Merge branch '1706039710-15' into 'master'

1706039710-15 merge request => remove exifdata on updateProfile

See merge request !9

app/tests.py

-import json
+import json, tempfile, os
 from io import StringIO
 
+from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.core.exceptions import PermissionDenied, ValidationError
 from django.core.files.uploadedfile import SimpleUploadedFile
@@ -19,6 +20,7 @@ from .views import (DaftarKatalog, DashboardKontributorView, DetailMateri,
                     SuksesLoginKontributorView, SuntingProfilView,
                     ProfilAdminView, PostsView, SuntingProfilAdminView, RevisiMateriView)
 from app.forms import SuntingProfilForm
+from app.utils.fileManagementUtil import get_random_filename, remove_image_exifdata
 
 
 class DaftarKatalogTest(TestCase):
@@ -1128,3 +1130,31 @@ class RatingMateriTest(TestCase):
     def test_score_in_rating_should_not_be_null(self):
         with self.assertRaises(TypeError):
             Rating(materi=self.materi1, user=self.user_one).save()
+
+
+class fileManagementUtilTest(TestCase):
+    def setUp(self):
+        self.filename = "image_with_exif_data.gif"
+        self.file_content = open(settings.BASE_DIR + "/app/test_files/" +
+                self.filename, "rb").read()
+
+    def test_get_random_filename_isCorrect(self):
+        generated_name = get_random_filename(self.filename)
+
+        self.assertTrue(generated_name != self.filename)
+        # 40 from 36 expected name length + 4 from extension
+        self.assertEqual(len(generated_name), 40)
+        self.assertTrue(generated_name[-4:] == ".gif")
+
+    def test_remove_image_exifdata_isCorrect(self):
+        with tempfile.TemporaryDirectory() as d:
+            image_with_exif_data_path = os.path.join(d, self.filename)
+            img = open(image_with_exif_data_path, "wb")
+            img.write(self.file_content)
+            img.close()
+
+            remove_image_exifdata(image_with_exif_data_path)
+            sanitized_img = open(image_with_exif_data_path, "rb").read()
+
+            self.assertTrue(len(sanitized_img) < len(self.file_content))
+            self.assertTrue(b'<exif:' not in sanitized_img)

app/utils/fileManagementUtil.py

+import tempfile, random, datetime, string, hashlib,os
+import PIL.Image as Image
+
+def get_random_filename(f_name):
+    ext = f_name.split(".")[-1]
+    name = ''.join(random.choices(string.ascii_lowercase , k=4))
+    name += hashlib.md5((datetime.datetime.now().isoformat() + f_name).encode()).hexdigest()
+
+    name = name + "." + ext
+    return name
+
+def remove_image_exifdata(f_path):
+    img = Image.open(f_path)
+    img.save(f_path)
+    return   
+
+

app/views.py

@@ -19,6 +19,7 @@ from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
 from administration.models import VerificationReport
 from app.forms import SuntingProfilForm, UploadMateriForm
 from app.models import Category, Comment, Materi, Like, ViewStatistics, DownloadStatistics, ReqMaterial
+from app.utils.fileManagementUtil import get_random_filename, remove_image_exifdata
 from authentication.models import User
 import django
 
@@ -340,11 +341,26 @@ class SuntingProfilView(TemplateView):
             raise PermissionDenied(request)
 
         current_user = self.request.user
+
         form = SuntingProfilForm(
             request.POST, request.FILES, instance=current_user)
         if form.is_valid():
             current_user.default_profile_picture = True
-            form.save()
+
+            # Removing exifdata from profile picture on upload
+            if request.FILES:
+                f_name = request.FILES['profile_picture'].name
+                f_name = get_random_filename(f_name)
+                f_path = settings.MEDIA_ROOT + "/" + f_name
+                request.FILES['profile_picture'].name = f_name
+
+                form = SuntingProfilForm(
+            request.POST, request.FILES, instance=current_user)
+                form.save()
+
+                remove_image_exifdata(f_path)
+            else: 
+                form.save()
             return HttpResponseRedirect("/profil/")
         else:
             context = self.get_context_data(**kwargs)
@@ -379,11 +395,26 @@ class SuntingProfilAdminView(TemplateView):
             raise PermissionDenied(request)
 
         current_user = self.request.user
+
         form = SuntingProfilForm(
             request.POST, request.FILES, instance=current_user)
         if form.is_valid():
             current_user.default_profile_picture = True
-            form.save()
+
+            # Removing exifdata from profile picture on upload
+            if request.FILES:
+                f_name = request.FILES['profile_picture'].name
+                f_name = get_random_filename(f_name)
+                f_path = settings.MEDIA_ROOT + "/" + f_name
+                request.FILES['profile_picture'].name = f_name
+
+                form = SuntingProfilForm(
+            request.POST, request.FILES, instance=current_user)
+                form.save()
+
+                remove_image_exifdata(f_path)
+            else: 
+                form.save()
             return HttpResponseRedirect("/profil-admin/")
         else:
             context = self.get_context_data(**kwargs)