def testProjectWithLogo(self): bucket_name = 'testbucket' logo_gcs_id = '123' logo_file_name = 'logo.png' project_pb = project_pb2.MakeProject('testProject', logo_gcs_id=logo_gcs_id, logo_file_name=logo_file_name) self.mox.StubOutWithMock(app_identity, 'get_default_gcs_bucket_name') app_identity.get_default_gcs_bucket_name().AndReturn(bucket_name) self.mox.StubOutWithMock(gcs_helpers, 'SignUrl') gcs_helpers.SignUrl(bucket_name, logo_gcs_id + '-thumbnail').AndReturn('signed/url') gcs_helpers.SignUrl(bucket_name, logo_gcs_id).AndReturn('signed/url') self.mox.ReplayAll() view = tracker_views.LogoView(project_pb) self.mox.VerifyAll() self.assertEquals('logo.png', view.filename) self.assertEquals('image/png', view.mimetype) self.assertEquals('signed/url', view.thumbnail_url) self.assertEquals( 'signed/url&response-content-displacement=attachment%3B' '+filename%3Dlogo.png', view.viewurl)
def testGatherPageData_DownloadBadFilename(self): aid = self.attachment.attachment_id path = '/p/proj/issues/attachment?aid=%s&signed_aid=signed_%d' % ( aid, aid) self.attachment.filename = '<script>alert("xsrf")</script>.txt'; safe_filename = 'attachment-%d.dat' % aid self.mox.StubOutWithMock(gcs_helpers, 'MaybeCreateDownload') gcs_helpers.MaybeCreateDownload( 'app_default_bucket', '/pid/attachments/object_id', safe_filename).AndReturn(True) self.mox.StubOutWithMock(gcs_helpers, 'SignUrl') gcs_helpers.SignUrl( 'app_default_bucket', '/pid/attachments/object_id-download' ).AndReturn('googleusercontent.com/...-download...') self.mox.StubOutWithMock(self.servlet, 'redirect') _request, mr = testing_helpers.GetRequestObjects( project=self.project, path=path, perms=permissions.READ_ONLY_PERMISSIONSET) # includes VIEW self.servlet.redirect(mox.And( mox.Not(mox.StrContains(self.attachment.filename)), mox.StrContains('googleusercontent.com')), abort=True) self.mox.ReplayAll() self.servlet.GatherPageData(mr) self.mox.VerifyAll()
def testSignUrl_Success(self, mock_FetchSignedURL): with mock.patch( 'google.appengine.api.app_identity.get_access_token') as gat: gat.return_value = ['token'] mock_FetchSignedURL.return_value = 'signed url' signed_url = gcs_helpers.SignUrl('bucket', '/object') self.assertEquals('signed url', signed_url)
def __init__(self, project_pb): if (not project_pb or not project_pb.logo_gcs_id or not project_pb.logo_file_name): self.thumbnail_url = '' self.viewurl = '' return object_path = ('/' + app_identity.get_default_gcs_bucket_name() + project_pb.logo_gcs_id) self.filename = project_pb.logo_file_name self.mimetype = filecontent.GuessContentTypeFromFilename(self.filename) self.thumbnail_url = gcs_helpers.SignUrl(object_path + '-thumbnail') self.viewurl = ( gcs_helpers.SignUrl(object_path) + '&' + urllib.urlencode( {'response-content-displacement': ('attachment; filename=%s' % self.filename)}))
def __init__(self, project_pb): super(LogoView, self).__init__(None) if (not project_pb or not project_pb.logo_gcs_id or not project_pb.logo_file_name): self.thumbnail_url = '' self.viewurl = '' return bucket_name = app_identity.get_default_gcs_bucket_name() gcs_object = project_pb.logo_gcs_id self.filename = project_pb.logo_file_name self.mimetype = filecontent.GuessContentTypeFromFilename(self.filename) self.thumbnail_url = gcs_helpers.SignUrl(bucket_name, gcs_object + '-thumbnail') self.viewurl = (gcs_helpers.SignUrl(bucket_name, gcs_object) + '&' + urllib.urlencode({ 'response-content-displacement': ('attachment; filename=%s' % self.filename) }))
def GatherPageData(self, mr): """Parse the attachment ID from the request and serve its content. Args: mr: commonly used info parsed from the request. Returns: dict of values used by EZT for rendering the page. """ if mr.signed_aid != attachment_helpers.SignAttachmentID(mr.aid): webapp2.abort(400, 'Please reload the issue page') try: attachment, _issue = tracker_helpers.GetAttachmentIfAllowed( mr, self.services) except exceptions.NoSuchIssueException: webapp2.abort(404, 'issue not found') except exceptions.NoSuchAttachmentException: webapp2.abort(404, 'attachment not found') except exceptions.NoSuchCommentException: webapp2.abort(404, 'comment not found') if not attachment.gcs_object_id: webapp2.abort(404, 'attachment data not found') bucket_name = app_identity.get_default_gcs_bucket_name() gcs_object_id = attachment.gcs_object_id logging.info('attachment id %d is %s', mr.aid, gcs_object_id) # By default GCS will return images and attachments displayable inline. if mr.thumb: # Thumbnails are stored in a separate obj always displayed inline. gcs_object_id = gcs_object_id + '-thumbnail' elif not mr.inline: # Downloads are stored in a separate obj with disposiiton set. filename = attachment.filename if not framework_constants.FILENAME_RE.match(filename): logging.info('bad file name: %s' % attachment.attachment_id) filename = 'attachment-%d.dat' % attachment.attachment_id if gcs_helpers.MaybeCreateDownload(bucket_name, gcs_object_id, filename): gcs_object_id = gcs_object_id + '-download' url = gcs_helpers.SignUrl(bucket_name, gcs_object_id) self.redirect(url, abort=True)
def testSignUrl_DownloadError(self, mock_FetchSignedURL): mock_FetchSignedURL.side_effect = urlfetch.DownloadError self.assertEquals('/missing-gcs-url', gcs_helpers.SignUrl('bucket', '/object'))