Skip to content

web/admin: fix file upload not preserving extension for custom names with dots#19548

Merged
dominic-r merged 4 commits intomainfrom
sdko/fix-file-name-dots-fe
Jan 23, 2026
Merged

web/admin: fix file upload not preserving extension for custom names with dots#19548
dominic-r merged 4 commits intomainfrom
sdko/fix-file-name-dots-fe

Conversation

@dominic-r
Copy link
Member

@dominic-r dominic-r commented Jan 18, 2026

Overview:

The hasBasenameExtension() function in FileUploadForm.ts incorrectly determined whether a custom filename already had an extension by checking if it contained any dot at position > 0.

This caused filenames like "e._.e" to be treated as having an extension, so the original file's extension was not appended. The file would be saved as "e._.e" instead of "e._.e.jpg", which caused mimetypes.guess_type() to return None (since ".e" is not a recognized extension) and the backend to fall back to "application/octet-stream".

Removed hasBasenameExtension() entirely. Since the UI explicitly states "Optionally rename the file (without extension)", we now always append the original file's extension when a custom name is provided.

Testing:

  1. Upload a JPG file with custom name "e" --> saves as "e.jpg", and is detected as "image/jpeg"
  2. Upload a JPG file with custom name "e._.e" --> now saves as "e._.e.jpg",and is detected as "image/jpeg"

Motivation:

Fixes incorrect MIME type detection for uploaded files when users provide custom filenames containing dots.

@dominic-r dominic-r added this to the Release 2025.12.2 milestone Jan 18, 2026
@dominic-r dominic-r self-assigned this Jan 18, 2026
@dominic-r dominic-r added the area:frontend Features or issues related to the browser, TypeScript, Node.js, etc label Jan 18, 2026
@dominic-r dominic-r requested a review from a team as a code owner January 18, 2026 01:30
@dominic-r dominic-r added the backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12 label Jan 18, 2026
@netlify
Copy link

netlify bot commented Jan 18, 2026
edited
Loading

Deploy Preview for authentik-storybook ready!

Name Link
🔨 Latest commit 576ce31
🔍 Latest deploy log https://app.netlify.com/projects/authentik-storybook/deploys/6972bae96156e50008b5dd1f
😎 Deploy Preview https://deploy-preview-19548--authentik-storybook.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Jan 18, 2026
edited
Loading

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit ca9a8c9
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/6972b9c8c5eb990008b1eb13
😎 Deploy Preview https://deploy-preview-19548--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov
Copy link

codecov bot commented Jan 18, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.27%. Comparing base (7550b85) to head (576ce31).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #19548      +/-   ##
==========================================
+ Coverage   93.26%   93.27%   +0.01%     
==========================================
  Files         949      949              
  Lines       52187    52187              
==========================================
+ Hits        48671    48677       +6     
+ Misses       3516     3510       -6
Flag Coverage Δ
conformance 38.25% <ø> (+<0.01%) ⬆️
e2e 44.09% <ø> (-0.05%) ⬇️
integration 23.19% <ø> (+<0.01%) ⬆️
unit 91.51% <ø> (+<0.01%) ⬆️
unit-migrate 91.55% <ø> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 18, 2026
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-576ce315dcc3046e0ca95e0abdb327e968734192
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-576ce315dcc3046e0ca95e0abdb327e968734192

Afterwards, run the upgrade commands from the latest release notes.

kensternberg-authentik
kensternberg-authentik approved these changes Jan 22, 2026
View reviewed changes
Copy link
Contributor

@kensternberg-authentik kensternberg-authentik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's valid and it does what it says it should do, but the custom filename logic is a little convoluted and obscures intent; I left a suggestion on how to clean it up.

@github-project-automation github-project-automation bot moved this from Todo to In Progress in authentik Core Jan 22, 2026
@dominic-r
web/admin: fix file upload not preserving extension for custom names …
e903155 
…with dots

Overview:

The `hasBasenameExtension()` function in `FileUploadForm.ts` incorrectly determined whether a custom filename already had an extension by checking if it contained any dot at position > 0.

This caused filenames like "e._.e" to be treated as having an extension, so the original file's extension was not appended. The file would be saved as "e._.e" instead of "e._.e.jpg", which caused `mimetypes.guess_type()` to return `None` (since ".e" is not a recognized extension) and the backend to fall back to "application/octet-stream".

Removed `hasBasenameExtension()` entirely. Since the UI explicitly states "Optionally rename the file (without extension)", we now always append the original file's extension when a custom name is provided.

Testing:

1. Upload a JPG file with custom name "e" --> saves as "e.jpg", and is detected as "image/jpeg"
2. Upload a JPG file with custom name "e._.e" --> now saves as "e._.e.jpg",and is detected as "image/jpeg"

Motivation:

Fixes incorrect MIME type detection for uploaded files when users provide custom filenames containing dots.
@dominic-r
web: lint
571d896
@dominic-r
web: Ken's suggestion
ca9a8c9
@dominic-r dominic-r force-pushed the sdko/fix-file-name-dots-fe branch from 673bafd to ca9a8c9 Compare January 22, 2026 23:59
@dominic-r dominic-r requested a review from a team as a code owner January 22, 2026 23:59
@dominic-r dominic-r enabled auto-merge (squash) January 22, 2026 23:59
@dominic-r dominic-r merged commit c67447d into main Jan 23, 2026
100 checks passed
@dominic-r dominic-r deleted the sdko/fix-file-name-dots-fe branch January 23, 2026 00:39
@github-project-automation github-project-automation bot moved this from In Progress to Done in authentik Core Jan 23, 2026
authentik-automation bot pushed a commit that referenced this pull request Jan 23, 2026
@dominic-r @authentik-automation
Cherry-pick #19548 to version-2025.12 (with conflicts)
5990164 
This cherry-pick has conflicts that need manual resolution.

Original PR: #19548
Original commit: c67447d
@authentik-automation authentik-automation bot mentioned this pull request Jan 23, 2026
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Jan 23, 2026

⚠️ Cherry-pick to version-2025.12 has conflicts: #19685

dominic-r added a commit that referenced this pull request Jan 29, 2026
@dominic-r
Cherry-pick #19548 to version-2025.12 (with conflicts)
33491f2 
This cherry-pick has conflicts that need manual resolution.

Original PR: #19548
Original commit: c67447d
dominic-r added a commit that referenced this pull request Jan 30, 2026
@dominic-r
Cherry-pick #19548 to version-2025.12 (with conflicts)
4af7ea7 
This cherry-pick has conflicts that need manual resolution.

Original PR: #19548
Original commit: c67447d
dominic-r added a commit that referenced this pull request Jan 30, 2026
@authentik-automation @dominic-r
web/admin: fix file upload not preserving extension for custom names …
29e23ce 
…with dots (cherry-pick #19548 to version-2025.12) (#19685)

Cherry-pick #19548 to version-2025.12 (with conflicts)

This cherry-pick has conflicts that need manual resolution.

Original PR: #19548
Original commit: c67447d

Co-authored-by: Dominic R <dominic@sdko.org>
kensternberg-authentik added a commit that referenced this pull request Jan 31, 2026
@kensternberg-authentik
Merge branch 'main' into dev
e6ca150 
* main: (115 commits)
  internal: fix incorrect metric calculation (#19701)
  core, web: update translations (#19684)
  core: bump goauthentik.io/api/v3 from 3.2026020.12 to 3.2026020.14 (#19686)
  lifecycle/aws: bump aws-cdk from 2.1101.0 to 2.1102.0 in /lifecycle/aws (#19687)
  core: bump goauthentik/selenium from 143.0-ak-0.35.3 to 144.0-ak-0.35.7 in /tests/e2e (#19688)
  core: bump msgraph-sdk from 1.52.0 to 1.53.0 (#19689)
  core: bump ruff from 0.14.13 to 0.14.14 (#19690)
  core: bump twilio from 9.9.1 to 9.10.0 (#19691)
  core: bump gunicorn from 23.0.0 to 24.0.0 (#19692)
  web: bump the bundler group across 1 directory with 3 updates (#19693)
  web: bump unist-util-visit from 5.0.0 to 5.1.0 in /web (#19694)
  web: bump globals from 17.0.0 to 17.1.0 in /web (#19695)
  ci: bump actions/checkout from 6.0.1 to 6.0.2 (#19696)
  web: Form Modal Independence: Part 1 (#19395)
  web/common: add dev middleware to show warnings for consecutive identical requests (#19671)
  web/admin: fix file upload not preserving extension for custom names with dots (#19548)
  web/admin: fix brand form sending "undefined" string for blank default application (#19658)
  providers/proxy: Fix incorrect comparison of redirect URL and CookieDomain (#15686)
  core: add bulk session revocation (#18564)
  website/docs: endpoint devices: add serial number note (#19677)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kensternberg-authentik kensternberg-authentik kensternberg-authentik approved these changes

Assignees

@dominic-r dominic-r

Labels

area:frontend Features or issues related to the browser, TypeScript, Node.js, etc backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12

Projects

authentik Core
Status: Done

Milestone

Release 2025.12.2

Development

Successfully merging this pull request may close these issues.

2 participants

@dominic-r @kensternberg-authentik