Skip to content

fix: gracefully handle missing active session on download routes (fixes #415) #416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SeaCelo merged 2 commits into from
Apr 9, 2026
Merged

fix: gracefully handle missing active session on download routes (fixes #415) #416

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
489d17a
fix: gracefully handle missing active session on download routes (fix…
tejassinghbhati Apr 4, 2026
cdba5d1
Guard missing download parameters
SeaCelo Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions API/Routes/Case/CaseRoute.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -449,6 +449,8 @@ def prepareCSV():
def downloadCSV():
try:
casename = session.get('osycase', None)
if casename is None:
return jsonify({'message': 'No active session. Please select a model first.', 'status_code': 'error'}), 400
dataFile = Path(Config.DATA_STORAGE,casename,'export.csv')

dir = Path(Config.DATA_STORAGE,casename)
Expand Down
18 changes: 18 additions & 0 deletions API/Routes/DataFile/DataFileRoute.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,11 @@ def downloadDataFile():
# return jsonify(response), 200
#path = "/Examples.pdf"
case = session.get('osycase', None)
if case is None:
return jsonify({'message': 'No active session. Please select a model first.', 'status_code': 'error'}), 400
caserunname = request.args.get('caserunname')
if not caserunname:
return jsonify({'message': 'Missing required parameter: caserunname.', 'status_code': 'error'}), 400
Config.validate_path(Config.DATA_STORAGE, os.path.join(case or '', 'res', caserunname or ''))
dataFile = Path(Config.DATA_STORAGE,case, 'res',caserunname, 'data.txt')
return send_file(dataFile.resolve(), as_attachment=True, max_age=0)
Expand All @@ -224,7 +228,11 @@ def downloadDataFile():
def downloadFile():
try:
case = session.get('osycase', None)
if case is None:
return jsonify({'message': 'No active session. Please select a model first.', 'status_code': 'error'}), 400
file = request.args.get('file')
if not file:
return jsonify({'message': 'Missing required parameter: file.', 'status_code': 'error'}), 400
Config.validate_path(Config.DATA_STORAGE, os.path.join(case or '', 'res', 'csv', file or ''))
dataFile = Path(Config.DATA_STORAGE,case,'res','csv',file)
return send_file(dataFile.resolve(), as_attachment=True, max_age=0)
Expand All @@ -238,8 +246,14 @@ def downloadFile():
def downloadCSVFile():
try:
case = session.get('osycase', None)
if case is None:
return jsonify({'message': 'No active session. Please select a model first.', 'status_code': 'error'}), 400
file = request.args.get('file')
caserunname = request.args.get('caserunname')
if not file:
return jsonify({'message': 'Missing required parameter: file.', 'status_code': 'error'}), 400
if not caserunname:
return jsonify({'message': 'Missing required parameter: caserunname.', 'status_code': 'error'}), 400
Config.validate_path(Config.DATA_STORAGE, os.path.join(case or '', 'res', caserunname or '', 'csv', file or ''))
dataFile = Path(Config.DATA_STORAGE,case,'res',caserunname,'csv',file)
return send_file(dataFile.resolve(), as_attachment=True, max_age=0)
Expand All @@ -253,7 +267,11 @@ def downloadCSVFile():
def downloadResultsFile():
try:
case = session.get('osycase', None)
if case is None:
return jsonify({'message': 'No active session. Please select a model first.', 'status_code': 'error'}), 400
caserunname = request.args.get('caserunname')
if not caserunname:
return jsonify({'message': 'Missing required parameter: caserunname.', 'status_code': 'error'}), 400
Config.validate_path(Config.DATA_STORAGE, os.path.join(case or '', 'res', caserunname or ''))
dataFile = Path(Config.DATA_STORAGE,case, 'res', caserunname,'results.txt')
return send_file(dataFile.resolve(), as_attachment=True, max_age=0)
Expand Down
56 changes: 56 additions & 0 deletions tests/test_app_smoke.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,5 +122,61 @@ def test_repo_has_no_unmerged_paths(self):
self.assertEqual(result.stdout.strip(), "")


class DownloadRouteGuardTests(unittest.TestCase):
@classmethod
def setUpClass(cls):
sys.path.insert(0, str(API_DIR))
os.environ.setdefault("MUIOGO_SECRET_KEY", "smoke-test-secret")
cls.app_module = importlib.import_module("app")

def setUp(self):
self.client = self.app_module.app.test_client()

def test_download_routes_require_active_session(self):
endpoints = [
("/downloadDataFile", {"caserunname": "run1"}),
("/downloadFile", {"file": "result.csv"}),
("/downloadCSVFile", {"file": "result.csv", "caserunname": "run1"}),
("/downloadResultsFile", {"caserunname": "run1"}),
("/downloadCSV", {}),
]

for path, query in endpoints:
with self.subTest(path=path):
response = self.client.get(path, query_string=query)
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.get_json(),
{
"message": "No active session. Please select a model first.",
"status_code": "error",
},
)

def test_download_routes_require_query_params(self):
with self.client.session_transaction() as session_data:
session_data["osycase"] = "demo"

cases = [
("/downloadDataFile", {}, "Missing required parameter: caserunname."),
("/downloadFile", {}, "Missing required parameter: file."),
("/downloadCSVFile", {"caserunname": "run1"}, "Missing required parameter: file."),
("/downloadCSVFile", {"file": "result.csv"}, "Missing required parameter: caserunname."),
("/downloadResultsFile", {}, "Missing required parameter: caserunname."),
]

for path, query, message in cases:
with self.subTest(path=path, query=query):
response = self.client.get(path, query_string=query)
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.get_json(),
{
"message": message,
"status_code": "error",
},
)


if __name__ == "__main__":
unittest.main()
Loading