def test_delete_image_no_permission(self):
"""Can't delete an image without permission."""
u = UserFactory(username='******')
assert not u.has_perm('upload.delete_imageattachment')
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
self.client.login(username='******', password='******')
r = self._make_post_request(args=[im.id])
eq_(403, r.status_code)
assert ImageAttachment.objects.exists()
def test_delete_image_no_permission(self):
"""Can't delete an image without permission."""
u = UserFactory(username='******')
assert not u.has_perm('upload.delete_imageattachment')
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
self.client.login(username='******', password='******')
r = self._make_post_request(args=[im.id])
eq_(403, r.status_code)
assert ImageAttachment.objects.exists()
def setUp(self):
u = UserFactory()
add_permission(u, Question, "change_question")
assert u.has_perm("questions.change_question")
self.user = u
p = ProductFactory()
t = TopicFactory(product=p)
q = QuestionFactory(product=p, topic=t)
self.product = p
self.topic = t
self.question = q
def setUp(self):
u = UserFactory()
add_permission(u, Question, 'change_question')
assert u.has_perm('questions.change_question')
self.user = u
p = ProductFactory()
t = TopicFactory(product=p)
q = QuestionFactory(product=p, topic=t)
self.product = p
self.topic = t
self.question = q
class UploadImageTestCase(TestCase):
client_class = LocalizingClient
def setUp(self):
super(UploadImageTestCase, self).setUp()
self.user = UserFactory(username='******')
self.question = QuestionFactory()
self.client.login(username=self.user.username, password='******')
def tearDown(self):
ImageAttachment.objects.all().delete()
super(UploadImageTestCase, self).tearDown()
def test_model_not_whitelisted(self):
"""Specifying a model we don't allow returns 400."""
r = self._make_post_request(image='', args=['wiki.Document', 123])
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Model not allowed.', json_r['message'])
def test_object_notexist(self):
"""Upload nothing returns 404 error and html content."""
r = self._make_post_request(image='', args=['questions.Question', 123])
eq_(404, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Object does not exist.', json_r['message'])
def test_empty_image(self):
"""Upload nothing returns 400 error and json content."""
r = self._make_post_request(image='')
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
eq_('You have not selected an image to upload.',
json_r['errors']['image'][0])
def test_upload_image(self):
"""Uploading an image works."""
with open('kitsune/upload/tests/media/test.jpg', 'rb') as f:
r = self._make_post_request(image=f)
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_('success', json_r['status'])
file = json_r['file']
eq_('test.png', file['name'])
eq_(90, file['width'])
eq_(120, file['height'])
name = '098f6b.png'
message = 'Url "%s" does not contain "%s"' % (file['url'], name)
assert (name in file['url']), message
eq_(1, ImageAttachment.objects.count())
image = ImageAttachment.objects.all()[0]
eq_(self.user.username, image.creator.username)
eq_(150, image.file.width)
eq_(200, image.file.height)
eq_('question', image.content_type.model)
def test_upload_unicode_image(self):
"""Uploading an unicode image works."""
with open('kitsune/upload/tests/media/123ascii\u6709\u52b9.jpg',
'rb') as f:
r = self._make_post_request(image=f)
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_('success', json_r['status'])
def test_delete_image_logged_out(self):
"""Can't delete an image logged out."""
# Upload the image first
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
self.client.logout()
r = self._make_post_request(args=[im.id])
eq_(403, r.status_code)
assert ImageAttachment.objects.exists()
def test_delete_image_no_permission(self):
"""Can't delete an image without permission."""
u = UserFactory(username='******')
assert not u.has_perm('upload.delete_imageattachment')
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
self.client.login(username='******', password='******')
r = self._make_post_request(args=[im.id])
eq_(403, r.status_code)
assert ImageAttachment.objects.exists()
def test_delete_image_owner(self):
"""Users can delete their own images."""
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
r = self._make_post_request(args=[im.id])
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_('success', json_r['status'])
assert not ImageAttachment.objects.exists()
def test_delete_image_with_permission(self):
"""Users with permission can delete images."""
ct = ContentType.objects.get_for_model(ImageAttachment)
p = Permission.objects.get_or_create(codename='delete_imageattachment',
content_type=ct)[0]
self.user.user_permissions.add(p)
assert self.user.has_perm('upload.delete_imageattachment')
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
r = self._make_post_request(args=[im.id])
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_('success', json_r['status'])
assert not ImageAttachment.objects.exists()
def test_delete_no_image(self):
"""Trying to delete a non-existent image 404s."""
r = self._make_post_request(args=[123])
eq_(404, r.status_code)
data = json.loads(r.content)
eq_('error', data['status'])
def test_invalid_image(self):
"""Make sure invalid files are not accepted as images."""
with open('kitsune/upload/__init__.py', 'rb') as f:
r = self._make_post_request(image=f)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
eq_('The submitted file is empty.', json_r['errors']['image'][0])
def test_invalid_image_extensions(self):
"""
Make sure invalid extensions aren't accepted as images.
"""
with open('kitsune/upload/tests/media/test_invalid.ext', 'rb') as f:
r = self._make_post_request(image=f)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
assert (
json_r['errors']['image'][0] ==
"File extension 'ext' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'."
)
def test_unsupported_image_extensions(self):
"""
Make sure valid image types that are not whitelisted aren't accepted as images.
"""
with open('kitsune/upload/tests/media/test.tiff', 'rb') as f:
r = self._make_post_request(image=f)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
assert (
json_r['errors']['image'][0] ==
"File extension 'tiff' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'."
)
def test_upload_long_filename(self):
"""Uploading an image with a filename that's too long fails."""
# Windows has problems with large file names, so we create the
# file in the test and if this fails, we assume we're on a
# Windows file system and skip.
#
# FIXME: Is that an ok assumption to make?
thisdir = os.path.dirname(__file__)
path = os.path.join(thisdir, 'media', 'test.jpg')
with open(path, 'rb') as f:
long_file_name = ('long_file_name' * 17) + '.jpg'
image = SimpleUploadedFile(name=long_file_name,
content=f.read(),
content_type='image/jpg')
r = self._make_post_request(image=image)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
eq_(
MSG_IMAGE_LONG % {
'length': 242,
'max': settings.MAX_FILENAME_LENGTH
}, json_r['errors']['image'][0])
def _make_post_request(self, **kwargs):
if 'args' not in kwargs:
kwargs['args'] = ['questions.Question', self.question.pk]
if 'image' in kwargs:
image = {'image': kwargs['image']}
else:
image = {}
if len(kwargs['args']) == 2:
view = 'upload.up_image_async'
elif len(kwargs['args']) == 1:
view = 'upload.del_image_async'
else:
raise ValueError
return post(self.client, view, image, args=kwargs['args'])
class UploadImageTestCase(TestCase):
client_class = LocalizingClient
def setUp(self):
super(UploadImageTestCase, self).setUp()
self.user = UserFactory(username='******')
self.question = QuestionFactory()
self.client.login(username=self.user.username, password='******')
def tearDown(self):
ImageAttachment.objects.all().delete()
super(UploadImageTestCase, self).tearDown()
def test_model_not_whitelisted(self):
"""Specifying a model we don't allow returns 400."""
r = self._make_post_request(image='', args=['wiki.Document', 123])
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Model not allowed.', json_r['message'])
def test_object_notexist(self):
"""Upload nothing returns 404 error and html content."""
r = self._make_post_request(image='', args=['questions.Question', 123])
eq_(404, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Object does not exist.', json_r['message'])
def test_empty_image(self):
"""Upload nothing returns 400 error and json content."""
r = self._make_post_request(image='')
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
eq_('You have not selected an image to upload.',
json_r['errors']['image'][0])
def test_upload_image(self):
"""Uploading an image works."""
with open('kitsune/upload/tests/media/test.jpg') as f:
r = self._make_post_request(image=f)
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_('success', json_r['status'])
file = json_r['file']
eq_('test.png', file['name'])
eq_(90, file['width'])
eq_(120, file['height'])
name = '098f6b.png'
message = 'Url "%s" does not contain "%s"' % (file['url'], name)
assert (name in file['url']), message
eq_(1, ImageAttachment.objects.count())
image = ImageAttachment.objects.all()[0]
eq_(self.user.username, image.creator.username)
eq_(150, image.file.width)
eq_(200, image.file.height)
eq_('question', image.content_type.model)
def test_upload_unicode_image(self):
"""Uploading an unicode image works."""
with open(u'kitsune/upload/tests/media/123ascii\u6709\u52b9.jpg', 'rb') as f:
r = self._make_post_request(image=f)
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_('success', json_r['status'])
def test_delete_image_logged_out(self):
"""Can't delete an image logged out."""
# Upload the image first
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
self.client.logout()
r = self._make_post_request(args=[im.id])
eq_(403, r.status_code)
assert ImageAttachment.objects.exists()
def test_delete_image_no_permission(self):
"""Can't delete an image without permission."""
u = UserFactory(username='******')
assert not u.has_perm('upload.delete_imageattachment')
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
self.client.login(username='******', password='******')
r = self._make_post_request(args=[im.id])
eq_(403, r.status_code)
assert ImageAttachment.objects.exists()
def test_delete_image_owner(self):
"""Users can delete their own images."""
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
r = self._make_post_request(args=[im.id])
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_('success', json_r['status'])
assert not ImageAttachment.objects.exists()
def test_delete_image_with_permission(self):
"""Users with permission can delete images."""
ct = ContentType.objects.get_for_model(ImageAttachment)
p = Permission.objects.get_or_create(
codename='delete_imageattachment',
content_type=ct)[0]
self.user.user_permissions.add(p)
assert self.user.has_perm('upload.delete_imageattachment')
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
r = self._make_post_request(args=[im.id])
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_('success', json_r['status'])
assert not ImageAttachment.objects.exists()
def test_delete_no_image(self):
"""Trying to delete a non-existent image 404s."""
r = self._make_post_request(args=[123])
eq_(404, r.status_code)
data = json.loads(r.content)
eq_('error', data['status'])
def test_invalid_image(self):
"""Make sure invalid files are not accepted as images."""
with open('kitsune/upload/__init__.py', 'rb') as f:
r = self._make_post_request(image=f)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
eq_('The submitted file is empty.', json_r['errors']['image'][0])
def test_invalid_image_extensions(self):
"""
Make sure invalid extensions aren't accepted as images.
"""
with open('kitsune/upload/tests/media/test_invalid.ext', 'rb') as f:
r = self._make_post_request(image=f)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
assert (
json_r['errors']['image'][0] ==
"File extension 'ext' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'.")
def test_unsupported_image_extensions(self):
"""
Make sure valid image types that are not whitelisted aren't accepted as images.
"""
with open('kitsune/upload/tests/media/test.tiff', 'rb') as f:
r = self._make_post_request(image=f)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
assert (
json_r['errors']['image'][0] ==
"File extension 'tiff' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'.")
def test_upload_long_filename(self):
"""Uploading an image with a filename that's too long fails."""
# Windows has problems with large file names, so we create the
# file in the test and if this fails, we assume we're on a
# Windows file system and skip.
#
# FIXME: Is that an ok assumption to make?
thisdir = os.path.dirname(__file__)
path = os.path.join(thisdir, 'media', 'test.jpg')
with open(path) as f:
long_file_name = ('long_file_name' * 17) + '.jpg'
image = SimpleUploadedFile(name=long_file_name, content=f.read(),
content_type='image/jpg')
r = self._make_post_request(image=image)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_('error', json_r['status'])
eq_('Invalid or no image received.', json_r['message'])
eq_(MSG_IMAGE_LONG % {'length': 242,
'max': settings.MAX_FILENAME_LENGTH},
json_r['errors']['image'][0])
def _make_post_request(self, **kwargs):
if 'args' not in kwargs:
kwargs['args'] = ['questions.Question', self.question.pk]
if 'image' in kwargs:
image = {'image': kwargs['image']}
else:
image = {}
if len(kwargs['args']) == 2:
view = 'upload.up_image_async'
elif len(kwargs['args']) == 1:
view = 'upload.del_image_async'
else:
raise ValueError
return post(self.client, view, image, args=kwargs['args'])
class UploadImageTestCase(TestCase):
client_class = LocalizingClient
def setUp(self):
super(UploadImageTestCase, self).setUp()
self.user = UserFactory(username="******")
self.question = QuestionFactory()
self.client.login(username=self.user.username, password="******")
def tearDown(self):
ImageAttachment.objects.all().delete()
super(UploadImageTestCase, self).tearDown()
def test_model_not_whitelisted(self):
"""Specifying a model we don't allow returns 400."""
r = self._make_post_request(image="", args=["wiki.Document", 123])
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_("error", json_r["status"])
eq_("Model not allowed.", json_r["message"])
def test_object_notexist(self):
"""Upload nothing returns 404 error and html content."""
r = self._make_post_request(image="", args=["questions.Question", 123])
eq_(404, r.status_code)
json_r = json.loads(r.content)
eq_("error", json_r["status"])
eq_("Object does not exist.", json_r["message"])
def test_empty_image(self):
"""Upload nothing returns 400 error and json content."""
r = self._make_post_request(image="")
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_("error", json_r["status"])
eq_("Invalid or no image received.", json_r["message"])
eq_("You have not selected an image to upload.",
json_r["errors"]["image"][0])
def test_upload_image(self):
"""Uploading an image works."""
with open("kitsune/upload/tests/media/test.jpg", "rb") as f:
r = self._make_post_request(image=f)
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_("success", json_r["status"])
file = json_r["file"]
eq_("test.png", file["name"])
eq_(90, file["width"])
eq_(120, file["height"])
name = "098f6b.png"
message = 'Url "%s" does not contain "%s"' % (file["url"], name)
assert name in file["url"], message
eq_(1, ImageAttachment.objects.count())
image = ImageAttachment.objects.all()[0]
eq_(self.user.username, image.creator.username)
eq_(150, image.file.width)
eq_(200, image.file.height)
eq_("question", image.content_type.model)
def test_upload_unicode_image(self):
"""Uploading an unicode image works."""
with open("kitsune/upload/tests/media/123ascii\u6709\u52b9.jpg",
"rb") as f:
r = self._make_post_request(image=f)
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_("success", json_r["status"])
def test_delete_image_logged_out(self):
"""Can't delete an image logged out."""
# Upload the image first
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
self.client.logout()
r = self._make_post_request(args=[im.id])
eq_(403, r.status_code)
assert ImageAttachment.objects.exists()
def test_delete_image_no_permission(self):
"""Can't delete an image without permission."""
u = UserFactory(username="******")
assert not u.has_perm("upload.delete_imageattachment")
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
self.client.login(username="******", password="******")
r = self._make_post_request(args=[im.id])
eq_(403, r.status_code)
assert ImageAttachment.objects.exists()
def test_delete_image_owner(self):
"""Users can delete their own images."""
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
r = self._make_post_request(args=[im.id])
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_("success", json_r["status"])
assert not ImageAttachment.objects.exists()
def test_delete_image_with_permission(self):
"""Users with permission can delete images."""
ct = ContentType.objects.get_for_model(ImageAttachment)
p = Permission.objects.get_or_create(codename="delete_imageattachment",
content_type=ct)[0]
self.user.user_permissions.add(p)
assert self.user.has_perm("upload.delete_imageattachment")
self.test_upload_image()
im = ImageAttachment.objects.all()[0]
r = self._make_post_request(args=[im.id])
eq_(200, r.status_code)
json_r = json.loads(r.content)
eq_("success", json_r["status"])
assert not ImageAttachment.objects.exists()
def test_delete_no_image(self):
"""Trying to delete a non-existent image 404s."""
r = self._make_post_request(args=[123])
eq_(404, r.status_code)
data = json.loads(r.content)
eq_("error", data["status"])
def test_invalid_image(self):
"""Make sure invalid files are not accepted as images."""
with open("kitsune/upload/__init__.py", "rb") as f:
r = self._make_post_request(image=f)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_("error", json_r["status"])
eq_("Invalid or no image received.", json_r["message"])
eq_("The submitted file is empty.", json_r["errors"]["image"][0])
def test_invalid_image_extensions(self):
"""
Make sure invalid extensions aren't accepted as images.
"""
with open("kitsune/upload/tests/media/test_invalid.ext", "rb") as f:
r = self._make_post_request(image=f)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_("error", json_r["status"])
eq_("Invalid or no image received.", json_r["message"])
assert (
json_r["errors"]["image"][0] ==
"File extension 'ext' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'." # noqa
)
def test_unsupported_image_extensions(self):
"""
Make sure valid image types that are not whitelisted aren't accepted as images.
"""
with open("kitsune/upload/tests/media/test.tiff", "rb") as f:
r = self._make_post_request(image=f)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_("error", json_r["status"])
eq_("Invalid or no image received.", json_r["message"])
assert (
json_r["errors"]["image"][0] ==
"File extension 'tiff' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'." # noqa
)
def test_upload_long_filename(self):
"""Uploading an image with a filename that's too long fails."""
# Windows has problems with large file names, so we create the
# file in the test and if this fails, we assume we're on a
# Windows file system and skip.
#
# FIXME: Is that an ok assumption to make?
thisdir = os.path.dirname(__file__)
path = os.path.join(thisdir, "media", "test.jpg")
with open(path, "rb") as f:
long_file_name = ("long_file_name" * 17) + ".jpg"
image = SimpleUploadedFile(name=long_file_name,
content=f.read(),
content_type="image/jpg")
r = self._make_post_request(image=image)
eq_(400, r.status_code)
json_r = json.loads(r.content)
eq_("error", json_r["status"])
eq_("Invalid or no image received.", json_r["message"])
eq_(
MSG_IMAGE_LONG % {
"length": 242,
"max": settings.MAX_FILENAME_LENGTH
},
json_r["errors"]["image"][0],
)
def _make_post_request(self, **kwargs):
if "args" not in kwargs:
kwargs["args"] = ["questions.Question", self.question.pk]
if "image" in kwargs:
image = {"image": kwargs["image"]}
else:
image = {}
if len(kwargs["args"]) == 2:
view = "upload.up_image_async"
elif len(kwargs["args"]) == 1:
view = "upload.del_image_async"
else:
raise ValueError
return post(self.client, view, image, args=kwargs["args"])
