fix(dav): raise error if content length of put request is zero

alexandria/core/tests/test_dav.py

@@ -13,6 +13,7 @@
 from rest_framework import status
 from rest_framework.status import HTTP_200_OK, HTTP_404_NOT_FOUND
 from webtest import TestApp, TestRequest
+from webtest.app import AppError
 from wsgidav.dav_error import HTTP_FORBIDDEN
 
 from alexandria.core.models import File
@@ -222,3 +223,15 @@ def test_dav_url_schemes_unconfigured(db, file_factory, manabi, settings):
         file.get_webdav_url("foobar", "foobar")
 
     assert str(e.value).startswith(f'The MIME type "{mime_type}"')
+
+
+def test_dav_without_content(db, manabi, settings, file_factory):
+    settings.ALEXANDRIA_MANABI_DAV_URI_SCHEMES = {"text/plain": "ms-word:ofe|u|"}
+
+    file = file_factory(name="test.txt", mime_type="text/plain")
+    dav_app = TestApp(get_dav())
+
+    with pytest.raises(AppError) as e:
+        dav_app.put(get_webdav_url_without_uri_scheme(file, "admin", "admin"), b"")
+
+    assert "400 Bad Request" in str(e)

alexandria/dav_provider.py

@@ -5,7 +5,7 @@
 from django.core.exceptions import ValidationError
 from django.core.files.base import File as DjangoFile
 from manabi.filesystem import ManabiFileResourceMixin, ManabiProvider
-from wsgidav.dav_error import HTTP_FORBIDDEN, DAVError
+from wsgidav.dav_error import HTTP_BAD_REQUEST, HTTP_FORBIDDEN, DAVError
 from wsgidav.dav_provider import DAVNonCollection
 
 from alexandria.core.validations import validate_file
@@ -93,6 +93,8 @@ def begin_write(self, *, content_type=None):
         assert not self.is_collection
         if self.provider.readonly:  # pragma: no cover
             raise DAVError(HTTP_FORBIDDEN)
+        if int(self.environ["CONTENT_LENGTH"]) == 0:
+            raise DAVError(HTTP_BAD_REQUEST)
         return self.memory_file
 
     def end_write(self, *, with_errors):