diff --git a/alexandria/core/tests/test_dav.py b/alexandria/core/tests/test_dav.py index 0bf414d6..2ba878b1 100644 --- a/alexandria/core/tests/test_dav.py +++ b/alexandria/core/tests/test_dav.py @@ -13,6 +13,7 @@ from rest_framework import status from rest_framework.status import HTTP_200_OK, HTTP_404_NOT_FOUND from webtest import TestApp, TestRequest +from webtest.app import AppError from wsgidav.dav_error import HTTP_FORBIDDEN from alexandria.core.models import File @@ -222,3 +223,15 @@ def test_dav_url_schemes_unconfigured(db, file_factory, manabi, settings): file.get_webdav_url("foobar", "foobar") assert str(e.value).startswith(f'The MIME type "{mime_type}"') + + +def test_dav_without_content(db, manabi, settings, file_factory): + settings.ALEXANDRIA_MANABI_DAV_URI_SCHEMES = {"text/plain": "ms-word:ofe|u|"} + + file = file_factory(name="test.txt", mime_type="text/plain") + dav_app = TestApp(get_dav()) + + with pytest.raises(AppError) as e: + dav_app.put(get_webdav_url_without_uri_scheme(file, "admin", "admin"), b"") + + assert "400 Bad Request" in str(e) diff --git a/alexandria/dav_provider.py b/alexandria/dav_provider.py index da245002..43c779cf 100644 --- a/alexandria/dav_provider.py +++ b/alexandria/dav_provider.py @@ -5,7 +5,7 @@ from django.core.exceptions import ValidationError from django.core.files.base import File as DjangoFile from manabi.filesystem import ManabiFileResourceMixin, ManabiProvider -from wsgidav.dav_error import HTTP_FORBIDDEN, DAVError +from wsgidav.dav_error import HTTP_BAD_REQUEST, HTTP_FORBIDDEN, DAVError from wsgidav.dav_provider import DAVNonCollection from alexandria.core.validations import validate_file @@ -93,6 +93,8 @@ def begin_write(self, *, content_type=None): assert not self.is_collection if self.provider.readonly: # pragma: no cover raise DAVError(HTTP_FORBIDDEN) + if int(self.environ["CONTENT_LENGTH"]) == 0: + raise DAVError(HTTP_BAD_REQUEST) return self.memory_file def end_write(self, *, with_errors):