""" OnionShare | https://onionshare.org/ Copyright (C) 2014-2018 Micah Lee This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . """ import contextlib import inspect import io import os import random import re import socket import sys import zipfile import tempfile import base64 import pytest from werkzeug.datastructures import Headers from onionshare.common import Common from onionshare import strings from onionshare.web import Web from onionshare.settings import Settings DEFAULT_ZW_FILENAME_REGEX = re.compile(r'^onionshare_[a-z2-7]{6}.zip$') RANDOM_STR_REGEX = re.compile(r'^[a-z2-7]+$') def web_obj(common_obj, mode, num_files=0): """ Creates a Web object, in either share mode or receive mode, ready for testing """ common_obj.settings = Settings(common_obj) strings.load_strings(common_obj) web = Web(common_obj, False, mode) web.generate_password() web.stay_open = True web.running = True web.app.testing = True # Share mode if mode == 'share': # Add files files = [] for i in range(num_files): with tempfile.NamedTemporaryFile(delete=False) as tmp_file: tmp_file.write(b'*' * 1024) files.append(tmp_file.name) web.share_mode.set_file_info(files) # Receive mode else: pass return web class TestWeb: def test_share_mode(self, common_obj): web = web_obj(common_obj, 'share', 3) assert web.mode is 'share' with web.app.test_client() as c: # Load / without auth res = c.get('/') res.get_data() assert res.status_code == 401 # Load / with invalid auth res = c.get('/', headers=self._make_auth_headers('invalid')) res.get_data() assert res.status_code == 401 # Load / with valid auth res = c.get('/', headers=self._make_auth_headers(web.password)) res.get_data() assert res.status_code == 200 # Download res = c.get('/download', headers=self._make_auth_headers(web.password)) res.get_data() assert res.status_code == 200 assert res.mimetype == 'application/zip' def test_share_mode_close_after_first_download_on(self, common_obj, temp_file_1024): web = web_obj(common_obj, 'share', 3) web.stay_open = False assert web.running == True with web.app.test_client() as c: # Download the first time res = c.get('/download', headers=self._make_auth_headers(web.password)) res.get_data() assert res.status_code == 200 assert res.mimetype == 'application/zip' assert web.running == False def test_share_mode_close_after_first_download_off(self, common_obj, temp_file_1024): web = web_obj(common_obj, 'share', 3) web.stay_open = True assert web.running == True with web.app.test_client() as c: # Download the first time res = c.get('/download', headers=self._make_auth_headers(web.password)) res.get_data() assert res.status_code == 200 assert res.mimetype == 'application/zip' assert web.running == True def test_receive_mode(self, common_obj): web = web_obj(common_obj, 'receive') assert web.mode is 'receive' with web.app.test_client() as c: # Load / without auth res = c.get('/') res.get_data() assert res.status_code == 401 # Load / with invalid auth res = c.get('/', headers=self._make_auth_headers('invalid')) res.get_data() assert res.status_code == 401 # Load / with valid auth res = c.get('/', headers=self._make_auth_headers(web.password)) res.get_data() assert res.status_code == 200 def test_public_mode_on(self, common_obj): web = web_obj(common_obj, 'receive') common_obj.settings.set('public_mode', True) with web.app.test_client() as c: # Loading / should work without auth res = c.get('/') data1 = res.get_data() assert res.status_code == 200 def test_public_mode_off(self, common_obj): web = web_obj(common_obj, 'receive') common_obj.settings.set('public_mode', False) with web.app.test_client() as c: # Load / without auth res = c.get('/') res.get_data() assert res.status_code == 401 # But static resources should work without auth res = c.get('{}/css/style.css'.format(web.static_url_path)) res.get_data() assert res.status_code == 200 # Load / with valid auth res = c.get('/', headers=self._make_auth_headers(web.password)) res.get_data() assert res.status_code == 200 def _make_auth_headers(self, password): auth = base64.b64encode(b'onionshare:'+password.encode()).decode() h = Headers() h.add('Authorization', 'Basic ' + auth) return h class TestZipWriterDefault: @pytest.mark.parametrize('test_input', ( 'onionshare_{}.zip'.format(''.join( random.choice('abcdefghijklmnopqrstuvwxyz234567') for _ in range(6) )) for _ in range(50) )) def test_default_zw_filename_regex(self, test_input): assert bool(DEFAULT_ZW_FILENAME_REGEX.match(test_input)) def test_zw_filename(self, default_zw): zw_filename = os.path.basename(default_zw.zip_filename) assert bool(DEFAULT_ZW_FILENAME_REGEX.match(zw_filename)) def test_zipfile_filename_matches_zipwriter_filename(self, default_zw): assert default_zw.z.filename == default_zw.zip_filename def test_zipfile_allow_zip64(self, default_zw): assert default_zw.z._allowZip64 is True def test_zipfile_mode(self, default_zw): assert default_zw.z.mode == 'w' def test_callback(self, default_zw): assert default_zw.processed_size_callback(None) is None def test_add_file(self, default_zw, temp_file_1024_delete): default_zw.add_file(temp_file_1024_delete) zipfile_info = default_zw.z.getinfo( os.path.basename(temp_file_1024_delete)) assert zipfile_info.compress_type == zipfile.ZIP_DEFLATED assert zipfile_info.file_size == 1024 def test_add_directory(self, temp_dir_1024_delete, default_zw): previous_size = default_zw._size # size before adding directory default_zw.add_dir(temp_dir_1024_delete) assert default_zw._size == previous_size + 1024 class TestZipWriterCustom: @pytest.mark.parametrize('test_input', ( Common.random_string( random.randint(2, 50), random.choice((None, random.randint(2, 50))) ) for _ in range(50) )) def test_random_string_regex(self, test_input): assert bool(RANDOM_STR_REGEX.match(test_input)) def test_custom_filename(self, custom_zw): assert bool(RANDOM_STR_REGEX.match(custom_zw.zip_filename)) def test_custom_callback(self, custom_zw): assert custom_zw.processed_size_callback(None) == 'custom_callback'