feat: validate file length in zgw document download view

swrichards · swrichards · commit 47c76bf036df · 2026-02-26T09:05:34.000+01:00
If the ZGW document backend is misbehaving, for instance because
an intermediate service gateway is broken and returns some kind
of XML message, the user will see a broken download message,
because the announced content-length will not in fact match the
content. In those cases, it's better UX to log and display an
error message.
diff --git a/src/open_inwoner/cms/cases/views/status.py b/src/open_inwoner/cms/cases/views/status.py
@@ -848,6 +848,34 @@ def get(self, request, *args, **kwargs):
         if not content_stream:
             raise Http404
 
+        # Validate the actual content length matches the expected size
+        actual_content_length = content_stream.headers.get("Content-Length")
+        if (
+            actual_content_length
+            and int(actual_content_length) != info_object.bestandsomvang
+        ):
+            logger.warning(
+                "Document size mismatch",
+                info_object_uuid=info_object_uuid,
+                expected_size=info_object.bestandsomvang,
+                actual_size=actual_content_length,
+            )
+            messages.error(
+                request,
+                _(
+                    "Het document kon niet worden gedownload vanwege een fout in de gegevens."
+                ),
+            )
+            return HttpResponseRedirect(
+                reverse(
+                    "cases:case_detail",
+                    kwargs={
+                        "api_group_id": self.kwargs["api_group_id"],
+                        "object_id": self.zaak.uuid,
+                    },
+                )
+            )
+
         self.log_case_document_downloaded(self.zaak, info_object.bestandsnaam)
 
         headers = {
diff --git a/src/open_inwoner/openzaak/tests/test_documents.py b/src/open_inwoner/openzaak/tests/test_documents.py
@@ -518,6 +518,29 @@ def test_no_data_is_retrieved_when_document_download_data_http_500(self, m):
 
         self.app.get(self.informatie_object_file.url, user=self.user, status=404)
 
+    def test_document_download_with_size_mismatch_shows_error(self, m):
+        self._setUpAccessMocks(m)
+        m.get(self.informatie_object["url"], json=self.informatie_object)
+        # Mock the download endpoint with mismatched content length
+        wrong_content = b"wrong content"
+        m.get(
+            self.informatie_object["inhoud"],
+            content=wrong_content,
+            headers={"Content-Length": str(len(wrong_content))},
+        )
+
+        # Expect a redirect - auto_follow=False prevents following the redirect
+        response = self.app.get(
+            self.informatie_object_file.url,
+            user=self.user,
+            status=302,
+            auto_follow=False,
+        )
+
+        # Verify redirect location
+        expected_redirect = f"/cases/{self.api_group.id}/{self.zaak['uuid']}/status/"
+        self.assertEqual(response.location, expected_redirect)
+
     def test_document_download_request_uses_service_credentials(self, m):
         server = CertificateFactory(label="server", cert_only=True)
         client = CertificateFactory(label="client", key_pair=True)
