Beispiel #1
0
    def testProjectWithLogo(self):
        bucket_name = 'testbucket'
        logo_gcs_id = '123'
        logo_file_name = 'logo.png'
        project_pb = project_pb2.MakeProject('testProject',
                                             logo_gcs_id=logo_gcs_id,
                                             logo_file_name=logo_file_name)

        self.mox.StubOutWithMock(app_identity, 'get_default_gcs_bucket_name')
        app_identity.get_default_gcs_bucket_name().AndReturn(bucket_name)

        self.mox.StubOutWithMock(gcs_helpers, 'SignUrl')
        gcs_helpers.SignUrl(bucket_name,
                            logo_gcs_id + '-thumbnail').AndReturn('signed/url')
        gcs_helpers.SignUrl(bucket_name, logo_gcs_id).AndReturn('signed/url')

        self.mox.ReplayAll()

        view = tracker_views.LogoView(project_pb)
        self.mox.VerifyAll()
        self.assertEquals('logo.png', view.filename)
        self.assertEquals('image/png', view.mimetype)
        self.assertEquals('signed/url', view.thumbnail_url)
        self.assertEquals(
            'signed/url&response-content-displacement=attachment%3B'
            '+filename%3Dlogo.png', view.viewurl)
Beispiel #2
0
 def testGatherPageData_DownloadBadFilename(self):
   aid = self.attachment.attachment_id
   path = '/p/proj/issues/attachment?aid=%s&signed_aid=signed_%d' % (
       aid, aid)
   self.attachment.filename = '<script>alert("xsrf")</script>.txt';
   safe_filename = 'attachment-%d.dat' % aid
   self.mox.StubOutWithMock(gcs_helpers, 'MaybeCreateDownload')
   gcs_helpers.MaybeCreateDownload(
       'app_default_bucket',
       '/pid/attachments/object_id',
       safe_filename).AndReturn(True)
   self.mox.StubOutWithMock(gcs_helpers, 'SignUrl')
   gcs_helpers.SignUrl(
       'app_default_bucket',
       '/pid/attachments/object_id-download'
       ).AndReturn('googleusercontent.com/...-download...')
   self.mox.StubOutWithMock(self.servlet, 'redirect')
   _request, mr = testing_helpers.GetRequestObjects(
       project=self.project,
       path=path,
       perms=permissions.READ_ONLY_PERMISSIONSET)  # includes VIEW
   self.servlet.redirect(mox.And(
       mox.Not(mox.StrContains(self.attachment.filename)),
       mox.StrContains('googleusercontent.com')), abort=True)
   self.mox.ReplayAll()
   self.servlet.GatherPageData(mr)
   self.mox.VerifyAll()
Beispiel #3
0
 def testSignUrl_Success(self, mock_FetchSignedURL):
     with mock.patch(
             'google.appengine.api.app_identity.get_access_token') as gat:
         gat.return_value = ['token']
         mock_FetchSignedURL.return_value = 'signed url'
         signed_url = gcs_helpers.SignUrl('bucket', '/object')
         self.assertEquals('signed url', signed_url)
Beispiel #4
0
  def __init__(self, project_pb):
    if (not project_pb or
        not project_pb.logo_gcs_id or
        not project_pb.logo_file_name):
      self.thumbnail_url = ''
      self.viewurl = ''
      return

    object_path = ('/' + app_identity.get_default_gcs_bucket_name() +
                   project_pb.logo_gcs_id)
    self.filename = project_pb.logo_file_name
    self.mimetype = filecontent.GuessContentTypeFromFilename(self.filename)

    self.thumbnail_url = gcs_helpers.SignUrl(object_path + '-thumbnail')
    self.viewurl = (
        gcs_helpers.SignUrl(object_path) + '&' + urllib.urlencode(
            {'response-content-displacement':
                ('attachment; filename=%s' % self.filename)}))
Beispiel #5
0
    def __init__(self, project_pb):
        super(LogoView, self).__init__(None)
        if (not project_pb or not project_pb.logo_gcs_id
                or not project_pb.logo_file_name):
            self.thumbnail_url = ''
            self.viewurl = ''
            return

        bucket_name = app_identity.get_default_gcs_bucket_name()
        gcs_object = project_pb.logo_gcs_id
        self.filename = project_pb.logo_file_name
        self.mimetype = filecontent.GuessContentTypeFromFilename(self.filename)

        self.thumbnail_url = gcs_helpers.SignUrl(bucket_name,
                                                 gcs_object + '-thumbnail')
        self.viewurl = (gcs_helpers.SignUrl(bucket_name, gcs_object) + '&' +
                        urllib.urlencode({
                            'response-content-displacement':
                            ('attachment; filename=%s' % self.filename)
                        }))
Beispiel #6
0
    def GatherPageData(self, mr):
        """Parse the attachment ID from the request and serve its content.

    Args:
      mr: commonly used info parsed from the request.

    Returns: dict of values used by EZT for rendering the page.
    """
        if mr.signed_aid != attachment_helpers.SignAttachmentID(mr.aid):
            webapp2.abort(400, 'Please reload the issue page')

        try:
            attachment, _issue = tracker_helpers.GetAttachmentIfAllowed(
                mr, self.services)
        except exceptions.NoSuchIssueException:
            webapp2.abort(404, 'issue not found')
        except exceptions.NoSuchAttachmentException:
            webapp2.abort(404, 'attachment not found')
        except exceptions.NoSuchCommentException:
            webapp2.abort(404, 'comment not found')

        if not attachment.gcs_object_id:
            webapp2.abort(404, 'attachment data not found')

        bucket_name = app_identity.get_default_gcs_bucket_name()

        gcs_object_id = attachment.gcs_object_id

        logging.info('attachment id %d is %s', mr.aid, gcs_object_id)

        # By default GCS will return images and attachments displayable inline.
        if mr.thumb:
            # Thumbnails are stored in a separate obj always displayed inline.
            gcs_object_id = gcs_object_id + '-thumbnail'
        elif not mr.inline:
            # Downloads are stored in a separate obj with disposiiton set.
            filename = attachment.filename
            if not framework_constants.FILENAME_RE.match(filename):
                logging.info('bad file name: %s' % attachment.attachment_id)
                filename = 'attachment-%d.dat' % attachment.attachment_id
            if gcs_helpers.MaybeCreateDownload(bucket_name, gcs_object_id,
                                               filename):
                gcs_object_id = gcs_object_id + '-download'

        url = gcs_helpers.SignUrl(bucket_name, gcs_object_id)
        self.redirect(url, abort=True)
Beispiel #7
0
 def testSignUrl_DownloadError(self, mock_FetchSignedURL):
     mock_FetchSignedURL.side_effect = urlfetch.DownloadError
     self.assertEquals('/missing-gcs-url',
                       gcs_helpers.SignUrl('bucket', '/object'))