Example #1
0
    def test_connect_without_local_addresses(self,
                                             mock_determine_local_addresses):
        fake_addresses = [ipaddress.ip_network("200.1.1.1")]
        mock_determine_local_addresses.return_value = fake_addresses

        validator = permissive_validator(autodetect_local_addresses=True)
        advocate.get("http://example.com/", validator=validator)
        # Check that `is_ip_allowed` didn't make its own call to determine
        # local addresses
        mock_determine_local_addresses.assert_called_once_with()
        mock_determine_local_addresses.reset_mock()

        validator = permissive_validator(autodetect_local_addresses=False)
        advocate.get("http://example.com", validator=validator)
        mock_determine_local_addresses.assert_not_called()
Example #2
0
 def test_connection_reuse(self, mock_new_conn):
     # Just because you can use an existing connection doesn't mean you
     # should. The disadvantage of us working at the socket level means that
     # we get bitten if a connection pool is shared between regular requests
     # and advocate.
     # This can never happen with requests, but let's set a good example :)
     with CheckedSocket.bypass_checks():
         # HTTPBin supports `keep-alive`, so it's a good test subject
         requests.get("http://httpbin.org/")
     try:
         advocate.get("http://httpbin.org/")
     except:
         pass
     # Requests may retry several times, but our mock doesn't return a real
     # socket. Just check that it tried to create one.
     mock_new_conn.assert_any_call()
Example #3
0
def save_cover_from_url(url, book_path):
    try:
        if cli_param.allow_localhost:
            img = requests.get(url, timeout=(10, 200), allow_redirects=False)  # ToDo: Error Handling
        elif use_advocate:
            img = advocate.get(url, timeout=(10, 200), allow_redirects=False)      # ToDo: Error Handling
        else:
            log.error("python module advocate is not installed but is needed")
            return False, _("Python module 'advocate' is not installed but is needed for cover uploads")
        img.raise_for_status()
        return save_cover(img, book_path)
    except (socket.gaierror,
            requests.exceptions.HTTPError,
            requests.exceptions.InvalidURL,
            requests.exceptions.ConnectionError,
            requests.exceptions.Timeout) as ex:
        # "Invalid host" can be the result of a redirect response
        log.error(u'Cover Download Error %s', ex)
        return False, _("Error Downloading Cover")
    except MissingDelegateError as ex:
        log.info(u'File Format Error %s', ex)
        return False, _("Cover Format Error")
    except UnacceptableAddressException as e:
        log.error("Localhost or local network was accessed for cover upload")
        return False, _("You are not allowed to access localhost or the local network for cover uploads")
Example #4
0
    def test_redirect(self):
        # Make sure httpbin even works
        test_url = "http://httpbin.org/status/204"
        self.assertEqual(advocate.get(test_url).status_code, 204)

        redir_url = "http://httpbin.org/redirect-to?url=http://127.0.0.1/"
        self.assertRaises(UnacceptableAddressException, advocate.get,
                          redir_url)
Example #5
0
def get_hash():
    url = request.args.get("url")
    if not url:
        return "Please specify a url!"
    try:
        headers = {"User-Agent": "Hashifier 0.1"}
        resp = advocate.get(url, headers=headers)
    except advocate.UnacceptableAddressException:
        return "That URL points to a forbidden resource"
    except requests.RequestException:
        return "Failed to connect to the specified URL"

    return hashlib.sha256(resp.content).hexdigest()
Example #6
0
    def upload_user_file_by_url(self, user, url, storage=None):
        """
        Uploads a user file by downloading it from the provided URL.

        :param user: The user on whose behalf the file is uploaded.
        :type user: User
        :param url: The URL where the file must be downloaded from.
        :type url: str
        :param storage: The storage where the file must be saved to.
        :type storage: Storage
        :raises FileURLCouldNotBeReached: If the file could not be downloaded from
            the URL or if it points to an internal service.
        :raises InvalidFileURLError: If the provided file url is invalid.
        :return: The newly created user file.
        :rtype: UserFile
        """

        parsed_url = urlparse(url)

        if parsed_url.scheme not in ["http", "https"]:
            raise InvalidFileURLError("Only http and https are allowed.")

        file_name = url.split("/")[-1]

        try:
            response = advocate.get(url, stream=True, timeout=10)

            if not response.ok:
                raise FileURLCouldNotBeReached(
                    "The response did not respond with an "
                    "OK status code.")

            content = response.raw.read(settings.USER_FILE_SIZE_LIMIT + 1,
                                        decode_content=True)
        except (RequestException, UnacceptableAddressException):
            raise FileURLCouldNotBeReached(
                "The provided URL could not be reached.")

        file = SimpleUploadedFile(file_name, content)
        return UserFileHandler().upload_user_file(user, file_name, file,
                                                  storage)
Example #7
0
 def test_get(self):
     self.assertEqual(advocate.get("http://example.com").status_code, 200)
     self.assertEqual(advocate.get("https://example.com").status_code, 200)