2019-11-10 16:51:08 -05:00
|
|
|
import requests
|
|
|
|
|
2022-10-23 08:09:56 -04:00
|
|
|
from PySide6 import QtTest
|
2019-11-10 16:51:08 -05:00
|
|
|
|
|
|
|
from .gui_base_test import GuiBaseTest
|
|
|
|
|
|
|
|
|
|
|
|
class TestWebsite(GuiBaseTest):
|
|
|
|
# Shared test methods
|
|
|
|
|
|
|
|
def view_website(self, tab):
|
|
|
|
"""Test that we can download the share"""
|
|
|
|
url = f"http://127.0.0.1:{tab.app.port}/"
|
2021-08-27 01:52:29 -04:00
|
|
|
r = requests.get(url)
|
2020-10-14 23:17:08 -04:00
|
|
|
QtTest.QTest.qWait(500, self.gui.qtapp)
|
2019-11-10 16:51:08 -05:00
|
|
|
self.assertTrue("This is a test website hosted by OnionShare" in r.text)
|
|
|
|
|
|
|
|
def check_csp_header(self, tab):
|
|
|
|
"""Test that the CSP header is present when enabled or vice versa"""
|
|
|
|
url = f"http://127.0.0.1:{tab.app.port}/"
|
2021-08-27 01:52:29 -04:00
|
|
|
r = requests.get(url)
|
2020-10-14 23:17:08 -04:00
|
|
|
QtTest.QTest.qWait(500, self.gui.qtapp)
|
2019-11-10 16:51:08 -05:00
|
|
|
if tab.settings.get("website", "disable_csp"):
|
|
|
|
self.assertFalse("Content-Security-Policy" in r.headers)
|
2021-11-08 00:31:05 -05:00
|
|
|
elif tab.settings.get("website", "custom_csp"):
|
|
|
|
self.assertEqual(tab.settings.get("website", "custom_csp"), r.headers["Content-Security-Policy"])
|
2019-11-10 16:51:08 -05:00
|
|
|
else:
|
2021-11-08 00:31:05 -05:00
|
|
|
self.assertEqual("default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; img-src 'self' data:;", r.headers["Content-Security-Policy"])
|
2019-11-10 16:51:08 -05:00
|
|
|
|
|
|
|
def run_all_website_mode_setup_tests(self, tab):
|
|
|
|
"""Tests in website mode prior to starting a share"""
|
|
|
|
tab.get_mode().server_status.file_selection.file_list.add_file(
|
|
|
|
self.tmpfile_index_html
|
|
|
|
)
|
|
|
|
for filename in self.tmpfiles:
|
|
|
|
tab.get_mode().server_status.file_selection.file_list.add_file(filename)
|
|
|
|
|
|
|
|
self.file_selection_widget_has_files(tab, 11)
|
|
|
|
self.history_is_not_visible(tab)
|
|
|
|
self.click_toggle_history(tab)
|
|
|
|
self.history_is_visible(tab)
|
|
|
|
|
|
|
|
def run_all_website_mode_started_tests(self, tab, startup_time=500):
|
|
|
|
"""Tests in website mode after starting a share"""
|
|
|
|
self.server_working_on_start_button_pressed(tab)
|
|
|
|
self.server_status_indicator_says_starting(tab)
|
2020-06-28 16:01:23 -04:00
|
|
|
self.add_remove_buttons_hidden(tab)
|
2019-11-10 16:51:08 -05:00
|
|
|
self.server_is_started(tab, startup_time)
|
|
|
|
self.web_server_is_running(tab)
|
|
|
|
self.url_description_shown(tab)
|
2021-08-31 00:17:23 -04:00
|
|
|
self.url_instructions_shown(tab)
|
|
|
|
self.url_shown(tab)
|
2019-11-10 16:51:08 -05:00
|
|
|
self.have_copy_url_button(tab)
|
2021-08-31 00:17:23 -04:00
|
|
|
self.have_show_url_qr_code_button(tab)
|
|
|
|
self.client_auth_instructions_shown(tab)
|
2021-09-03 17:24:45 -04:00
|
|
|
self.private_key_shown(tab)
|
2021-08-31 00:17:23 -04:00
|
|
|
self.have_show_client_auth_qr_code_button(tab)
|
2019-11-10 16:51:08 -05:00
|
|
|
self.server_status_indicator_says_started(tab)
|
|
|
|
|
|
|
|
def run_all_website_mode_download_tests(self, tab):
|
|
|
|
"""Tests in website mode after viewing the site"""
|
|
|
|
self.run_all_website_mode_setup_tests(tab)
|
|
|
|
self.run_all_website_mode_started_tests(tab, startup_time=500)
|
|
|
|
self.view_website(tab)
|
|
|
|
self.check_csp_header(tab)
|
|
|
|
self.history_widgets_present(tab)
|
|
|
|
self.server_is_stopped(tab)
|
|
|
|
self.web_server_is_stopped(tab)
|
|
|
|
self.server_status_indicator_says_closed(tab)
|
|
|
|
self.add_button_visible(tab)
|
|
|
|
|
|
|
|
# Tests
|
|
|
|
|
|
|
|
def test_website(self):
|
|
|
|
"""
|
|
|
|
Test website mode
|
|
|
|
"""
|
|
|
|
tab = self.new_website_tab()
|
|
|
|
self.run_all_website_mode_download_tests(tab)
|
|
|
|
self.close_all_tabs()
|
|
|
|
|
2021-11-08 00:31:05 -05:00
|
|
|
def test_csp_disabled(self):
|
2019-11-10 16:51:08 -05:00
|
|
|
"""
|
|
|
|
Test disabling CSP
|
|
|
|
"""
|
|
|
|
tab = self.new_website_tab()
|
|
|
|
tab.get_mode().disable_csp_checkbox.click()
|
2021-11-08 00:31:05 -05:00
|
|
|
self.assertFalse(tab.get_mode().custom_csp_checkbox.isEnabled())
|
|
|
|
self.run_all_website_mode_download_tests(tab)
|
|
|
|
self.close_all_tabs()
|
|
|
|
|
|
|
|
def test_csp_custom(self):
|
|
|
|
"""
|
|
|
|
Test a custom CSP
|
|
|
|
"""
|
|
|
|
tab = self.new_website_tab()
|
|
|
|
tab.get_mode().custom_csp_checkbox.click()
|
|
|
|
self.assertFalse(tab.get_mode().disable_csp_checkbox.isEnabled())
|
|
|
|
tab.settings.set("website", "custom_csp", "default-src 'self'")
|
2019-11-10 16:51:08 -05:00
|
|
|
self.run_all_website_mode_download_tests(tab)
|
|
|
|
self.close_all_tabs()
|
2021-05-09 21:23:44 -04:00
|
|
|
|
|
|
|
def test_405_page_returned_for_invalid_methods(self):
|
|
|
|
"""
|
|
|
|
Our custom 405 page should return for invalid methods
|
|
|
|
"""
|
|
|
|
tab = self.new_website_tab()
|
|
|
|
|
|
|
|
tab.get_mode().mode_settings_widget.public_checkbox.click()
|
|
|
|
|
|
|
|
self.run_all_common_setup_tests()
|
|
|
|
self.run_all_website_mode_setup_tests(tab)
|
|
|
|
self.run_all_website_mode_started_tests(tab)
|
|
|
|
url = f"http://127.0.0.1:{tab.app.port}/"
|
2021-05-10 18:14:49 -04:00
|
|
|
self.hit_405(url, expected_resp="OnionShare: 405 Method Not Allowed", data = {'foo':'bar'}, methods = ["put", "post", "delete", "options"])
|
2021-05-09 21:23:44 -04:00
|
|
|
|
|
|
|
self.close_all_tabs()
|