Git-Mirrors/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-08-06 05:14:13 -04:00
Code Issues Projects Releases Packages Wiki Activity

ClientAuthV3 fixes

Browse source 
* Remove Client Auth as an explicit option (it's on by default).
 * Update wording about Public mode
 * Fix tuple error when raising TorTooOldStealth exception in CLI
 * Move Private Key button next to URL button in GUI
 * Replace visual references of ClientAuth to Private Key
 * Remove HTTPAuth Flask dependency and remove a lot of code to do with password generation,
   401 auth triggers/invalid password rate limit detection etc
 * Test updates
 * Remove obsolete locale keys
This commit is contained in:
Miguel Jacq 2021-08-27 15:52:29 +10:00
parent f63e0c37d1
commit 0bf8f53d30
No known key found for this signature in database
GPG key ID: EEA4341C6D97A0B6
78 changed files with 112 additions and 612 deletions
Download patch file Download diff file Expand all files Collapse all files

116
desktop/tests/test_gui_share.py
View file

@ -72,15 +72,7 @@ class TestShare(GuiBaseTest):
def download_share(self, tab):
"""Test that we can download the share"""
url = f"http://127.0.0.1:{tab.app.port}/download"
if tab.settings.get("general", "public"):
r = requests.get(url)
else:
r = requests.get(
url,
auth=requests.auth.HTTPBasicAuth(
"onionshare", tab.get_mode().server_status.web.password
),
)
r = requests.get(url)
tmp_file = tempfile.NamedTemporaryFile("wb", delete=False)
tmp_file.write(r.content)
@ -99,40 +91,16 @@ class TestShare(GuiBaseTest):
"""
url = f"http://127.0.0.1:{tab.app.port}"
download_file_url = f"http://127.0.0.1:{tab.app.port}/test.txt"
if tab.settings.get("general", "public"):
r = requests.get(url)
else:
r = requests.get(
url,
auth=requests.auth.HTTPBasicAuth(
"onionshare", tab.get_mode().server_status.web.password
),
)
r = requests.get(url)
if tab.settings.get("share", "autostop_sharing"):
self.assertFalse('a href="/test.txt"' in r.text)
if tab.settings.get("general", "public"):
r = requests.get(download_file_url)
else:
r = requests.get(
download_file_url,
auth=requests.auth.HTTPBasicAuth(
"onionshare", tab.get_mode().server_status.web.password
),
)
r = requests.get(download_file_url)
self.assertEqual(r.status_code, 404)
self.download_share(tab)
else:
self.assertTrue('a href="test.txt"' in r.text)
if tab.settings.get("general", "public"):
r = requests.get(download_file_url)
else:
r = requests.get(
download_file_url,
auth=requests.auth.HTTPBasicAuth(
"onionshare", tab.get_mode().server_status.web.password
),
)
r = requests.get(download_file_url)
tmp_file = tempfile.NamedTemporaryFile("wb", delete=False)
tmp_file.write(r.content)
@ -144,34 +112,6 @@ class TestShare(GuiBaseTest):
QtTest.QTest.qWait(500, self.gui.qtapp)
def hit_401(self, tab):
"""Test that the server stops after too many 401s, or doesn't when in public mode"""
# In non-public mode, get ready to accept the dialog
if not tab.settings.get("general", "public"):
def accept_dialog():
window = tab.common.gui.qtapp.activeWindow()
if window:
window.close()
QtCore.QTimer.singleShot(1000, accept_dialog)
# Make 20 requests with guessed passwords
url = f"http://127.0.0.1:{tab.app.port}/"
for _ in range(20):
password_guess = self.gui.common.build_password()
requests.get(
url, auth=requests.auth.HTTPBasicAuth("onionshare", password_guess)
)
# In public mode, we should still be running (no rate-limiting)
if tab.settings.get("general", "public"):
self.web_server_is_running(tab)
# In non-public mode, we should be shut down (rate-limiting)
else:
self.web_server_is_stopped(tab)
def set_autostart_timer(self, tab, timer):
"""Test that the timer can be set"""
schedule = QtCore.QDateTime.currentDateTime().addSecs(timer)
@ -241,7 +181,6 @@ class TestShare(GuiBaseTest):
self.mode_settings_widget_is_hidden(tab)
self.server_is_started(tab, startup_time)
self.web_server_is_running(tab)
self.have_a_password(tab)
self.url_description_shown(tab)
self.have_copy_url_button(tab)
self.have_show_qr_code_button(tab)
@ -490,9 +429,9 @@ class TestShare(GuiBaseTest):
self.close_all_tabs()
def test_persistent_password(self):
def test_persistent_mode(self):
"""
Test a large download
Test persistent mode
"""
tab = self.new_share_tab()
tab.get_mode().mode_settings_widget.persistent_checkbox.click()
@ -500,10 +439,9 @@ class TestShare(GuiBaseTest):
self.run_all_common_setup_tests()
self.run_all_share_mode_setup_tests(tab)
self.run_all_share_mode_started_tests(tab)
password = tab.get_mode().server_status.web.password
self.run_all_share_mode_download_tests(tab)
self.run_all_share_mode_started_tests(tab)
self.assertEqual(tab.get_mode().server_status.web.password, password)
self.assertTrue("Every subsequent share reuses the address" in tab.get_mode().server_status.url_description.toolTip())
self.run_all_share_mode_download_tests(tab)
self.close_all_tabs()
@ -570,45 +508,6 @@ class TestShare(GuiBaseTest):
self.close_all_tabs()
def test_401_triggers_ratelimit(self):
"""
Rate limit should be triggered
"""
tab = self.new_share_tab()
def accept_dialog():
window = tab.common.gui.qtapp.activeWindow()
if window:
window.close()
tab.get_mode().autostop_sharing_checkbox.click()
self.run_all_common_setup_tests()
self.run_all_share_mode_tests(tab)
self.hit_401(tab)
self.close_all_tabs()
def test_401_public_skips_ratelimit(self):
"""
Public mode should skip the rate limit
"""
tab = self.new_share_tab()
def accept_dialog():
window = tab.common.gui.qtapp.activeWindow()
if window:
window.close()
tab.get_mode().autostop_sharing_checkbox.click()
tab.get_mode().mode_settings_widget.public_checkbox.click()
self.run_all_common_setup_tests()
self.run_all_share_mode_tests(tab)
self.hit_401(tab)
self.close_all_tabs()
def test_client_auth(self):
"""
Test the ClientAuth is received from the backend,
@ -617,7 +516,6 @@ class TestShare(GuiBaseTest):
"""
tab = self.new_share_tab()
tab.get_mode().mode_settings_widget.toggle_advanced_button.click()
tab.get_mode().mode_settings_widget.client_auth_checkbox.click()
self.run_all_common_setup_tests()
self.run_all_share_mode_setup_tests(tab)