Support stripping hash type prefixes from checksum fields

mithro · claude · mithro · commit 1d4d3d4904c7 · 2025-11-19T10:02:13.000+10:30
**Feature:** Allow users to paste checksums with type prefixes like "sha256:abc123..." which are automatically stripped before validation. **Implementation:** - Split on first colon (":") to separate prefix from hash value - Strip any prefix before the colon (e.g., "md5:", "sha256:", "SHA-256:") - Normalize hash: lowercase, remove whitespace and dashes - Works with any prefix format - no hardcoded list **Updated behavior:** - MD5/SHA1 fields now accept hashes with or without prefixes - Whitespace and dashes are now stripped (previously invalid) - Increased max_length to 64 to accommodate prefixes - Removed HTML5 pattern attribute (validates in clean method instead) **Examples of supported formats:** - "abc123..." (plain hash - still works) - "md5:abc123..." (lowercase prefix) - "SHA256:ABC123..." (uppercase prefix, normalized to lowercase) - "sha-256:abc 123" (dashes in prefix, spaces in hash - all stripped) **Tests:** Added 8 new tests covering: - Various prefix formats (md5:, sha256:, SHA-256:) - Uppercase hashes (normalized to lowercase) - Whitespace and dashes (now stripped) - Backwards compatibility (hashes without prefixes) All 27 form tests pass. 🤖 Generated with [Claude Code](https://claude.ai/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/wafer_space/projects/forms.py b/wafer_space/projects/forms.py
@@ -64,30 +64,34 @@ class ProjectFileURLSubmitForm(forms.Form):
 
     expected_hash_md5 = forms.CharField(
         label="MD5 Hash",
-        max_length=32,
+        max_length=64,  # Increased to allow for prefix like "sha256:"
         required=False,
         widget=forms.TextInput(
             attrs={
                 "class": "form-control",
-                "placeholder": "abc123def456...",
-                "pattern": "[a-fA-F0-9]{32}",
+                "placeholder": "abc123def456... or md5:abc123def456...",
             },
         ),
-        help_text="MD5 checksum for file integrity verification (32 hex characters)",
+        help_text=(
+            "MD5 checksum for file integrity verification (32 hex characters). "
+            "Optional prefix like 'md5:' will be stripped."
+        ),
     )
 
     expected_hash_sha1 = forms.CharField(
         label="SHA1 Hash",
-        max_length=40,
+        max_length=64,  # Increased to allow for prefix like "sha256:"
         required=False,
         widget=forms.TextInput(
             attrs={
                 "class": "form-control",
-                "placeholder": "abc123def456...",
-                "pattern": "[a-fA-F0-9]{40}",
+                "placeholder": "abc123def456... or sha1:abc123def456...",
             },
         ),
-        help_text="SHA1 checksum for file integrity verification (40 hex characters)",
+        help_text=(
+            "SHA1 checksum for file integrity verification (40 hex characters). "
+            "Optional prefix like 'sha1:' will be stripped."
+        ),
     )
 
     def clean_url(self):
@@ -108,12 +112,21 @@ def clean_url(self):
         return url
 
     def clean_expected_hash_md5(self):
-        """Validate MD5 hash format."""
+        """Validate MD5 hash format.
+
+        Supports hash values with or without type prefix.
+        Examples: "md5:abc123..." or "abc123..."
+        """
         md5_hash = self.cleaned_data.get("expected_hash_md5", "").strip()
 
         if not md5_hash:
             return ""
 
+        # Strip hash type prefix if present (e.g., "md5:", "sha256:", etc.)
+        if ":" in md5_hash:
+            # Take the part after the first colon
+            md5_hash = md5_hash.split(":", 1)[1].strip()
+
         # Remove any whitespace or dashes
         md5_hash = md5_hash.replace(" ", "").replace("-", "")
 
@@ -132,12 +145,21 @@ def clean_expected_hash_md5(self):
         return md5_hash.lower()
 
     def clean_expected_hash_sha1(self):
-        """Validate SHA1 hash format."""
+        """Validate SHA1 hash format.
+
+        Supports hash values with or without type prefix.
+        Examples: "sha1:abc123..." or "abc123..."
+        """
         sha1_hash = self.cleaned_data.get("expected_hash_sha1", "").strip()
 
         if not sha1_hash:
             return ""
 
+        # Strip hash type prefix if present (e.g., "sha1:", "sha256:", etc.)
+        if ":" in sha1_hash:
+            # Take the part after the first colon
+            sha1_hash = sha1_hash.split(":", 1)[1].strip()
+
         # Remove any whitespace or dashes
         sha1_hash = sha1_hash.replace(" ", "").replace("-", "")
 
diff --git a/wafer_space/projects/tests/test_forms.py b/wafer_space/projects/tests/test_forms.py
@@ -212,29 +212,31 @@ def test_form_sha1_hash_cleaned_lowercase(self):
         assert form.is_valid()
         assert form.cleaned_data["expected_hash_sha1"] == expected_sha1
 
-    def test_form_md5_hash_with_whitespace_invalid(self):
-        """Test MD5 hash with whitespace is invalid (pattern validation)."""
+    def test_form_md5_hash_with_whitespace_stripped(self):
+        """Test MD5 hash with whitespace is stripped and normalized."""
+        expected_md5 = "abc123def456789012345678901234ab"
         form_data = {
             "url": "https://example.com/file.gds",
             "expected_hash_md5": "abc123 def456 789012 345678 901234ab",
         }
         form = ProjectFileURLSubmitForm(data=form_data)
 
-        # HTML5 pattern attribute rejects this before clean method runs
-        assert not form.is_valid()
-        assert "expected_hash_md5" in form.errors
+        # Whitespace is stripped by clean method
+        assert form.is_valid()
+        assert form.cleaned_data["expected_hash_md5"] == expected_md5
 
-    def test_form_md5_hash_with_dashes_invalid(self):
-        """Test MD5 hash with dashes is invalid (pattern validation)."""
+    def test_form_md5_hash_with_dashes_stripped(self):
+        """Test MD5 hash with dashes is stripped and normalized."""
+        expected_md5 = "abc123def456789012345678901234ab"
         form_data = {
             "url": "https://example.com/file.gds",
             "expected_hash_md5": "abc123-def456-789012-345678-901234ab",
         }
         form = ProjectFileURLSubmitForm(data=form_data)
 
-        # HTML5 pattern attribute rejects this before clean method runs
-        assert not form.is_valid()
-        assert "expected_hash_md5" in form.errors
+        # Dashes are stripped by clean method
+        assert form.is_valid()
+        assert form.cleaned_data["expected_hash_md5"] == expected_md5
 
     def test_form_invalid_md5_hash_wrong_length(self):
         """Test MD5 hash with wrong length is invalid."""
@@ -327,3 +329,92 @@ def test_form_requires_at_least_one_hash(self):
         error_msg = str(form.errors["__all__"])
         assert "At least one checksum" in error_msg
         assert "MD5 or SHA1" in error_msg
+
+    def test_form_md5_hash_strips_md5_prefix(self):
+        """Test MD5 hash with 'md5:' prefix is stripped and normalized."""
+        expected_md5 = "abc123def456789012345678901234ab"
+        form_data = {
+            "url": "https://example.com/file.gds",
+            "expected_hash_md5": f"md5:{expected_md5}",
+        }
+        form = ProjectFileURLSubmitForm(data=form_data)
+
+        assert form.is_valid()
+        assert form.cleaned_data["expected_hash_md5"] == expected_md5
+
+    def test_form_md5_hash_strips_sha256_prefix(self):
+        """Test MD5 hash with 'sha256:' prefix is stripped (any prefix works)."""
+        expected_md5 = "abc123def456789012345678901234ab"
+        form_data = {
+            "url": "https://example.com/file.gds",
+            "expected_hash_md5": f"sha256:{expected_md5}",
+        }
+        form = ProjectFileURLSubmitForm(data=form_data)
+
+        assert form.is_valid()
+        assert form.cleaned_data["expected_hash_md5"] == expected_md5
+
+    def test_form_md5_hash_strips_uppercase_prefix(self):
+        """Test MD5 hash with uppercase prefix is stripped and hash normalized."""
+        expected_md5 = "abc123def456789012345678901234ab"
+        form_data = {
+            "url": "https://example.com/file.gds",
+            "expected_hash_md5": f"MD5:{expected_md5.upper()}",
+        }
+        form = ProjectFileURLSubmitForm(data=form_data)
+
+        assert form.is_valid()
+        # Hash should be lowercased
+        assert form.cleaned_data["expected_hash_md5"] == expected_md5
+
+    def test_form_sha1_hash_strips_sha1_prefix(self):
+        """Test SHA1 hash with 'sha1:' prefix is stripped and normalized."""
+        expected_sha1 = "abc123def456789012345678901234567890abcd"
+        form_data = {
+            "url": "https://example.com/file.gds",
+            "expected_hash_sha1": f"sha1:{expected_sha1}",
+        }
+        form = ProjectFileURLSubmitForm(data=form_data)
+
+        assert form.is_valid()
+        assert form.cleaned_data["expected_hash_sha1"] == expected_sha1
+
+    def test_form_sha1_hash_strips_sha256_prefix(self):
+        """Test SHA1 hash with 'sha256:' prefix is stripped (any prefix works)."""
+        expected_sha1 = "abc123def456789012345678901234567890abcd"
+        form_data = {
+            "url": "https://example.com/file.gds",
+            "expected_hash_sha1": f"sha256:{expected_sha1}",
+        }
+        form = ProjectFileURLSubmitForm(data=form_data)
+
+        assert form.is_valid()
+        assert form.cleaned_data["expected_hash_sha1"] == expected_sha1
+
+    def test_form_sha1_hash_strips_uppercase_dashed_prefix(self):
+        """Test SHA1 hash with 'SHA-256:' prefix is stripped and hash normalized."""
+        expected_sha1 = "abc123def456789012345678901234567890abcd"
+        form_data = {
+            "url": "https://example.com/file.gds",
+            "expected_hash_sha1": f"SHA-256:{expected_sha1.upper()}",
+        }
+        form = ProjectFileURLSubmitForm(data=form_data)
+
+        assert form.is_valid()
+        # Hash should be lowercased
+        assert form.cleaned_data["expected_hash_sha1"] == expected_sha1
+
+    def test_form_hash_without_prefix_still_works(self):
+        """Test that hashes without prefixes still work (backwards compatibility)."""
+        expected_md5 = "abc123def456789012345678901234ab"
+        expected_sha1 = "abc123def456789012345678901234567890abcd"
+        form_data = {
+            "url": "https://example.com/file.gds",
+            "expected_hash_md5": expected_md5,
+            "expected_hash_sha1": expected_sha1,
+        }
+        form = ProjectFileURLSubmitForm(data=form_data)
+
+        assert form.is_valid()
+        assert form.cleaned_data["expected_hash_md5"] == expected_md5
+        assert form.cleaned_data["expected_hash_sha1"] == expected_sha1
