Register the 405 error handler properly. Enforce the appropriate methods for each route (GET or POST only, with OPTIONS disabled). Add tests for invalid methods. Add a friendlier 500 internal server error handler

This commit is contained in:
Miguel Jacq 2021-05-10 11:23:44 +10:00
parent e067fc2963
commit 2618e89eda
No known key found for this signature in database
GPG key ID: EEA4341C6D97A0B6
11 changed files with 120 additions and 13 deletions

View file

@ -452,6 +452,20 @@ class GuiBaseTest(unittest.TestCase):
# We should have timed out now
self.assertEqual(tab.get_mode().server_status.status, 0)
def hit_405(self, url, expected_resp, data = {}, methods = [] ):
"""Test various HTTP methods and the response"""
for method in methods:
if method == "put":
r = requests.put(url, data = data)
if method == "post":
r = requests.post(url, data = data)
if method == "delete":
r = requests.delete(url)
if method == "options":
r = requests.options(url)
self.assertTrue(expected_resp in r.text)
self.assertFalse('Werkzeug' in r.headers)
# Grouped tests follow from here
def run_all_common_setup_tests(self):

View file

@ -286,3 +286,19 @@ class TestReceive(GuiBaseTest):
self.run_all_upload_non_writable_dir_tests(tab)
self.close_all_tabs()
def test_405_page_returned_for_invalid_methods(self):
"""
Our custom 405 page should return for invalid methods
"""
tab = self.new_receive_tab()
tab.get_mode().mode_settings_widget.public_checkbox.click()
self.run_all_common_setup_tests()
self.run_all_receive_mode_setup_tests(tab)
self.run_all_receive_mode_tests(tab)
url = f"http://127.0.0.1:{tab.app.port}/"
self.hit_405(url, expected_resp="OnionShare: 405 Method Not Allowed", data = {'foo':'bar'}, methods = ["put", "post", "delete", "options"])
self.close_all_tabs()

View file

@ -608,3 +608,20 @@ class TestShare(GuiBaseTest):
self.hit_401(tab)
self.close_all_tabs()
def test_405_page_returned_for_invalid_methods(self):
"""
Our custom 405 page should return for invalid methods
"""
tab = self.new_share_tab()
tab.get_mode().autostop_sharing_checkbox.click()
tab.get_mode().mode_settings_widget.public_checkbox.click()
self.run_all_common_setup_tests()
self.run_all_share_mode_setup_tests(tab)
self.run_all_share_mode_started_tests(tab)
url = f"http://127.0.0.1:{tab.app.port}/"
self.hit_405(url, expected_resp="OnionShare: 405 Method Not Allowed", data = {'foo':'bar'}, methods = ["put", "post", "delete", "options"])
self.history_widgets_present(tab)
self.close_all_tabs()

View file

@ -99,3 +99,19 @@ class TestWebsite(GuiBaseTest):
tab.get_mode().disable_csp_checkbox.click()
self.run_all_website_mode_download_tests(tab)
self.close_all_tabs()
def test_405_page_returned_for_invalid_methods(self):
"""
Our custom 405 page should return for invalid methods
"""
tab = self.new_website_tab()
tab.get_mode().mode_settings_widget.public_checkbox.click()
self.run_all_common_setup_tests()
self.run_all_website_mode_setup_tests(tab)
self.run_all_website_mode_started_tests(tab)
url = f"http://127.0.0.1:{tab.app.port}/"
self.hit_405(url, expected_resp="OnionShare: 405 Method Not Allowed", data = {'foo':'bar'}, methods = ["put", "delete", "options"])
self.close_all_tabs()