From 85b52f9f6572ecfb8aed4482a454875e8b89db04 Mon Sep 17 00:00:00 2001
From: Sergei Maertens <sergei@maykinmedia.nl>
Date: Wed, 17 Jul 2024 17:23:10 +0200
Subject: [PATCH] :sparkles: [#75] Offer metadata as file for download

Using Content-Disposition attachment offers the file for download to
the client rather than viewing it inline.

The actual reason the dislaying was botched was because of the content
security policy which blocked styles (not sure how that works).
However, if that were to be addressed, it leaves the certificate data
newlines being displayed as spaces, still producing content that is
not ready to copy-and-paste, so downloading a file is the best option.
---
 digid_eherkenning/metadata_urls.py     |  3 +++
 digid_eherkenning/saml2/digid.py       |  2 +-
 digid_eherkenning/saml2/eherkenning.py |  2 +-
 digid_eherkenning/views/metadata.py    | 11 ++++++++++-
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/digid_eherkenning/metadata_urls.py b/digid_eherkenning/metadata_urls.py
index 6728958..7260716 100644
--- a/digid_eherkenning/metadata_urls.py
+++ b/digid_eherkenning/metadata_urls.py
@@ -16,6 +16,7 @@
         MetadataView.as_view(
             config_model=DigidConfiguration,
             metadata_generator=generate_digid_metadata,
+            filename="digid-metadata.xml",
         ),
         name="digid",
     ),
@@ -24,6 +25,7 @@
         MetadataView.as_view(
             config_model=EherkenningConfiguration,
             metadata_generator=generate_eherkenning_metadata,
+            filename="eh-metadata.xml",
         ),
         name="eherkenning",
     ),
@@ -32,6 +34,7 @@
         MetadataView.as_view(
             config_model=EherkenningConfiguration,
             metadata_generator=generate_dienst_catalogus_metadata,
+            filename="dienstcatalogus.xml",
         ),
         name="eh-dienstcatalogus",
     ),
diff --git a/digid_eherkenning/saml2/digid.py b/digid_eherkenning/saml2/digid.py
index d9c9ce7..6636acb 100644
--- a/digid_eherkenning/saml2/digid.py
+++ b/digid_eherkenning/saml2/digid.py
@@ -12,7 +12,7 @@ def generate_digid_metadata() -> bytes:
     client.saml2_setting_kwargs = {"sp_validation_only": True}
     metadata = client.create_metadata()
     return (
-        b"<?xml version='1.0' encoding='UTF-8'?>" + metadata
+        b'<?xml version="1.0" encoding="UTF-8"?>\n' + metadata
         if not metadata.startswith(b"<?xml")
         else metadata
     )
diff --git a/digid_eherkenning/saml2/eherkenning.py b/digid_eherkenning/saml2/eherkenning.py
index 2db7efb..403eb2a 100644
--- a/digid_eherkenning/saml2/eherkenning.py
+++ b/digid_eherkenning/saml2/eherkenning.py
@@ -62,7 +62,7 @@ def generate_eherkenning_metadata():
     client.saml2_setting_kwargs = {"sp_validation_only": True}
     metadata = client.create_metadata()
     return (
-        b'<?xml version="1.0" encoding="UTF-8"?>' + metadata
+        b'<?xml version="1.0" encoding="UTF-8"?>\n' + metadata
         if not metadata.startswith(b"<?xml")
         else metadata
     )
diff --git a/digid_eherkenning/views/metadata.py b/digid_eherkenning/views/metadata.py
index af99bb9..260d35d 100644
--- a/digid_eherkenning/views/metadata.py
+++ b/digid_eherkenning/views/metadata.py
@@ -15,6 +15,7 @@
 class MetadataView(View):
     config_model: Type[BaseConfiguration] = BaseConfiguration
     metadata_generator: Callable[[], bytes] = lambda: b""
+    filename: str = "metadata.xml"
 
     def get(self, request: HttpRequest) -> HttpResponseBase:
         config = self.config_model.get_solo()
@@ -43,7 +44,15 @@ def get(self, request: HttpRequest) -> HttpResponseBase:
                 },
             )
             return self._get_generic_error_response()
-        return HttpResponse(metadata, content_type="text/xml")
+        # RFC 6266, 4.1, and RFC 2616 Section 2.2
+        sanitized_filename = self.filename.replace('"', r"\"")
+        return HttpResponse(
+            metadata,
+            content_type="text/xml",
+            headers={
+                "Content-Disposition": f'attachment; filename="{sanitized_filename}"',
+            },
+        )
 
     @staticmethod
     def _get_generic_error_response() -> HttpResponseBadRequest: