search

FinalsClub / karmaworld

KarmaNotes.org v3.0
GNU Affero General Public License v3.0
7 stars 6 forks source link

s3boto gets all paranoid about FPFileField.url #313

Closed btbonval closed 10 years ago

btbonval commented 10 years ago

This is extremely low priority because of this workaround: use FPFileField.name. It contains the same data, but S3boto won't do this to it: SuspiciousOperation: Attempted access to 'https:/www.filepicker.io/api/file/vcT2j4JITelO7V7xuiPq' denied.

Someday, we should find out why s3boto is so paranoid and suspicious of FPFileField.url, because that field makes more sense than FPFileField.name from a wordy point of view.

Functionally though? Workaround. Move on with life.

btbonval commented 10 years ago

Somewhat fuller traceback, where the problem steps from trying to evaluate raw_document.fp_file.url (replaced with raw_document.fp_file.name in the workaround):

[2014-01-31 19:30:45,414: ERROR/MainProcess] karmaworld.apps.document_upload.tasks.process_raw_document[40917530-2a87-44da-97a0-cd893584c38c]: Traceback (most recent call last):
  File "/home/vagrant/karmaworld/karmaworld/apps/document_upload/tasks.py", line 16, in process_raw_document
    convert_raw_document(raw_document, user=user)
  File "/home/vagrant/karmaworld/karmaworld/apps/notes/gdrive.py", line 254, in convert_raw_document
    logger.info("Zero or multiple mappings found with fp_file " + raw_document.fp_file.url)
...
  File "/var/www/karmaworld/venv/local/lib/python2.7/site-packages/django/db/models/fields/files.py", line 64, in _get_url
    return self.storage.url(self.name)
  File "/var/www/karmaworld/venv/local/lib/python2.7/site-packages/storages/backends/s3boto.py", line 257, in url
    name = self._normalize_name(self._clean_name(name))
  File "/var/www/karmaworld/venv/local/lib/python2.7/site-packages/storages/backends/s3boto.py", line 156, in _normalize_name
    raise SuspiciousOperation("Attempted access to '%s' denied." % name)
SuspiciousOperation: Attempted access to 'https:/www.filepicker.io/api/file/vcT2j4JITelO7V7xuiPq' denied
btbonval commented 10 years ago

http://stackoverflow.com/questions/10390244/how-to-set-up-a-django-project-with-django-storages-and-amazon-s3-but-with-diff Tried the above fix here (https://github.com/FinalsClub/karmaworld/issues/308#issuecomment-33858504) and it failed.

http://stackoverflow.com/questions/12535123/django-storages-and-amazon-s3-suspiciousoperation/16023858 Here someone does suggest using name instead of url. That someone acknowledged this is not documented, so I'm guessing its a hack more than a fix. (Note that this is what we're doing now)

btbonval commented 10 years ago

Alright well given that the interwebs doesn't seem to have good answers, this sounds more like an upstream problem with S3Boto and/or Django rather than a problem of improperly using S3Boto and/or Django. The workaround does what it needs to.