mat2-web/test/test.py

import base64
import unittest
import tempfile
import shutil
import io
import os

from unittest.mock import patch

import main


class Mat2WebTestCase(unittest.TestCase):
    def setUp(self):
        os.environ.setdefault('MAT2_ALLOW_ORIGIN_WHITELIST', 'origin1.gnu origin2.gnu')
        self.upload_folder = tempfile.mkdtemp()
        app = main.create_app(
            test_config={
                'TESTING': True,
                'UPLOAD_FOLDER': self.upload_folder
            }
        )
        self.app = app.test_client()

    def tearDown(self):
        shutil.rmtree(self.upload_folder)

    def test_get_root(self):
        rv = self.app.get('/')
        self.assertIn(b'mat2-web', rv.data)

    def test_check_mimetypes(self):
        rv = self.app.get('/')
        self.assertIn(b'.torrent', rv.data)
        self.assertIn(b'.ods', rv.data)

    def test_get_download_dangerous_file(self):
        rv = self.app.get('/download/1337/\..\filename')
        self.assertEqual(rv.status_code, 302)

    def test_get_download_without_key_file(self):
        rv = self.app.get('/download/non_existant')
        self.assertEqual(rv.status_code, 404)

    def test_get_download_nonexistant_file(self):
        rv = self.app.get('/download/1337/non_existant')
        self.assertEqual(rv.status_code, 302)

    def test_get_upload_without_file(self):
        rv = self.app.post('/')
        self.assertEqual(rv.status_code, 302)

    def test_get_upload_empty_file(self):
        rv = self.app.post('/',
                data=dict(
                    file=(io.BytesIO(b""), 'test.pdf'),
                    ), follow_redirects=False)
        self.assertEqual(rv.status_code, 302)

    def test_get_upload_empty_file_redir(self):
        rv = self.app.post('/',
                data=dict(
                    file=(io.BytesIO(b""), 'test.pdf'),
                    ), follow_redirects=True)
        self.assertIn(b'The type application/pdf is not supported',
                rv.data)
        self.assertEqual(rv.status_code, 200)

    def test_get_upload_no_selected_file(self):
        rv = self.app.post('/',
                           data=dict(
                               file=(io.BytesIO(b""), ''),
                           ), follow_redirects=True)
        self.assertIn(b'No selected file',
                      rv.data)
        self.assertEqual(rv.status_code, 200)

    def test_failed_cleaning(self):
        zip_file_bytes = base64.b64decode(
            'UEsDBBQACAAIAPicPE8AAAAAAAAAAAAAAAAXACAAZmFpbGluZy5ub3Qtd29ya2luZy1le'
            'HRVVA0AB+Saj13kmo9d5JqPXXV4CwABBOkDAAAE6QMAAAMAUEsHCAAAAAACAAAAAAAAAFBL'
            'AwQUAAgACAD6nDxPAAAAAAAAAAAAAAAACQAgAHRlc3QuanNvblVUDQAH6JqPXeiaj13omo9d'
            'dXgLAAEE6QMAAATpAwAAAwBQSwcIAAAAAAIAAAAAAAAAUEsBAhQDFAAIAAgA+Jw8TwAAAAACA'
            'AAAAAAAABcAIAAAAAAAAAAAAKSBAAAAAGZhaWxpbmcubm90LXdvcmtpbmctZXh0VVQNAAfkmo9'
            'd5JqPXeSaj111eAsAAQTpAwAABOkDAABQSwECFAMUAAgACAD6nDxPAAAAAAIAAAAAAAAACQAgA'
            'AAAAAAAAAAApIFnAAAAdGVzdC5qc29uVVQNAAfomo9d6JqPXeiaj111eAsAAQTpAwAABOkDAAB'
            'QSwUGAAAAAAIAAgC8AAAAwAAAAAAA'
        )
        rv = self.app.post('/',
                           data=dict(
                               file=(io.BytesIO(zip_file_bytes), 'test.zip'),
                           ), follow_redirects=True)
        self.assertIn(b'Unable to clean',rv.data)
        self.assertEqual(rv.status_code, 200)

    def test_get_upload_no_file_name(self):
        rv = self.app.post('/',
                data=dict(
                    file=(io.BytesIO(b"aaa")),
                    ), follow_redirects=True)
        self.assertIn(b'No file part', rv.data)
        self.assertEqual(rv.status_code, 200)

    def test_get_upload_harmless_file(self):
        rv = self.app.post('/',
                data=dict(
                    file=(io.BytesIO(b"Some text"), 'test.txt'),
                    ), follow_redirects=True)
        self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt', rv.data)
        self.assertEqual(rv.status_code, 200)
        self.assertNotIn('Access-Control-Allow-Origin', rv.headers)

        rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
        self.assertEqual(rv.status_code, 200)

        rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
        self.assertEqual(rv.status_code, 302)

    def test_upload_wrong_hash(self):
        rv = self.app.post('/',
                           data=dict(
                               file=(io.BytesIO(b"Some text"), 'test.txt'),
                           ), follow_redirects=True)
        self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt',
                      rv.data)
        self.assertEqual(rv.status_code, 200)

        rv = self.app.get('/download/70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
        self.assertEqual(rv.status_code, 302)

    @patch('matweb.file_removal_scheduler.random.randint')
    def test_upload_leftover(self, randint_mock):
        randint_mock.return_value = 0
        os.environ['MAT2_MAX_FILE_AGE_FOR_REMOVAL'] = '0'
        app = main.create_app()
        self.upload_folder = tempfile.mkdtemp()
        app.config.update(
            TESTING=True,
            UPLOAD_FOLDER=self.upload_folder
        )
        app = app.test_client()

        request = self.app.post('/',
                           data=dict(
                               file=(io.BytesIO(b"Some text"), 'test.txt'),
                           ), follow_redirects=True)
        self.assertEqual(request.status_code, 200)
        request = app.get(
            b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt'
        )
        self.assertEqual(302, request.status_code)
        os.environ['MAT2_MAX_FILE_AGE_FOR_REMOVAL'] = '9999'

    def test_info_page(self):
        rv = self.app.get('/info')
        self.assertIn(b'What are metadata?', rv.data)
        self.assertIn(b'.asc', rv.data)
        self.assertIn(b'.mp2', rv.data)
        self.assertEqual(rv.status_code, 200)


if __name__ == '__main__':
    unittest.main()
file removal background job 2020-03-27 10:59:16 -07:00			`import base64`
Add some tests 2018-12-16 20:36:02 +01:00			`import unittest`
Add even more tests 2018-12-16 21:33:18 +01:00			`import tempfile`
			`import shutil`
			`import io`
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch> 2019-07-09 14:56:21 -07:00			`import os`
Add some tests 2018-12-16 20:36:02 +01:00
file removal background job 2020-03-27 10:59:16 -07:00			`from unittest.mock import patch`

Add some tests 2018-12-16 20:36:02 +01:00			`import main`


added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch> 2019-07-09 14:56:21 -07:00			`class Mat2WebTestCase(unittest.TestCase):`
Add some tests 2018-12-16 20:36:02 +01:00			`def setUp(self):`
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch> 2019-07-09 14:56:21 -07:00			`os.environ.setdefault('MAT2_ALLOW_ORIGIN_WHITELIST', 'origin1.gnu origin2.gnu')`
			`self.upload_folder = tempfile.mkdtemp()`
Refactoring 2020-04-23 10:39:35 -07:00			`app = main.create_app(`
			`test_config={`
			`'TESTING': True,`
			`'UPLOAD_FOLDER': self.upload_folder`
			`}`
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch> 2019-07-09 14:56:21 -07:00			`)`
			`self.app = app.test_client()`
Add some tests 2018-12-16 20:36:02 +01:00
Add even more tests 2018-12-16 21:33:18 +01:00			`def tearDown(self):`
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch> 2019-07-09 14:56:21 -07:00			`shutil.rmtree(self.upload_folder)`
Add even more tests 2018-12-16 21:33:18 +01:00
Add some tests 2018-12-16 20:36:02 +01:00			`def test_get_root(self):`
			`rv = self.app.get('/')`
			`self.assertIn(b'mat2-web', rv.data)`

Supported types are now directly provided by mat2 2018-12-16 21:47:25 +01:00			`def test_check_mimetypes(self):`
			`rv = self.app.get('/')`
Improve the display of supported formats - Show the extension instead of the mimetype - Sort the results 2019-03-06 21:20:39 +01:00			`self.assertIn(b'.torrent', rv.data)`
			`self.assertIn(b'.ods', rv.data)`
Supported types are now directly provided by mat2 2018-12-16 21:47:25 +01:00
Add some tests 2018-12-16 20:36:02 +01:00			`def test_get_download_dangerous_file(self):`
Mitigate filename-based race conditions 2019-02-22 21:17:48 +01:00			`rv = self.app.get('/download/1337/\..\filename')`
Add some tests 2018-12-16 20:36:02 +01:00			`self.assertEqual(rv.status_code, 302)`

Mitigate filename-based race conditions 2019-02-22 21:17:48 +01:00			`def test_get_download_without_key_file(self):`
Add some tests 2018-12-16 20:36:02 +01:00			`rv = self.app.get('/download/non_existant')`
Mitigate filename-based race conditions 2019-02-22 21:17:48 +01:00			`self.assertEqual(rv.status_code, 404)`

			`def test_get_download_nonexistant_file(self):`
			`rv = self.app.get('/download/1337/non_existant')`
Add some tests 2018-12-16 20:36:02 +01:00			`self.assertEqual(rv.status_code, 302)`

Add even more tests 2018-12-16 21:33:18 +01:00			`def test_get_upload_without_file(self):`
			`rv = self.app.post('/')`
			`self.assertEqual(rv.status_code, 302)`

			`def test_get_upload_empty_file(self):`
			`rv = self.app.post('/',`
			`data=dict(`
			`file=(io.BytesIO(b""), 'test.pdf'),`
			`), follow_redirects=False)`
			`self.assertEqual(rv.status_code, 302)`

			`def test_get_upload_empty_file_redir(self):`
			`rv = self.app.post('/',`
			`data=dict(`
			`file=(io.BytesIO(b""), 'test.pdf'),`
			`), follow_redirects=True)`
			`self.assertIn(b'The type application/pdf is not supported',`
			`rv.data)`
			`self.assertEqual(rv.status_code, 200)`

file removal background job 2020-03-27 10:59:16 -07:00			`def test_get_upload_no_selected_file(self):`
			`rv = self.app.post('/',`
			`data=dict(`
			`file=(io.BytesIO(b""), ''),`
			`), follow_redirects=True)`
			`self.assertIn(b'No selected file',`
			`rv.data)`
			`self.assertEqual(rv.status_code, 200)`

			`def test_failed_cleaning(self):`
			`zip_file_bytes = base64.b64decode(`
			`'UEsDBBQACAAIAPicPE8AAAAAAAAAAAAAAAAXACAAZmFpbGluZy5ub3Qtd29ya2luZy1le'`
			`'HRVVA0AB+Saj13kmo9d5JqPXXV4CwABBOkDAAAE6QMAAAMAUEsHCAAAAAACAAAAAAAAAFBL'`
			`'AwQUAAgACAD6nDxPAAAAAAAAAAAAAAAACQAgAHRlc3QuanNvblVUDQAH6JqPXeiaj13omo9d'`
			`'dXgLAAEE6QMAAATpAwAAAwBQSwcIAAAAAAIAAAAAAAAAUEsBAhQDFAAIAAgA+Jw8TwAAAAACA'`
			`'AAAAAAAABcAIAAAAAAAAAAAAKSBAAAAAGZhaWxpbmcubm90LXdvcmtpbmctZXh0VVQNAAfkmo9'`
			`'d5JqPXeSaj111eAsAAQTpAwAABOkDAABQSwECFAMUAAgACAD6nDxPAAAAAAIAAAAAAAAACQAgA'`
			`'AAAAAAAAAAApIFnAAAAdGVzdC5qc29uVVQNAAfomo9d6JqPXeiaj111eAsAAQTpAwAABOkDAAB'`
			`'QSwUGAAAAAAIAAgC8AAAAwAAAAAAA'`
			`)`
			`rv = self.app.post('/',`
			`data=dict(`
			`file=(io.BytesIO(zip_file_bytes), 'test.zip'),`
			`), follow_redirects=True)`
			`self.assertIn(b'Unable to clean',rv.data)`
			`self.assertEqual(rv.status_code, 200)`

Bump coverage 2018-12-16 21:41:23 +01:00			`def test_get_upload_no_file_name(self):`
			`rv = self.app.post('/',`
			`data=dict(`
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch> 2019-07-09 14:56:21 -07:00			`file=(io.BytesIO(b"aaa")),`
Bump coverage 2018-12-16 21:41:23 +01:00			`), follow_redirects=True)`
			`self.assertIn(b'No file part', rv.data)`
			`self.assertEqual(rv.status_code, 200)`

Add a test with a valid file 2018-12-16 21:37:15 +01:00			`def test_get_upload_harmless_file(self):`
			`rv = self.app.post('/',`
			`data=dict(`
			`file=(io.BytesIO(b"Some text"), 'test.txt'),`
			`), follow_redirects=True)`
Mitigate filename-based race conditions 2019-02-22 21:17:48 +01:00			`self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt', rv.data)`
Add a test with a valid file 2018-12-16 21:37:15 +01:00			`self.assertEqual(rv.status_code, 200)`
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch> 2019-07-09 14:56:21 -07:00			`self.assertNotIn('Access-Control-Allow-Origin', rv.headers)`
Add a test with a valid file 2018-12-16 21:37:15 +01:00
Mitigate filename-based race conditions 2019-02-22 21:17:48 +01:00			`rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')`
Add a test with a valid file 2018-12-16 21:37:15 +01:00			`self.assertEqual(rv.status_code, 200)`

Mitigate filename-based race conditions 2019-02-22 21:17:48 +01:00			`rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')`
Add a test with a valid file 2018-12-16 21:37:15 +01:00			`self.assertEqual(rv.status_code, 302)`

added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch> 2019-07-09 14:56:21 -07:00			`def test_upload_wrong_hash(self):`
			`rv = self.app.post('/',`
			`data=dict(`
			`file=(io.BytesIO(b"Some text"), 'test.txt'),`
			`), follow_redirects=True)`
			`self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt',`
			`rv.data)`
			`self.assertEqual(rv.status_code, 200)`

			`rv = self.app.get('/download/70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')`
			`self.assertEqual(rv.status_code, 302)`

Refactoring 2020-04-23 10:39:35 -07:00			`@patch('matweb.file_removal_scheduler.random.randint')`
file removal background job 2020-03-27 10:59:16 -07:00			`def test_upload_leftover(self, randint_mock):`
			`randint_mock.return_value = 0`
			`os.environ['MAT2_MAX_FILE_AGE_FOR_REMOVAL'] = '0'`
			`app = main.create_app()`
			`self.upload_folder = tempfile.mkdtemp()`
			`app.config.update(`
			`TESTING=True,`
			`UPLOAD_FOLDER=self.upload_folder`
			`)`
			`app = app.test_client()`

			`request = self.app.post('/',`
			`data=dict(`
			`file=(io.BytesIO(b"Some text"), 'test.txt'),`
			`), follow_redirects=True)`
			`self.assertEqual(request.status_code, 200)`
			`request = app.get(`
			`b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt'`
			`)`
			`self.assertEqual(302, request.status_code)`
			`os.environ['MAT2_MAX_FILE_AGE_FOR_REMOVAL'] = '9999'`

added a very basic test for the info page 2020-04-13 23:02:55 +02:00			`def test_info_page(self):`
			`rv = self.app.get('/info')`
			`self.assertIn(b'What are metadata?', rv.data)`
			`self.assertIn(b'.asc', rv.data)`
			`self.assertIn(b'.mp2', rv.data)`
			`self.assertEqual(rv.status_code, 200)`

Add even more tests 2018-12-16 21:33:18 +01:00
Add some tests 2018-12-16 20:36:02 +01:00			`if __name__ == '__main__':`
			`unittest.main()`