allowed file extensions, but that would only be a usability thing. Attackers could also give you garbage data with any accepted extension.

Keep in mind: If you only store the csv as text data that you load and parse everytime a certain view is accessed, this can be an easy way for attackers to exhaust your servers, giving them an easy DoS attack.

Overall, it depends on what guarantees you want to make, how many users you have and how trustworthy they are. If users might be malicious, you want to keep all possible kinds of data extraction and resource exhaustion attacks in mind. The filesystem will not scale out (at least not as easily as a database).

I know of a similar setup in a project where only a handful of priviliged users are allowed to upload stuff, and we can tolerate deletion of all temporary files on failure. Users will simply have to reupload their files. This works fine.

You can convert your User object to a Map and work as follow:

• convert User to a Map original object
• add all items to from userForm to original
• convert the original to a User class
• do what you need with the updated user

Basically the code is something like that:

First make a Repository class and make an instance of your DAO

So for anyone interested what the problem was:

Since we are using a custom logger (ServiceLoggingInvocationHandler) which try catched the exceptions of an invoke method, the catched exceptions were already wrapped with an invocation exception and were not the original exceptions. To solve the problem we needed to unwrap the exceptions again before forwarding them.

Since the logger was only used in debugging mode and only when specified the problem was only occurring for me.

Just do that and you will be fine (all external classes will be excluded):

Your need to use fake timers here. After all imports call jest.useFakeTimers(). Then in test after mounting the component call jest.runTimersToTime(2500). And after that you can do your assertions. Test example:

This is not straightforward and will need some manual interventions and it depends on what do you want to do in the future

• If the tables that already exist in the database have a stable design and won't be changed or you can do the changes manually using SQL statements then set managed = False to the models' meta, this will make Django skip making migrations for those models

• If you want to keep the power of migration in the new project for all models then this will more complex

  1. Delete all your migrations
  2. You need to make your models equivalent to your database, you can set managed=False for new models like Users
  3. Run python manage.py makemigrations, this will create the structure of the initial database.
  4. Fake running the migrations python manage.py migrate --fake
  5. Dump the records of django_migrations table
  6. Create a new empty migration (with --empty) and add the SQL statements of the django_migrations table to it using migrations.RunSQL()
  7. now fake again so you skip that new migration.
  8. Now you are ready to use migrations as usual.

When installing new database, you will just need to run python manage.py migrate