Replace URLs that have slugs with basic auth in tests

2024-10-01 01:35:40 -04:00 · 2019-05-24 13:38:41 -07:00 · 2019-05-24 13:38:41 -07:00 · 9785be0375
commit 9785be0375
parent 18961fea2d
5 changed files with 41 additions and 34 deletions
--- a/tests/GuiBaseTest.py
+++ b/tests/GuiBaseTest.py
@ -4,6 +4,7 @@ import requests
 import shutil
 import socket
 import socks
+import base64

 from PyQt5 import QtCore, QtTest

@ -126,20 +127,20 @@ class GuiBaseTest(object):
        if type(mode) == ReceiveMode:
            # Upload a file
            files = {'file[]': open('/tmp/test.txt', 'rb')}
-            if not public_mode:
-                path = 'http://127.0.0.1:{}/{}/upload'.format(self.gui.app.port, mode.web.password)
+            url = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
+            if public_mode:
+                response = requests.post(url, files=files)
            else:
-                path = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
-            response = requests.post(path, files=files)
+                response = requests.post(url, files=files, auth=requests.auth.HTTPBasicAuth('onionshare', mode.web.password))
            QtTest.QTest.qWait(2000)

        if type(mode) == ShareMode:
            # Download files
+            url = "http://127.0.0.1:{}/download".format(self.gui.app.port)
            if public_mode:
-                url = "http://127.0.0.1:{}/download".format(self.gui.app.port)
+                r = requests.get(url)
            else:
-                url = "http://127.0.0.1:{}/{}/download".format(self.gui.app.port, mode.web.password)
-            r = requests.get(url)
+                r = requests.get(url, auth=requests.auth.HTTPBasicAuth('onionshare', mode.web.password))
            QtTest.QTest.qWait(2000)

        # Indicator should be visible, have a value of "1"
@ -212,7 +213,7 @@ class GuiBaseTest(object):
        if public_mode:
            self.assertEqual(clipboard.text(), 'http://127.0.0.1:{}'.format(self.gui.app.port))
        else:
-            self.assertEqual(clipboard.text(), 'http://127.0.0.1:{}/{}'.format(self.gui.app.port, mode.server_status.web.password))
+            self.assertEqual(clipboard.text(), 'http://onionshare:{}@127.0.0.1:{}'.format(mode.server_status.web.password, self.gui.app.port))


    def server_status_indicator_says_started(self, mode):
@ -234,8 +235,11 @@ class GuiBaseTest(object):
        else:
            path = '/'

-        http_request = 'GET {} HTTP/1.0\r\n'.format(path)
+        http_request = 'GET / HTTP/1.0\r\n'
        http_request += 'Host: 127.0.0.1\r\n'
+        if not public_mode:
+            auth = base64.b64encode(b'onionshare:'+password.encode()).decode()
+            http_request += 'Authorization: Basic {}'.format(auth)
        http_request += '\r\n'
        s.sendall(http_request.encode('utf-8'))

--- a/tests/GuiReceiveTest.py
+++ b/tests/GuiReceiveTest.py
@ -8,14 +8,14 @@ class GuiReceiveTest(GuiBaseTest):
    def upload_file(self, public_mode, file_to_upload, expected_basename, identical_files_at_once=False):
        '''Test that we can upload the file'''
        files = {'file[]': open(file_to_upload, 'rb')}
+        url = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
        if not public_mode:
-            path = 'http://127.0.0.1:{}/{}/upload'.format(self.gui.app.port, self.gui.receive_mode.web.password)
+            r = requests.post(url, files=files)
        else:
-            path = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
-        response = requests.post(path, files=files)
+            r = requests.post(url, files=files, auth=requests.auth.HTTPBasicAuth('onionshare', mode.web.password))
        if identical_files_at_once:
            # Send a duplicate upload to test for collisions
-            response = requests.post(path, files=files)
+            r = requests.post(path, files=files)
        QtTest.QTest.qWait(2000)

        # Make sure the file is within the last 10 seconds worth of filenames
@ -39,11 +39,11 @@ class GuiReceiveTest(GuiBaseTest):
    def upload_file_should_fail(self, public_mode):
        '''Test that we can't upload the file when permissions are wrong, and expected content is shown'''
        files = {'file[]': open('/tmp/test.txt', 'rb')}
+        url = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
        if not public_mode:
-            path = 'http://127.0.0.1:{}/{}/upload'.format(self.gui.app.port, self.gui.receive_mode.web.password)
+            r = requests.post(url, files=files)
        else:
-            path = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
-        response = requests.post(path, files=files)
+            r = requests.post(url, files=files, auth=requests.auth.HTTPBasicAuth('onionshare', mode.web.password))

        QtCore.QTimer.singleShot(1000, self.accept_dialog)
        self.assertTrue('Error uploading, please inform the OnionShare user' in response.text)
@ -53,17 +53,14 @@ class GuiReceiveTest(GuiBaseTest):
        os.chmod('/tmp/OnionShare', mode)

    def try_public_paths_in_non_public_mode(self):
-        response = requests.post('http://127.0.0.1:{}/upload'.format(self.gui.app.port))
+        r = requests.post('http://127.0.0.1:{}/upload'.format(self.gui.app.port))
        self.assertEqual(response.status_code, 404)
-        response = requests.get('http://127.0.0.1:{}/close'.format(self.gui.app.port))
+        r = requests.get('http://127.0.0.1:{}/close'.format(self.gui.app.port))
        self.assertEqual(response.status_code, 404)

    def uploading_zero_files_shouldnt_change_ui(self, mode, public_mode):
        '''If you submit the receive mode form without selecting any files, the UI shouldn't get updated'''
-        if not public_mode:
-            path = 'http://127.0.0.1:{}/{}/upload'.format(self.gui.app.port, self.gui.receive_mode.web.password)
-        else:
-            path = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)
+        url = 'http://127.0.0.1:{}/upload'.format(self.gui.app.port)

        # What were the counts before submitting the form?
        before_in_progress_count = mode.history.in_progress_count
@ -71,9 +68,15 @@ class GuiReceiveTest(GuiBaseTest):
        before_number_of_history_items = len(mode.history.item_list.items)

        # Click submit without including any files a few times
-        response = requests.post(path, files={})
-        response = requests.post(path, files={})
-        response = requests.post(path, files={})
+        if not public_mode:
+            r = requests.post(url, files={})
+            r = requests.post(url, files={})
+            r = requests.post(url, files={})
+        else:
+            auth = requests.auth.HTTPBasicAuth('onionshare', mode.web.password)
+            r = requests.post(url, files={}, auth=auth)
+            r = requests.post(url, files={}, auth=auth)
+            r = requests.post(url, files={}, auth=auth)

        # The counts shouldn't change
        self.assertEqual(mode.history.in_progress_count, before_in_progress_count)
--- a/tests/GuiShareTest.py
+++ b/tests/GuiShareTest.py
@ -92,13 +92,13 @@ class GuiShareTest(GuiBaseTest):
        QtTest.QTest.qWait(2000)
        self.assertEqual('onionshare', zip.read('test.txt').decode('utf-8'))

-    def hit_404(self, public_mode):
-        '''Test that the server stops after too many 404s, or doesn't when in public_mode'''
-        bogus_path = '/gimme'
-        url = "http://127.0.0.1:{}/{}".format(self.gui.app.port, bogus_path)
+    def hit_401(self, public_mode):
+        '''Test that the server stops after too many 401s, or doesn't when in public_mode'''
+        url = "http://127.0.0.1:{}/".format(self.gui.app.port)

        for _ in range(20):
-            r = requests.get(url)
+            password_guess = self.gui.common.build_password()
+            r = requests.get(url, auth=requests.auth.HTTPBasicAuth('onionshare', password))

        # A nasty hack to avoid the Alert dialog that blocks the rest of the test
        if not public_mode:
--- a/tests/local_onionshare_401_public_mode_skips_ratelimit_test.py
+++ b/tests/local_onionshare_401_public_mode_skips_ratelimit_test.py
@ -4,7 +4,7 @@ import unittest

 from .GuiShareTest import GuiShareTest

-class Local404PublicModeRateLimitTest(unittest.TestCase, GuiShareTest):
+class Local401PublicModeRateLimitTest(unittest.TestCase, GuiShareTest):
    @classmethod
    def setUpClass(cls):
        test_settings = {
@ -22,7 +22,7 @@ class Local404PublicModeRateLimitTest(unittest.TestCase, GuiShareTest):
    def test_gui(self):
        self.run_all_common_setup_tests()
        self.run_all_share_mode_tests(True, True)
-        self.hit_404(True)
+        self.hit_401(True)

 if __name__ == "__main__":
    unittest.main()
--- a/tests/local_onionshare_401_triggers_ratelimit_test.py
+++ b/tests/local_onionshare_401_triggers_ratelimit_test.py
@ -4,7 +4,7 @@ import unittest

 from .GuiShareTest import GuiShareTest

-class Local404RateLimitTest(unittest.TestCase, GuiShareTest):
+class Local401RateLimitTest(unittest.TestCase, GuiShareTest):
    @classmethod
    def setUpClass(cls):
        test_settings = {
@ -21,7 +21,7 @@ class Local404RateLimitTest(unittest.TestCase, GuiShareTest):
    def test_gui(self):
        self.run_all_common_setup_tests()
        self.run_all_share_mode_tests(False, True)
-        self.hit_404(False)
+        self.hit_401(False)

 if __name__ == "__main__":
    unittest.main()