Git-Mirrors/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-01-27 06:47:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix web tests to use basic auth and passwords instead of slugs

Browse Source
This commit is contained in:
Micah Lee 2019-05-23 09:53:18 -07:00
parent 4df989dc77
commit 18961fea2d
No known key found for this signature in database
GPG Key ID: 403C2657CD994F73
1 changed files with 37 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
tests/test_onionshare_web.py
View File

@ -27,8 +27,10 @@ import socket
import sys import sys
import zipfile import zipfile
import tempfile import tempfile
import base64
import pytest import pytest
from werkzeug.datastructures import Headers
from onionshare.common import Common from onionshare.common import Common
from onionshare import strings from onionshare import strings
@ -71,22 +73,23 @@ class TestWeb:
web = web_obj(common_obj, 'share', 3) web = web_obj(common_obj, 'share', 3)
assert web.mode is 'share' assert web.mode is 'share'
with web.app.test_client() as c: with web.app.test_client() as c:
# Load 404 pages # Load / without auth
res = c.get('/') res = c.get('/')
res.get_data() res.get_data()
assert res.status_code == 404 assert res.status_code == 401
res = c.get('/invalidpassword'.format(web.password)) # Load / with invalid auth
res = c.get('/', headers=self._make_auth_headers('invalid'))
res.get_data() res.get_data()
assert res.status_code == 404 assert res.status_code == 401
# Load download page # Load / with valid auth
res = c.get('/{}'.format(web.password)) res = c.get('/', headers=self._make_auth_headers(web.password))
res.get_data() res.get_data()
assert res.status_code == 200 assert res.status_code == 200
# Download # Download
res = c.get('/{}/download'.format(web.password)) res = c.get('/download', headers=self._make_auth_headers(web.password))
res.get_data() res.get_data()
assert res.status_code == 200 assert res.status_code == 200
assert res.mimetype == 'application/zip' assert res.mimetype == 'application/zip'
@ -99,7 +102,7 @@ class TestWeb:
with web.app.test_client() as c: with web.app.test_client() as c:
# Download the first time # Download the first time
res = c.get('/{}/download'.format(web.password)) res = c.get('/download', headers=self._make_auth_headers(web.password))
res.get_data() res.get_data()
assert res.status_code == 200 assert res.status_code == 200
assert res.mimetype == 'application/zip' assert res.mimetype == 'application/zip'
@ -114,7 +117,7 @@ class TestWeb:
with web.app.test_client() as c: with web.app.test_client() as c:
# Download the first time # Download the first time
res = c.get('/{}/download'.format(web.password)) res = c.get('/download', headers=self._make_auth_headers(web.password))
res.get_data() res.get_data()
assert res.status_code == 200 assert res.status_code == 200
assert res.mimetype == 'application/zip' assert res.mimetype == 'application/zip'
@ -125,17 +128,18 @@ class TestWeb:
assert web.mode is 'receive' assert web.mode is 'receive'
with web.app.test_client() as c: with web.app.test_client() as c:
# Load 404 pages # Load / without auth
res = c.get('/') res = c.get('/')
res.get_data() res.get_data()
assert res.status_code == 404 assert res.status_code == 401
res = c.get('/invalidpassword'.format(web.password)) # Load / with invalid auth
res = c.get('/', headers=self._make_auth_headers('invalid'))
res.get_data() res.get_data()
assert res.status_code == 404 assert res.status_code == 401
# Load upload page # Load / with valid auth
res = c.get('/{}'.format(web.password)) res = c.get('/', headers=self._make_auth_headers(web.password))
res.get_data() res.get_data()
assert res.status_code == 200 assert res.status_code == 200
@ -144,31 +148,37 @@ class TestWeb:
common_obj.settings.set('public_mode', True) common_obj.settings.set('public_mode', True)
with web.app.test_client() as c: with web.app.test_client() as c:
# Upload page should be accessible from / # Loading / should work without auth
res = c.get('/') res = c.get('/')
data1 = res.get_data() data1 = res.get_data()
assert res.status_code == 200 assert res.status_code == 200
# /[password] should be a 404
res = c.get('/{}'.format(web.password))
data2 = res.get_data()
assert res.status_code == 404
def test_public_mode_off(self, common_obj): def test_public_mode_off(self, common_obj):
web = web_obj(common_obj, 'receive') web = web_obj(common_obj, 'receive')
common_obj.settings.set('public_mode', False) common_obj.settings.set('public_mode', False)
with web.app.test_client() as c: with web.app.test_client() as c:
# / should be a 404 # Load / without auth
res = c.get('/') res = c.get('/')
data1 = res.get_data() res.get_data()
assert res.status_code == 404 assert res.status_code == 401
# Upload page should be accessible from /[password] # But static resources should work without auth
res = c.get('/{}'.format(web.password)) res = c.get('{}/css/style.css'.format(web.static_url_path))
data2 = res.get_data() res.get_data()
assert res.status_code == 200 assert res.status_code == 200
# Load / with valid auth
res = c.get('/', headers=self._make_auth_headers(web.password))
res.get_data()
assert res.status_code == 200
def _make_auth_headers(self, password):
auth = base64.b64encode(b'onionshare:'+password.encode()).decode()
h = Headers()
h.add('Authorization', 'Basic ' + auth)
return h
class TestZipWriterDefault: class TestZipWriterDefault:
@pytest.mark.parametrize('test_input', ( @pytest.mark.parametrize('test_input', (