Reject add-on submission if its guid is more than 64chars (bug 1202016)

apps/addons/tests/test_models.py

@@ -2016,7 +2016,7 @@ def test_blacklisted_guid(self):
         with self.assertRaises(forms.ValidationError) as e:
             Addon.from_upload(self.get_upload('extension.xpi'),
                               [self.platform])
-        eq_(e.exception.messages, ['Duplicate UUID found.'])
+        eq_(e.exception.messages, ['Duplicate add-on ID found.'])
 
     def test_xpi_attributes(self):
         addon = Addon.from_upload(self.get_upload('extension.xpi'),

apps/api/tests/test_oauth.py

@@ -527,7 +527,7 @@ def test_wrong_guid(self):
                          self.token, data=self.version_data)
         eq_(r.status_code, 400)
         eq_(r.content, 'Bad Request: Add-on did not validate: '
-            "UUID doesn't match add-on.")
+            "Add-on ID doesn't match add-on.")
 
     def test_duplicate_guid(self):
         self.create_addon()
@@ -536,7 +536,7 @@ def test_duplicate_guid(self):
         r = self.make_create_request(data)
         eq_(r.status_code, 400)
         eq_(r.content, 'Bad Request: Add-on did not validate: '
-            'Duplicate UUID found.')
+            'Duplicate add-on ID found.')
 
     def test_create_version(self):
         # Create an addon and let's use this for the new version.

apps/devhub/tests/test_views.py

@@ -2229,7 +2229,7 @@ def post(self, platform=amo.PLATFORM_MAC, source=None, beta=False):
     def test_guid_matches(self):
         self.addon.update(guid='something.different')
         r = self.post()
-        assert_json_error(r, None, "UUID doesn't match add-on.")
+        assert_json_error(r, None, "Add-on ID doesn't match add-on.")
 
     def test_version_matches(self):
         self.version.update(version='2.0')
@@ -2637,7 +2637,7 @@ def test_dupe_xpi(self, run_validator, validate_, flag_is_active):
 
         messages = data['validation']['messages']
         assert len(messages) == 1
-        assert messages[0]['message'] == u'Duplicate UUID found.'
+        assert messages[0]['message'] == u'Duplicate add-on ID found.'
 
     def test_dupe_xpi_unlisted_addon(self):
         """Submitting an xpi with the same UUID as an unlisted addon."""

apps/devhub/tests/test_views_validation.py

@@ -2,6 +2,7 @@
 import json
 from copy import deepcopy
 
+from django import forms
 from django.core.files.storage import default_storage as storage
 
 import mock
@@ -20,7 +21,7 @@
 from files.helpers import copyfileobj
 from files.models import File, FileUpload, FileValidation, ValidationAnnotation
 from files.tests.test_models import UploadTest as BaseUploadTest
-from files.utils import parse_addon
+from files.utils import check_xpi_info, parse_addon
 from users.models import UserProfile
 from zadmin.models import ValidationResult
 
@@ -85,10 +86,19 @@ def test_dupe_uuid(self, flag_is_active):
         eq_(res.status_code, 400, res.content)
         data = json.loads(res.content)
         eq_(data['validation']['messages'],
-            [{'tier': 1, 'message': 'Duplicate UUID found.',
+            [{'tier': 1, 'message': 'Duplicate add-on ID found.',
               'type': 'error', 'fatal': True}])
         eq_(data['validation']['ending_tier'], 1)
 
+    def test_too_long_uuid(self):
+        """An add-on uuid must be 64chars at most, see bug 1201176."""
+        with self.assertRaises(forms.ValidationError) as exc:
+            check_xpi_info({
+                'guid': u'this_guid_is_longer_than_the_limit_of_64_chars_see_'
+                        u'bug_1201176_and_should_fail@xpi'})
+        expected = 'Add-on ID must be 64 characters or less.'
+        assert exc.exception.message == expected
+
 
 class TestFileValidation(amo.tests.TestCase):
     fixtures = ['base/users', 'devhub/addon-validation-1']

apps/files/tests/test_models.py

@@ -348,13 +348,13 @@ def test_guid_nomatch(self):
         addon = Addon.objects.create(guid='xxx', type=1)
         with self.assertRaises(forms.ValidationError) as e:
             self.parse(addon)
-        eq_(e.exception.messages, ["UUID doesn't match add-on."])
+        eq_(e.exception.messages, ["Add-on ID doesn't match add-on."])
 
     def test_guid_dupe(self):
         Addon.objects.create(guid='guid@xpi', type=1)
         with self.assertRaises(forms.ValidationError) as e:
             self.parse()
-        eq_(e.exception.messages, ['Duplicate UUID found.'])
+        eq_(e.exception.messages, ['Duplicate add-on ID found.'])
 
     def test_match_type(self):
         addon = Addon.objects.create(guid='guid@xpi', type=4)

apps/files/utils.py

@@ -456,14 +456,18 @@ def parse_xpi(xpi, addon=None, check=True):
 
 def check_xpi_info(xpi_info, addon=None):
     from addons.models import Addon, BlacklistedGuid
-    if not xpi_info['guid']:
-        raise forms.ValidationError(_("Could not find a UUID."))
-    if addon and addon.guid != xpi_info['guid']:
-        raise forms.ValidationError(_("UUID doesn't match add-on."))
-    if (not addon
-            and Addon.with_unlisted.filter(guid=xpi_info['guid']).exists()
-            or BlacklistedGuid.objects.filter(guid=xpi_info['guid']).exists()):
-        raise forms.ValidationError(_('Duplicate UUID found.'))
+    guid = xpi_info['guid']
+    if not guid:
+        raise forms.ValidationError(_("Could not find an add-on ID."))
+    if len(guid) > 64:
+        raise forms.ValidationError(
+            _("Add-on ID must be 64 characters or less."))
+    if addon and addon.guid != guid:
+        raise forms.ValidationError(_("Add-on ID doesn't match add-on."))
+    if (not addon and
+            (Addon.with_unlisted.filter(guid=guid).exists()
+             or BlacklistedGuid.objects.filter(guid=guid).exists())):
+        raise forms.ValidationError(_('Duplicate add-on ID found.'))
     if len(xpi_info['version']) > 32:
         raise forms.ValidationError(
             _('Version numbers should have fewer than 32 characters.'))