From 0ea5d9a77b50922308712946400fe8fd4171e129 Mon Sep 17 00:00:00 2001
From: James Person <jperson1@umbc.edu>
Date: Thu, 12 Mar 2026 12:08:13 -0400
Subject: [PATCH 1/9] Resubmission - Allow users to copy their old report files
 and form content.

---
 backend/audit/forms.py                        |  29 ++++
 .../audit/templates/audit/upload-report.html  |  16 ++
 backend/audit/views/upload_report_view.py     | 140 ++++++++++++++----
 backend/dissemination/file_downloads.py       |  32 +++-
 backend/static/js/upload-report.js            |  28 ++++
 5 files changed, 215 insertions(+), 30 deletions(-)

diff --git a/backend/audit/forms.py b/backend/audit/forms.py
index bfdd6073f4..5967f5feac 100644
--- a/backend/audit/forms.py
+++ b/backend/audit/forms.py
@@ -22,6 +22,35 @@ class UploadReportForm(forms.Form):
     schedule_prior_findings = forms.IntegerField(initial=0, required=False, min_value=1)
     CAP_page = forms.IntegerField(initial=0, required=False, min_value=1)
     upload_report = forms.FileField()
+    keep_previous_report = forms.BooleanField(required=False)
+
+    def clean(self):
+        """
+        For 'Original' submissions, these fields do not really need cleaning - they're integers, so the default errors will do.
+        The view will handle erroneous report uploads.
+
+        For resubmissions, a user might upload an erroneous report and then indicate to keep their previous report.
+        Then, we want to clear all errors.
+        """
+        cleaned_data = super().clean()
+        if cleaned_data.get("keep_previous_report"):
+            for field in [
+                "financial_statements",
+                "financial_statements_opinion",
+                "schedule_expenditures",
+                "schedule_expenditures_opinion",
+                "uniform_guidance_control",
+                "uniform_guidance_compliance",
+                "GAS_control",
+                "GAS_compliance",
+                "schedule_findings",
+                "schedule_prior_findings",
+                "CAP_page",
+                "upload_report",
+            ]:
+                if field in self.errors:
+                    del self.errors[field]
+        return cleaned_data
 
 
 def _kvpair(info):
diff --git a/backend/audit/templates/audit/upload-report.html b/backend/audit/templates/audit/upload-report.html
index 6d7e11d50e..843ed3540b 100644
--- a/backend/audit/templates/audit/upload-report.html
+++ b/backend/audit/templates/audit/upload-report.html
@@ -96,6 +96,22 @@ <h2 class="usa-process-list__heading">{% if already_submitted %}Re-upload{% else
                     </p>
                 {% endif %}
 
+                {% if is_resubmission %}
+                    <div class="usa-checkbox">
+                        <input class="usa-checkbox__input"
+                                id="keep-previous-report"
+                                name="keep_previous_report"
+                                type="checkbox" />
+                        <label class="usa-checkbox__label" for="keep-previous-report">
+                            My report did not change. Keep the old report for this resubmission.
+                        </label>
+                    </div>
+                {% endif %}
+
+                {% if form.non_field_errors %}
+                    <span class="usa-error-message margin-top-2">{{ form.non_field_errors|striptags }}</span>
+                {% endif %}
+
                 <div hidden id="loader" class="cross-validation-loader margin-top-6">
                     <img src="{% static 'img/loader.svg' %}" alt="spinner for processing upload" />
                 </div>
diff --git a/backend/audit/views/upload_report_view.py b/backend/audit/views/upload_report_view.py
index 5e29276f23..58ea5f9f09 100644
--- a/backend/audit/views/upload_report_view.py
+++ b/backend/audit/views/upload_report_view.py
@@ -16,6 +16,7 @@
 )
 from audit.forms import UploadReportForm
 from audit.models.constants import EventType
+from dissemination.file_downloads import copy_file
 
 logging.basicConfig(
     format="%(asctime)s %(levelname)-8s %(module)s:%(lineno)d %(message)s"
@@ -97,11 +98,16 @@ def get(self, request, *args, **kwargs):
             sar = SingleAuditReportFile.objects.filter(sac_id=sac.id)
             if sar.exists():
                 sar = sar.latest("date_created")
-
             current_info = {
                 "cleaned_data": getattr(sar, "component_page_numbers", {}),
             }
 
+            previous_report_id = (
+                sac.resubmission_meta.get("previous_report_id")
+                if sac.resubmission_meta
+                else None
+            )
+
             context = {
                 "auditee_name": sac.auditee_name,
                 "report_id": report_id,
@@ -109,6 +115,7 @@ def get(self, request, *args, **kwargs):
                 "user_provided_organization_type": sac.user_provided_organization_type,
                 "page_number_inputs": self.page_number_inputs(),
                 "already_submitted": True if sar else False,
+                "is_resubmission": True if previous_report_id else False,
                 "form": current_info,
             }
 
@@ -130,6 +137,12 @@ def post(self, request, *args, **kwargs):
             audit = Audit.objects.find_audit_or_none(report_id)
             form = UploadReportForm(request.POST, request.FILES)
 
+            previous_report_id = (
+                sac.resubmission_meta.get("previous_report_id")
+                if sac.resubmission_meta
+                else None
+            )
+
             # Standard context always needed on this page
             context = {
                 "auditee_name": sac.auditee_name,
@@ -137,43 +150,68 @@ def post(self, request, *args, **kwargs):
                 "auditee_uei": sac.auditee_uei,
                 "user_provided_organization_type": sac.user_provided_organization_type,
                 "page_number_inputs": self.page_number_inputs(),
+                "is_resubmission": bool(previous_report_id),
             }
 
-            if form.is_valid():
-                file = request.FILES["upload_report"]
-                # SOT TODO: The audit.id, per comment above, MUST exist at this point.
-                # Pass the audit ID if we have one. Otherwise, None is valid. Revert to just `audit.id` after TODO.
-                sar_file = self.reformat_form_data(
-                    file, form, sac.id, audit.id if audit else None
-                )
-
-                # Try to save the formatted form data. If it fails on the file
-                # (encryption issues, file size issues), add and pass back the file errors.
-                # If it fails due to something else, re-raise it to be handled further below.
+            if not form.is_valid():
+                # Form is invalid, show the errors.
+                return render(request, "audit/upload-report.html", context | {"form": form})
+            
+            # Resubmissions - if the user is keeping their previously submitted report
+            if form.cleaned_data.get("keep_previous_report") and previous_report_id:
                 try:
-                    sar_file.full_clean()
-                    sar_file.save(
-                        event_user=request.user,
-                        event_type=EventType.AUDIT_REPORT_PDF_UPDATED,
+                    self._copy_previous_report(
+                        previous_report_id=previous_report_id,
+                        current_sac=sac,
+                        current_audit=audit,
+                        request=request,
                     )
-
-                    self._save_audit(
-                        report_id=report_id, sar_file=sar_file, request=request
+                except Exception as err:
+                    form.add_error(
+                        None,
+                        f"Unable to copy the previous report: {err}",
                     )
-                except ValidationError as err:
-                    for issue in err.error_dict.get("file"):
-                        form.add_error("upload_report", issue)
                     return render(
-                        request, "audit/upload-report.html", context | {"form": form}
+                        request,
+                        "audit/upload-report.html",
+                        context | {"form": form},
                     )
-                except Exception as err:
-                    raise err
+                return redirect(
+                    reverse("audit:SubmissionProgress", args=[report_id])
+                )
 
-                # Form data saved, redirect to checklist.
-                return redirect(reverse("audit:SubmissionProgress", args=[report_id]))
+            # "Original" or new report submissions
+            file = request.FILES["upload_report"]
+            # SOT TODO: The audit.id, per comment above, MUST exist at this point.
+            # Pass the audit ID if we have one. Otherwise, None is valid. Revert to just `audit.id` after TODO.
+            sar_file = self.reformat_form_data(
+                file, form, sac.id, audit.id if audit else None
+            )
 
-            # form.is_valid() failed (standard Django issues). Show the errors.
-            return render(request, "audit/upload-report.html", context | {"form": form})
+            # Try to save the formatted form data. If it fails on the file
+            # (encryption issues, file size issues), add and pass back the file errors.
+            # If it fails due to something else, re-raise it to be handled further below.
+            try:
+                sar_file.full_clean()
+                sar_file.save(
+                    event_user=request.user,
+                    event_type=EventType.AUDIT_REPORT_PDF_UPDATED,
+                )
+
+                self._save_audit(
+                    report_id=report_id, sar_file=sar_file, request=request
+                )
+            except ValidationError as err:
+                for issue in err.error_dict.get("file"):
+                    form.add_error("upload_report", issue)
+                return render(
+                    request, "audit/upload-report.html", context | {"form": form}
+                )
+            except Exception as err:
+                raise err
+
+            # Form data saved, redirect to checklist.
+            return redirect(reverse("audit:SubmissionProgress", args=[report_id]))
 
         except SingleAuditChecklist.DoesNotExist as err:
             raise PermissionDenied("You do not have access to this audit.") from err
@@ -239,3 +277,47 @@ def _save_audit(report_id, sar_file, request):
                 event_user=request.user,
                 event_type=EventType.AUDIT_REPORT_PDF_UPDATED,
             )
+
+    @staticmethod
+    def _copy_previous_report(previous_report_id, current_sac, current_audit, request):
+        """
+        Copy the SingleAuditReportFile and the associated s3 object from the
+        previous submission to the current resubmission.
+        """
+        previous_sac = SingleAuditChecklist.objects.get(report_id=previous_report_id)
+        previous_sar = SingleAuditReportFile.objects.filter(sac=previous_sac).latest(
+            "date_created"
+        )
+
+        # Copy the S3 object
+        source_key = f"singleauditreport/{previous_sac.report_id}.pdf"
+        dest_key = f"singleauditreport/{current_sac.report_id}.pdf"
+        copy_file(source_key, dest_key)
+
+        # Copy the SingleAuditReportFile row
+        new_sar = SingleAuditReportFile(
+            file=dest_key,
+            filename=f"{current_sac.report_id}.pdf",
+            sac=current_sac,
+            audit=current_audit,
+            component_page_numbers=previous_sar.component_page_numbers,
+        )
+        new_sar.save(
+            event_user=request.user,
+            event_type=EventType.AUDIT_REPORT_PDF_UPDATED,
+        )
+
+        # Mirror onto the Audit model if it exists
+        if current_audit:
+            current_audit.audit.update(
+                {
+                    "file_information": {
+                        "filename": new_sar.filename,
+                        "pages": new_sar.component_page_numbers,
+                    }
+                }
+            )
+            current_audit.save(
+                event_user=request.user,
+                event_type=EventType.AUDIT_REPORT_PDF_UPDATED,
+            )
diff --git a/backend/dissemination/file_downloads.py b/backend/dissemination/file_downloads.py
index 9f2c65028e..d8d33c7c0c 100644
--- a/backend/dissemination/file_downloads.py
+++ b/backend/dissemination/file_downloads.py
@@ -91,7 +91,7 @@ def file_exists(filename, show_warning=True):
         return True
     except ClientError:
         if show_warning:
-            logger.warn(f"Unable to locate file {filename} in S3!")
+            logger.warning(f"Unable to locate file {filename} in S3!")
         return False
 
 
@@ -125,3 +125,33 @@ def get_download_url(filename):
             raise Http404("File not found")
     except ClientError:
         raise Http404("File not found")
+
+
+def copy_file(source_key, dest_key):
+    """
+    Copy a file within the private S3 bucket from source_key to dest_key.
+    Returns True on success, raises Http404 if the source does not exist.
+    """
+    if not file_exists(source_key):
+        raise Http404(f"Unable to locate file {source_key} in S3!")
+
+    s3_client = boto3_client(
+        service_name="s3",
+        region_name=settings.AWS_S3_PRIVATE_REGION_NAME,
+        aws_access_key_id=settings.AWS_PRIVATE_ACCESS_KEY_ID,
+        aws_secret_access_key=settings.AWS_PRIVATE_SECRET_ACCESS_KEY,
+        endpoint_url=settings.AWS_S3_PRIVATE_INTERNAL_ENDPOINT,
+        config=Config(signature_version="s3v4"),
+    )
+
+    source_bucket = settings.AWS_PRIVATE_STORAGE_BUCKET_NAME
+    try:
+        s3_client.copy_object(
+            Bucket=source_bucket,
+            Key=dest_key,
+            CopySource={"Bucket": source_bucket, "Key": source_key},
+        )
+        return True
+    except ClientError as err:
+        logger.error(f"Failed to copy S3 object {source_key} -> {dest_key}: {err}")
+        raise Http404("Failed to copy file") from err
diff --git a/backend/static/js/upload-report.js b/backend/static/js/upload-report.js
index 1575485075..4a869626bd 100644
--- a/backend/static/js/upload-report.js
+++ b/backend/static/js/upload-report.js
@@ -2,6 +2,7 @@ var FORM = document.getElementById('upload-report__form');
 
 const continue_button = document.getElementById(`continue`); // <button>
 const loader = document.getElementById(`loader`); // <div>
+const keepPreviousCheckbox = document.getElementById('keep-previous-report'); // <input> (may be null)
 
 // On form submission, display the loader and disable the submit button
 function attachUploadHandler() {
@@ -12,9 +13,36 @@ function attachUploadHandler() {
   });
 }
 
+// On resubmission, if a user chooses to keep their previously uploaded report, grey out the other inputs.
+// To allow the user to actually submit the form, we remove the "required" attribute from the other inputs.
+function attachKeepPreviousHandler() {
+  if (!keepPreviousCheckbox) return;
+
+  keepPreviousCheckbox.addEventListener('change', () => {
+    const isChecked = keepPreviousCheckbox.checked;
+
+    const pageInputs = FORM.querySelectorAll('input[type="number"]');
+    pageInputs.forEach((input) => {
+      input.disabled = isChecked;
+      if (isChecked) input.removeAttribute('required');
+    });
+
+    const fileInput = FORM.querySelector('input[type="file"]');
+    if (fileInput) {
+      fileInput.disabled = isChecked;
+      if (isChecked) {
+        fileInput.removeAttribute('required');
+      } else {
+        fileInput.setAttribute('required', '');
+      }
+    }
+  });
+}
+
 // On pageload, attach handlers to monitor the page state
 function attachEventHandlers() {
   attachUploadHandler();
+  attachKeepPreviousHandler();
 }
 
 function init() {

From c407e13962b289028751c04a0e61e4320e71dae2 Mon Sep 17 00:00:00 2001
From: James Person <jperson1@umbc.edu>
Date: Thu, 12 Mar 2026 13:03:55 -0400
Subject: [PATCH 2/9] snake_case to camelcase

---
 backend/static/js/upload-report.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/static/js/upload-report.js b/backend/static/js/upload-report.js
index 4a869626bd..fb6dbbac73 100644
--- a/backend/static/js/upload-report.js
+++ b/backend/static/js/upload-report.js
@@ -1,6 +1,6 @@
 var FORM = document.getElementById('upload-report__form');
 
-const continue_button = document.getElementById(`continue`); // <button>
+const continueButton = document.getElementById(`continue`); // <button>
 const loader = document.getElementById(`loader`); // <div>
 const keepPreviousCheckbox = document.getElementById('keep-previous-report'); // <input> (may be null)
 
@@ -8,8 +8,8 @@ const keepPreviousCheckbox = document.getElementById('keep-previous-report'); //
 function attachUploadHandler() {
   FORM.addEventListener('submit', () => {
     loader.hidden = false;
-    continue_button.innerText = 'Validating...';
-    continue_button.disabled = true;
+    continueButton.innerText = 'Validating...';
+    continueButton.disabled = true;
   });
 }
 

From 4654d6467c6627a242b600db86ed74940813e606 Mon Sep 17 00:00:00 2001
From: James Person <jperson1@umbc.edu>
Date: Thu, 12 Mar 2026 15:12:05 -0400
Subject: [PATCH 3/9] Break UploadReportView.post into two paths with their own
 functions.

Also, type annotations. We should do more of those.
---
 backend/audit/views/upload_report_view.py | 129 ++++++++++++----------
 1 file changed, 70 insertions(+), 59 deletions(-)

diff --git a/backend/audit/views/upload_report_view.py b/backend/audit/views/upload_report_view.py
index 58ea5f9f09..58f4dc581e 100644
--- a/backend/audit/views/upload_report_view.py
+++ b/backend/audit/views/upload_report_view.py
@@ -1,6 +1,7 @@
 import logging
 
 from django.core.exceptions import BadRequest, PermissionDenied, ValidationError
+from django.http import HttpRequest, HttpResponse
 from django.shortcuts import render, redirect
 from django.views import generic
 from django.urls import reverse
@@ -132,9 +133,6 @@ def post(self, request, *args, **kwargs):
         try:
             # TODO SOT: Switch to `audit`
             sac = SingleAuditChecklist.objects.get(report_id=report_id)
-            # In the transition (SOT1.5), the audit MUST exist at this point,
-            # becuase it was created with the SAC. So, we should at least get *something*.
-            audit = Audit.objects.find_audit_or_none(report_id)
             form = UploadReportForm(request.POST, request.FILES)
 
             previous_report_id = (
@@ -153,81 +151,94 @@ def post(self, request, *args, **kwargs):
                 "is_resubmission": bool(previous_report_id),
             }
 
+            # Find form errors and return if any exist, then EITHER:
+            # 1. For resubmissions that opt in, copy the previous report.
+            # 2. For original or updated resubmissions, validate and store as normal.
             if not form.is_valid():
-                # Form is invalid, show the errors.
-                return render(request, "audit/upload-report.html", context | {"form": form})
-            
-            # Resubmissions - if the user is keeping their previously submitted report
-            if form.cleaned_data.get("keep_previous_report") and previous_report_id:
-                try:
-                    self._copy_previous_report(
-                        previous_report_id=previous_report_id,
-                        current_sac=sac,
-                        current_audit=audit,
-                        request=request,
-                    )
-                except Exception as err:
-                    form.add_error(
-                        None,
-                        f"Unable to copy the previous report: {err}",
-                    )
-                    return render(
-                        request,
-                        "audit/upload-report.html",
-                        context | {"form": form},
-                    )
-                return redirect(
-                    reverse("audit:SubmissionProgress", args=[report_id])
-                )
-
-            # "Original" or new report submissions
-            file = request.FILES["upload_report"]
-            # SOT TODO: The audit.id, per comment above, MUST exist at this point.
-            # Pass the audit ID if we have one. Otherwise, None is valid. Revert to just `audit.id` after TODO.
-            sar_file = self.reformat_form_data(
-                file, form, sac.id, audit.id if audit else None
-            )
-
-            # Try to save the formatted form data. If it fails on the file
-            # (encryption issues, file size issues), add and pass back the file errors.
-            # If it fails due to something else, re-raise it to be handled further below.
-            try:
-                sar_file.full_clean()
-                sar_file.save(
-                    event_user=request.user,
-                    event_type=EventType.AUDIT_REPORT_PDF_UPDATED,
-                )
-
-                self._save_audit(
-                    report_id=report_id, sar_file=sar_file, request=request
-                )
-            except ValidationError as err:
-                for issue in err.error_dict.get("file"):
-                    form.add_error("upload_report", issue)
                 return render(
                     request, "audit/upload-report.html", context | {"form": form}
                 )
-            except Exception as err:
-                raise err
 
-            # Form data saved, redirect to checklist.
-            return redirect(reverse("audit:SubmissionProgress", args=[report_id]))
+            if form.cleaned_data.get("keep_previous_report") and previous_report_id:
+                return self._handle_keep_previous_report(
+                    request, report_id, previous_report_id, form, context
+                )
+
+            return self._handle_new_report_upload(request, report_id, form, context)
 
         except SingleAuditChecklist.DoesNotExist as err:
             raise PermissionDenied("You do not have access to this audit.") from err
         except LateChangeError:
             return render(request, "audit/no-late-changes.html")
-
         except Exception as err:
             logger.error("Unexpected error in UploadReportView post:\n %s", err)
             raise BadRequest() from err
 
+    def _handle_keep_previous_report(
+        self,
+        request: HttpRequest,
+        report_id: str,
+        previous_report_id: str,
+        form: UploadReportForm,
+        context: dict,
+    ) -> HttpResponse:
+        """
+        Copy the previous submission's SingleAuditReportFile and PDF to the current resubmission.
+        """
+        sac = SingleAuditChecklist.objects.get(report_id=report_id)
+        audit = Audit.objects.find_audit_or_none(report_id)
+
+        try:
+            self._copy_previous_report(
+                previous_report_id=previous_report_id,
+                current_sac=sac,
+                current_audit=audit,
+                request=request,
+            )
+        except Exception as err:
+            logger.error("Unexpected error copying a SingleAuditReportFile: {err}")
+            form.add_error(None, f"Unable to copy the previous report: {err}")
+            return render(request, "audit/upload-report.html", context | {"form": form})
+
+        return redirect(reverse("audit:SubmissionProgress", args=[report_id]))
+
+    def _handle_new_report_upload(
+        self,
+        request: HttpRequest,
+        report_id: str,
+        form: UploadReportForm,
+        context: dict,
+    ) -> HttpResponse:
+        """
+        Validate and store a newly uploaded report.
+        """
+        sac = SingleAuditChecklist.objects.get(report_id=report_id)
+        audit = Audit.objects.find_audit_or_none(report_id)
+
+        file = request.FILES["upload_report"]
+        sar_file = self.reformat_form_data(
+            file, form, sac.id, audit.id if audit else None
+        )
+
+        try:
+            sar_file.full_clean()
+            sar_file.save(
+                event_user=request.user,
+                event_type=EventType.AUDIT_REPORT_PDF_UPDATED,
+            )
+            self._save_audit(report_id=report_id, sar_file=sar_file, request=request)
+        except ValidationError as err:
+            for issue in err.error_dict.get("file"):
+                form.add_error("upload_report", issue)
+            return render(request, "audit/upload-report.html", context | {"form": form})
+
+        return redirect(reverse("audit:SubmissionProgress", args=[report_id]))
+
     def reformat_form_data(self, file, form, sac_id, audit_id):
         """
         Given the file, form, and report_id, return the formatted SingleAuditReportFile.
         Maps cleaned form data into an object to be passed alongside the file, filename, and report id.
         """
-
         component_page_numbers = {
             "financial_statements": form.cleaned_data["financial_statements"],
             "financial_statements_opinion": form.cleaned_data[

From 490ef84f7a2b68352d9101c48a440291ae8d3f45 Mon Sep 17 00:00:00 2001
From: James Person <jperson1@umbc.edu>
Date: Thu, 12 Mar 2026 15:21:44 -0400
Subject: [PATCH 4/9] More type annotations, making use of `_save_audit` to
 avoid a ot of copying

---
 backend/audit/views/upload_report_view.py | 65 +++++++++++++----------
 1 file changed, 36 insertions(+), 29 deletions(-)

diff --git a/backend/audit/views/upload_report_view.py b/backend/audit/views/upload_report_view.py
index 58f4dc581e..ecf2e541cc 100644
--- a/backend/audit/views/upload_report_view.py
+++ b/backend/audit/views/upload_report_view.py
@@ -1,5 +1,6 @@
 import logging
 
+from django.core.files.uploadedfile import UploadedFile
 from django.core.exceptions import BadRequest, PermissionDenied, ValidationError
 from django.http import HttpRequest, HttpResponse
 from django.shortcuts import render, redirect
@@ -41,7 +42,7 @@ def __init__(self, text="", id="", required=True, hint=None):
 
 
 class UploadReportView(SingleAuditChecklistAccessRequiredMixin, generic.View):
-    def page_number_inputs(self):
+    def page_number_inputs(self) -> list[tuple]:
         """
         Build the input elements to be passed to the context for use in
         audit/templates/audit/upload-report.html
@@ -164,7 +165,7 @@ def post(self, request, *args, **kwargs):
                     request, report_id, previous_report_id, form, context
                 )
 
-            return self._handle_new_report_upload(request, report_id, form, context)
+            return self._handle_new_report(request, report_id, form, context)
 
         except SingleAuditChecklist.DoesNotExist as err:
             raise PermissionDenied("You do not have access to this audit.") from err
@@ -189,7 +190,7 @@ def _handle_keep_previous_report(
         audit = Audit.objects.find_audit_or_none(report_id)
 
         try:
-            self._copy_previous_report(
+            self.copy_previous_report_data(
                 previous_report_id=previous_report_id,
                 current_sac=sac,
                 current_audit=audit,
@@ -202,7 +203,7 @@ def _handle_keep_previous_report(
 
         return redirect(reverse("audit:SubmissionProgress", args=[report_id]))
 
-    def _handle_new_report_upload(
+    def _handle_new_report(
         self,
         request: HttpRequest,
         report_id: str,
@@ -234,7 +235,13 @@ def _handle_new_report_upload(
 
         return redirect(reverse("audit:SubmissionProgress", args=[report_id]))
 
-    def reformat_form_data(self, file, form, sac_id, audit_id):
+    def reformat_form_data(
+        self,
+        file: UploadedFile,
+        form: UploadReportForm,
+        sac_id: int,
+        audit_id: int | None,
+    ) -> SingleAuditReportFile:
         """
         Given the file, form, and report_id, return the formatted SingleAuditReportFile.
         Maps cleaned form data into an object to be passed alongside the file, filename, and report id.
@@ -271,26 +278,13 @@ def reformat_form_data(self, file, form, sac_id, audit_id):
         )
         return sar_file
 
-    @staticmethod
-    def _save_audit(report_id, sar_file, request):
-        # TODO: Update Post SOC Launch : Delete and move done for linting complexity
-        audit = Audit.objects.find_audit_or_none(report_id=report_id)
-        if audit:
-            audit.audit.update(
-                {
-                    "file_information": {
-                        "filename": sar_file.filename,
-                        "pages": sar_file.component_page_numbers,
-                    }
-                }
-            )
-            audit.save(
-                event_user=request.user,
-                event_type=EventType.AUDIT_REPORT_PDF_UPDATED,
-            )
-
-    @staticmethod
-    def _copy_previous_report(previous_report_id, current_sac, current_audit, request):
+    def copy_previous_report_data(
+        self,
+        previous_report_id: str,
+        current_sac: SingleAuditChecklist,
+        current_audit: Audit | None,
+        request: HttpRequest,
+    ) -> None:
         """
         Copy the SingleAuditReportFile and the associated s3 object from the
         previous submission to the current resubmission.
@@ -320,15 +314,28 @@ def _copy_previous_report(previous_report_id, current_sac, current_audit, reques
 
         # Mirror onto the Audit model if it exists
         if current_audit:
-            current_audit.audit.update(
+            self._save_audit(
+                report_id=current_sac.report_id, sar_file=new_sar, request=request
+            )
+
+    @staticmethod
+    def _save_audit(
+        report_id: str,
+        sar_file: SingleAuditReportFile,
+        request: HttpRequest,
+    ) -> None:
+        # TODO: Update Post SOC Launch : Delete and move done for linting complexity
+        audit = Audit.objects.find_audit_or_none(report_id=report_id)
+        if audit:
+            audit.audit.update(
                 {
                     "file_information": {
-                        "filename": new_sar.filename,
-                        "pages": new_sar.component_page_numbers,
+                        "filename": sar_file.filename,
+                        "pages": sar_file.component_page_numbers,
                     }
                 }
             )
-            current_audit.save(
+            audit.save(
                 event_user=request.user,
                 event_type=EventType.AUDIT_REPORT_PDF_UPDATED,
             )

From b80c5ef9b085485f8bcd9210e331b4426034869d Mon Sep 17 00:00:00 2001
From: James Person <jperson1@umbc.edu>
Date: Thu, 12 Mar 2026 15:22:25 -0400
Subject: [PATCH 5/9] Reorder imports :(

---
 backend/audit/views/upload_report_view.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/audit/views/upload_report_view.py b/backend/audit/views/upload_report_view.py
index ecf2e541cc..8fe4284c99 100644
--- a/backend/audit/views/upload_report_view.py
+++ b/backend/audit/views/upload_report_view.py
@@ -1,12 +1,13 @@
 import logging
 
-from django.core.files.uploadedfile import UploadedFile
 from django.core.exceptions import BadRequest, PermissionDenied, ValidationError
+from django.core.files.uploadedfile import UploadedFile
 from django.http import HttpRequest, HttpResponse
 from django.shortcuts import render, redirect
 from django.views import generic
 from django.urls import reverse
 
+from audit.forms import UploadReportForm
 from audit.mixins import (
     SingleAuditChecklistAccessRequiredMixin,
 )
@@ -16,7 +17,6 @@
     SingleAuditReportFile,
     Audit,
 )
-from audit.forms import UploadReportForm
 from audit.models.constants import EventType
 from dissemination.file_downloads import copy_file
 

From d2c08914140b5a6cc9802e28cb07b1b10f8efa9b Mon Sep 17 00:00:00 2001
From: James Person <jperson1@umbc.edu>
Date: Thu, 12 Mar 2026 16:47:30 -0400
Subject: [PATCH 6/9] `init` file for the `test_viewlib`, and fixes for the
 `resubmission_start` tests.

---
 backend/audit/test_viewlib/__init__.py        |  0
 .../test_resubmission_start_view.py           | 27 ++++++++++++++++---
 2 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 backend/audit/test_viewlib/__init__.py

diff --git a/backend/audit/test_viewlib/__init__.py b/backend/audit/test_viewlib/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/backend/audit/test_viewlib/test_resubmission_start_view.py b/backend/audit/test_viewlib/test_resubmission_start_view.py
index f331e19792..84346059ca 100644
--- a/backend/audit/test_viewlib/test_resubmission_start_view.py
+++ b/backend/audit/test_viewlib/test_resubmission_start_view.py
@@ -6,6 +6,7 @@
 
 from audit.models import SingleAuditChecklist
 from audit.models.constants import STATUS
+from dissemination.models import General
 
 User = get_user_model()
 
@@ -16,20 +17,40 @@ class ResubmissionStartViewTests(TestCase):
     invalid_report_id = "NOT-LONG-ENOUGH"
     nonexistent_report_id = "LONGENOUGHBUTDOESNOTEXIST"
     valid_report_id = "0123-01-SOURCE-0123456789"
+    valid_sibling_report_id = "3210-10-SOURCE-9876543210"
+    general_information = {
+        "auditee_uei": "auditee_uei",
+        "auditee_name": "auditee_name",
+        "auditee_fiscal_period_end": "2022-01-01",
+    }
 
     # Recreated per test
     def setUp(self):
-        """Setup user and client."""
+        """Setup prerequisite fake submissions, then add a user and client."""
         self.valid_sac = baker.make(
             SingleAuditChecklist,
             report_id=self.valid_report_id,
             submission_status=STATUS.DISSEMINATED,
+            general_information=self.general_information,
         )
+        self.sibling_sac = baker.make(
+            SingleAuditChecklist,
+            report_id=self.valid_sibling_report_id,
+            submission_status=STATUS.DISSEMINATED,
+            general_information=self.general_information,
+        )
+        self.sibling_general = baker.make(
+            General,
+            report_id=self.valid_sibling_report_id,
+            audit_year="2022",
+            auditee_uei="auditee_uei"   
+        )
+
         self.user = baker.make(User)
         self.client = Client()
 
     def test_redirect_if_not_logged_in(self):
-        """Test that accessing resubmission start page redirects if the user is not logged in"""
+        """Test that accessing resubmission start page redirects if the user is not logged in."""
         response = self.client.get(self.path_name)
         self.assertAlmostEqual(response.status_code, 302)
 
@@ -62,4 +83,4 @@ def test_valid_report_id(self):
         self.client.force_login(user=self.user)
         response = self.client.post(self.path_name, {"report_id": self.valid_report_id})
 
-        self.assertRedirects(response, reverse("report_submission:eligibility"))
+        self.assertRedirects(response, reverse("report_submission:eligibility"), fetch_redirect_response=False)

From f8782e201f44a34bef40a51551c3cd5ab8af2e41 Mon Sep 17 00:00:00 2001
From: James Person <jperson1@umbc.edu>
Date: Thu, 12 Mar 2026 17:11:57 -0400
Subject: [PATCH 7/9] Move `SingleAuditReportFileHandlerViewTests` to it's own
 file in the `test_viewlib` subdirectory

---
 .../test_viewlib/test_upload_report_view.py   | 115 ++++++++++++++++++
 backend/audit/test_views.py                   |  96 ---------------
 2 files changed, 115 insertions(+), 96 deletions(-)
 create mode 100644 backend/audit/test_viewlib/test_upload_report_view.py

diff --git a/backend/audit/test_viewlib/test_upload_report_view.py b/backend/audit/test_viewlib/test_upload_report_view.py
new file mode 100644
index 0000000000..f78cc17997
--- /dev/null
+++ b/backend/audit/test_viewlib/test_upload_report_view.py
@@ -0,0 +1,115 @@
+from unittest.mock import patch
+
+from audit.models import (
+    Access,
+    SubmissionEvent,
+)
+from audit.models.constants import SAC_SEQUENCE_ID
+from audit.models.utils import get_next_sequence_id
+from audit.test_views import (
+    _mock_gen_report_id,
+    _mock_login_and_scan,
+    _make_user_and_sac,
+)
+from django.contrib.auth import get_user_model
+from django.test import TestCase
+from django.urls import reverse
+from model_bakery import baker
+
+User = get_user_model()
+
+
+class SingleAuditReportFileHandlerViewTests(TestCase):
+    def test_login_required(self):
+        """When an unauthenticated request is made."""
+
+        response = self.client.post(
+            reverse(
+                "audit:SingleAuditReport",
+                kwargs={"report_id": "12345"},
+            )
+        )
+
+        self.assertTemplateUsed(response, "home.html")
+        self.assertTrue(response.context["session_expired"])
+
+    def test_bad_report_id_returns_403(self):
+        """When a request is made for a malformed or nonexistent report_id, a 403 error should be returned."""
+        user = baker.make(User)
+
+        self.client.force_login(user)
+
+        response = self.client.post(
+            reverse(
+                "audit:SingleAuditReport",
+                kwargs={
+                    "report_id": "this is not a report id",
+                },
+            )
+        )
+
+        self.assertEqual(response.status_code, 403)
+
+    def test_inaccessible_audit_returns_403(self):
+        """When a request is made for an audit that is inaccessible for this user, a 403 error should be returned."""
+        user, sac = _make_user_and_sac()
+
+        self.client.force_login(user)
+        response = self.client.post(
+            reverse(
+                "audit:SingleAuditReport",
+                kwargs={"report_id": sac.report_id},
+            )
+        )
+
+        self.assertEqual(response.status_code, 403)
+
+    def test_no_file_attached_returns_400(self):
+        """When a request is made with no file attached, a 400 error should be returned."""
+        user, sac = _make_user_and_sac()
+        baker.make(Access, user=user, sac=sac)
+
+        self.client.force_login(user)
+
+        response = self.client.post(
+            reverse(
+                "audit:SingleAuditReport",
+                kwargs={"report_id": sac.report_id},
+            )
+        )
+
+        self.assertEqual(response.status_code, 400)
+
+    @patch("audit.validators._scan_file")
+    def test_valid_file_upload(self, mock_scan_file):
+        """Test that uploading a valid SAR update the SAC accordingly."""
+        sequence = get_next_sequence_id(SAC_SEQUENCE_ID)
+        sac = _mock_login_and_scan(
+            self.client,
+            mock_scan_file,
+            id=sequence,
+            report_id=_mock_gen_report_id(sequence),
+        )
+
+        with open("audit/fixtures/basic.pdf", "rb") as pdf_file:
+            response = self.client.post(
+                reverse(
+                    "audit:SingleAuditReport",
+                    kwargs={
+                        "report_id": sac.report_id,
+                    },
+                ),
+                data={"FILES": pdf_file},
+            )
+
+            self.assertEqual(response.status_code, 302)
+
+        submission_events = SubmissionEvent.objects.filter(sac=sac)
+
+        # the most recent event should be AUDIT_REPORT_PDF_UPDATED
+        event_count = len(submission_events)
+        self.assertGreaterEqual(event_count, 1)
+        self.assertEqual(
+            submission_events[event_count - 1].event,
+            SubmissionEvent.EventType.AUDIT_REPORT_PDF_UPDATED,
+        )
diff --git a/backend/audit/test_views.py b/backend/audit/test_views.py
index 9760388e9c..5bea764380 100644
--- a/backend/audit/test_views.py
+++ b/backend/audit/test_views.py
@@ -1624,102 +1624,6 @@ def test_excel_file_not_saved_on_validation_failure(self):
                         )
                         self.assertFalse(ExcelFile.objects.exists())
 
-
-class SingleAuditReportFileHandlerViewTests(TestCase):
-    def test_login_required(self):
-        """When an unauthenticated request is made"""
-
-        response = self.client.post(
-            reverse(
-                "audit:SingleAuditReport",
-                kwargs={"report_id": "12345"},
-            )
-        )
-
-        self.assertTemplateUsed(response, "home.html")
-        self.assertTrue(response.context["session_expired"])
-
-    def test_bad_report_id_returns_403(self):
-        """When a request is made for a malformed or nonexistent report_id, a 403 error should be returned"""
-        user = baker.make(User)
-
-        self.client.force_login(user)
-
-        response = self.client.post(
-            reverse(
-                "audit:SingleAuditReport",
-                kwargs={
-                    "report_id": "this is not a report id",
-                },
-            )
-        )
-
-        self.assertEqual(response.status_code, 403)
-
-    def test_inaccessible_audit_returns_403(self):
-        """When a request is made for an audit that is inaccessible for this user, a 403 error should be returned"""
-        user, sac = _make_user_and_sac()
-
-        self.client.force_login(user)
-        response = self.client.post(
-            reverse(
-                "audit:SingleAuditReport",
-                kwargs={"report_id": sac.report_id},
-            )
-        )
-
-        self.assertEqual(response.status_code, 403)
-
-    def test_no_file_attached_returns_400(self):
-        """When a request is made with no file attached, a 400 error should be returned"""
-        user, sac = _make_user_and_sac()
-        baker.make(Access, user=user, sac=sac)
-
-        self.client.force_login(user)
-
-        response = self.client.post(
-            reverse(
-                "audit:SingleAuditReport",
-                kwargs={"report_id": sac.report_id},
-            )
-        )
-
-        self.assertEqual(response.status_code, 400)
-
-    @patch("audit.validators._scan_file")
-    def test_valid_file_upload(self, mock_scan_file):
-        """Test that uploading a valid SAR update the SAC accordingly"""
-        sequence = get_next_sequence_id(SAC_SEQUENCE_ID)
-        sac = _mock_login_and_scan(
-            self.client,
-            mock_scan_file,
-            id=sequence,
-            report_id=_mock_gen_report_id(sequence),
-        )
-
-        with open("audit/fixtures/basic.pdf", "rb") as pdf_file:
-            response = self.client.post(
-                reverse(
-                    "audit:SingleAuditReport",
-                    kwargs={
-                        "report_id": sac.report_id,
-                    },
-                ),
-                data={"FILES": pdf_file},
-            )
-
-            self.assertEqual(response.status_code, 302)
-
-        submission_events = SubmissionEvent.objects.filter(sac=sac)
-
-        # the most recent event should be AUDIT_REPORT_PDF_UPDATED
-        event_count = len(submission_events)
-        self.assertGreaterEqual(event_count, 1)
-        self.assertEqual(
-            submission_events[event_count - 1].event,
-            SubmissionEvent.EventType.AUDIT_REPORT_PDF_UPDATED,
-        )
-
     @patch("audit.validators._scan_file")
     def test_valid_file_upload_for_additional_ueis(self, mock_scan_file):
         """When a valid Excel file is uploaded, the file should be stored and the SingleAuditChecklist should be updated to include the uploaded Additional UEIs data"""

From b4737bada497bd575b0013634814d2c632d5459a Mon Sep 17 00:00:00 2001
From: James Person <jperson1@umbc.edu>
Date: Thu, 12 Mar 2026 17:13:01 -0400
Subject: [PATCH 8/9] A few tests to cover the new copying part of the view.

---
 .../test_resubmission_start_view.py           |   8 +-
 .../test_viewlib/test_upload_report_view.py   | 106 ++++++++++++++++++
 backend/audit/views/upload_report_view.py     |   2 +-
 3 files changed, 113 insertions(+), 3 deletions(-)

diff --git a/backend/audit/test_viewlib/test_resubmission_start_view.py b/backend/audit/test_viewlib/test_resubmission_start_view.py
index 84346059ca..0cd3ac1843 100644
--- a/backend/audit/test_viewlib/test_resubmission_start_view.py
+++ b/backend/audit/test_viewlib/test_resubmission_start_view.py
@@ -43,7 +43,7 @@ def setUp(self):
             General,
             report_id=self.valid_sibling_report_id,
             audit_year="2022",
-            auditee_uei="auditee_uei"   
+            auditee_uei="auditee_uei",
         )
 
         self.user = baker.make(User)
@@ -83,4 +83,8 @@ def test_valid_report_id(self):
         self.client.force_login(user=self.user)
         response = self.client.post(self.path_name, {"report_id": self.valid_report_id})
 
-        self.assertRedirects(response, reverse("report_submission:eligibility"), fetch_redirect_response=False)
+        self.assertRedirects(
+            response,
+            reverse("report_submission:eligibility"),
+            fetch_redirect_response=False,
+        )
diff --git a/backend/audit/test_viewlib/test_upload_report_view.py b/backend/audit/test_viewlib/test_upload_report_view.py
index f78cc17997..b89d86dc41 100644
--- a/backend/audit/test_viewlib/test_upload_report_view.py
+++ b/backend/audit/test_viewlib/test_upload_report_view.py
@@ -2,6 +2,7 @@
 
 from audit.models import (
     Access,
+    SingleAuditReportFile,
     SubmissionEvent,
 )
 from audit.models.constants import SAC_SEQUENCE_ID
@@ -20,6 +21,18 @@
 
 
 class SingleAuditReportFileHandlerViewTests(TestCase):
+    valid_page_numbers = {
+        "financial_statements": 1,
+        "financial_statements_opinion": 2,
+        "schedule_expenditures": 3,
+        "schedule_expenditures_opinion": 4,
+        "uniform_guidance_control": 5,
+        "uniform_guidance_compliance": 6,
+        "GAS_control": 7,
+        "GAS_compliance": 8,
+        "schedule_findings": 9,
+    }
+
     def test_login_required(self):
         """When an unauthenticated request is made."""
 
@@ -113,3 +126,96 @@ def test_valid_file_upload(self, mock_scan_file):
             submission_events[event_count - 1].event,
             SubmissionEvent.EventType.AUDIT_REPORT_PDF_UPDATED,
         )
+
+    @patch("audit.validators._scan_file")
+    def test_new_report_upload_via_upload_report_view(self, mock_scan_file):
+        """
+        When a user uploads a new report, `keep_previous_report` is either False or absent.
+        Ensure the view redirects the user. Then pull down the SAR and spot check the data and file.
+        """
+        sequence = get_next_sequence_id(SAC_SEQUENCE_ID)
+        sac = _mock_login_and_scan(
+            self.client,
+            mock_scan_file,
+            id=sequence,
+            report_id=_mock_gen_report_id(sequence),
+        )
+
+        with open("audit/fixtures/basic.pdf", "rb") as pdf_file:
+            response = self.client.post(
+                reverse(
+                    "audit:UploadReport",
+                    kwargs={"report_id": sac.report_id},
+                ),
+                data={**self.valid_page_numbers, "upload_report": pdf_file},
+            )
+
+        self.assertEqual(response.status_code, 302)
+
+        sar = SingleAuditReportFile.objects.filter(sac=sac).latest("date_created")
+        self.assertIsNotNone(sar)
+        self.assertEqual(
+            sar.component_page_numbers["schedule_findings"],
+            self.valid_page_numbers["schedule_findings"],
+        )
+
+    @patch("audit.views.upload_report_view.copy_file")
+    @patch("audit.validators._scan_file")
+    def test_keep_previous_report_copies_data(self, mock_scan_file, mock_copy_file):
+        """
+        When a user opts to copy their report during a resubmission, `keep_previous_report` is either True.
+        Create a previous report. Ensure the view redirects the user. Ensure `copy_file` was run with the right params. Spot check the data and file.
+        """
+        # Create the necessary "previous" report data.
+        prev_sequence = get_next_sequence_id(SAC_SEQUENCE_ID)
+        prev_sac = _mock_login_and_scan(
+            self.client,
+            mock_scan_file,
+            id=prev_sequence,
+            report_id=_mock_gen_report_id(prev_sequence),
+        )
+
+        baker.make(
+            SingleAuditReportFile,
+            sac=prev_sac,
+            file=f"singleauditreport/{prev_sac.report_id}.pdf",
+            filename=f"{prev_sac.report_id}.pdf",
+            component_page_numbers=self.valid_page_numbers,
+        )
+
+        # Create the necessary "current" report data, link it to the "previous".
+        current_sequence = get_next_sequence_id(SAC_SEQUENCE_ID)
+        current_sac = _mock_login_and_scan(
+            self.client,
+            mock_scan_file,
+            id=current_sequence,
+            report_id=_mock_gen_report_id(current_sequence),
+            resubmission_meta={"previous_report_id": prev_sac.report_id},
+        )
+
+        # POST with keep_previous_report checked
+        response = self.client.post(
+            reverse(
+                "audit:UploadReport",
+                kwargs={"report_id": current_sac.report_id},
+            ),
+            data={"keep_previous_report": True},
+        )
+
+        self.assertEqual(response.status_code, 302)
+
+        # Ensure the copy function was called.
+        mock_copy_file.assert_called_once_with(
+            f"singleauditreport/{prev_sac.report_id}.pdf",
+            f"singleauditreport/{current_sac.report_id}.pdf",
+        )
+
+        # Spot check the "new" file.
+        new_sar = SingleAuditReportFile.objects.filter(sac=current_sac).latest(
+            "date_created"
+        )
+        self.assertIsNotNone(new_sar)
+        self.assertEqual(
+            new_sar.component_page_numbers["schedule_findings"],
+            self.valid_page_numbers["schedule_findings"],
+        )
diff --git a/backend/audit/views/upload_report_view.py b/backend/audit/views/upload_report_view.py
index 8fe4284c99..8dd38adb2e 100644
--- a/backend/audit/views/upload_report_view.py
+++ b/backend/audit/views/upload_report_view.py
@@ -42,7 +42,7 @@ def __init__(self, text="", id="", required=True, hint=None):
 
 
 class UploadReportView(SingleAuditChecklistAccessRequiredMixin, generic.View):
-    def page_number_inputs(self) -> list[tuple]:
+    def page_number_inputs(self) -> list[PageInput]:
         """
         Build the input elements to be passed to the context for use in
         audit/templates/audit/upload-report.html

From 8ccac17912954a2113851d11a97efb974847ee42 Mon Sep 17 00:00:00 2001
From: James Person <jperson1@umbc.edu>
Date: Thu, 12 Mar 2026 17:17:45 -0400
Subject: [PATCH 9/9] Replace deprectaed `utcnow()`

---
 backend/dissemination/test_file_downloads.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/dissemination/test_file_downloads.py b/backend/dissemination/test_file_downloads.py
index 419dab9654..9451f99736 100644
--- a/backend/dissemination/test_file_downloads.py
+++ b/backend/dissemination/test_file_downloads.py
@@ -1,4 +1,4 @@
-from datetime import datetime
+from datetime import datetime, timezone
 
 from django.conf import settings
 from django.http import Http404
@@ -23,7 +23,7 @@ def setUp(self):
         pass
 
     def _report_id(self, sequence, source):
-        today = datetime.utcnow().date().isoformat()
+        today = datetime.now(timezone.utc).date().isoformat()
         return generate_sac_report_id(sequence=sequence, end_date=today, source=source)
 
     def test_gsafac_no_singleauditchecklist(self):