def test_WrongPaths(self): """ Test path hacks for chrooting """ assert self.client.login( username='******', password='******' ) link = urlbilder( u'images', 5, p=u"Test Folder" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert escape( u"No such file lib or you don't have permissions" ) in unicode( resp.content, errors='ignore' ) link = urlbilder( u'images', self.lib.id, p=u"NO Folder" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert escape( u"path 'NO Folder' doesn't exist or it isn't a directory" ) in unicode( resp.content, errors='ignore' ) link = urlbilder( u'resize', 5, u"1280x720", p=u"fantasy-world.jpeg" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert escape( u"No such file lib or you don't have permissions" ) in unicode( resp.content, errors='ignore' ) link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"none.jpeg" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 404 # file exists but not jpg|jpeg link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"content.txt" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 404
def test_Upload_Files_Allowed(self): """ Test settings.LIMITED_FILES_ALLOWED """ settings.LIMITED_ANONYMOUS = True file0 = self.storage.open( u"content.txt" ) self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file0]} ) file0.close( ) assert self.storage.exists( u"Test Folder/content.txt" ) == False self.client.login( username='******', password='******' ) self.storage.extra.create( u"test.rar", "XXX" * 2 ** 4 ) file1 = self.storage.open( u"test.rar" ) self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file1]} ) file1.close( ) assert self.storage.exists( u"Test Folder/test.rar" ) == False settings.LIMITED_FILES_ALLOWED['ONLY'] = ['.+\.txt'] file2 = self.storage.open( u"Фото 007.bin" ) self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file2]} ) file2.close( ) assert self.storage.exists( u"Test Folder/Фото 007.bin" ) == False file3 = self.storage.open( u"content.txt" ) self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file3]} ) file3.close( ) assert self.storage.exists( u"Test Folder/content.txt" ) == True
def test_urlbilder(self): assert urlbilder('action', 2, "add") == "/lib2/action/add/" assert urlbilder('link', "hxhxhxhxhx", r='2') == "/link/hxhxhxhxhx/?r=2" assert urlbilder('link', "habr", r='/path/') == "/link/habr/?r=/path/" assert urlbilder('action', 2, "add", p='test', n='new dir') == "/lib2/action/add/?p=test&n=new%20dir"
def test_GalleryView(self): """ Test status code of gallery with login and not """ link = urlbilder( u'images', self.lib.id, p=u"Test Folder" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert escape( u"Login form" ) in unicode( resp.content, errors='ignore' ) assert self.client.login( username='******', password='******' ) link = urlbilder( u'images', self.lib.id, p=u"Test Folder" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200
def test_PathHacks(self): """ Test path hacks for chrooting """ assert self.client.login( username='******', password='******' ) link = urlbilder( u'images', self.lib.id, p=u"../" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert escape( u"IOError" ) in unicode( resp.content, errors='ignore' ) link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"../fantasy-world.jpeg" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert escape( u"IOError" ) in unicode( resp.content, errors='ignore' )
def test_Dosnt_Exists(self): """ Test Error doesn't exist of file or FileLib """ assert self.client.login(username='******', password='******') resp = self.client.get(urlbilder('browser', self.lib.id, p="None")) assert resp.status_code == 200 assert escape( u"path 'None' doesn't exist or it isn't a directory") in unicode( resp.content, errors='ignore') resp = self.client.get(urlbilder('browser', 10, p="None")) assert resp.status_code == 200 assert escape( u"No such file lib or you don't have permissions") in unicode( resp.content, errors='ignore')
def test_Add(self): """ Test action add. Create directory and upload file. """ url = u"http://www.google.ru/images/srpr/logo3w.png" link_mkdir = urlbilder( 'action', self.lib.id, 'add', n='New dir', p='' ) link_url = urlbilder( 'action', self.lib.id, 'add', n=url, p='' ) self.client.login( username='******', password='******' ) resp = self.client.get( link_mkdir, follow=True ) assert resp.status_code == 200 assert self.storage.exists( u"New dir" ) == True resp = self.client.get( link_url, follow=True ) assert resp.status_code == 200 assert self.storage.exists( u"logo3w.png" ) == True
def test_Zip(self): """ Test folder to zip/unzip """ self.client.login( username='******', password='******' ) self.storage.extra.create( u"Test Folder/test.txt", "double" ) link = urlbilder( 'action', self.lib.id, 'zip', p=u"Test Folder" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert self.storage.exists( u"Test Folder.zip" ) == True self.storage.remove( u"Test Folder" ) link = urlbilder( 'action', self.lib.id, 'zip', p=u"Test Folder.zip" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert self.storage.exists( u"Test Folder" ) == True assert self.storage.exists( u"Test Folder/test.txt" ) == True
def test_Anon_Trash(self): """ Test Trash of file libs for Anonymous """ self.setAnonymous(True) resp = self.client.get(urlbilder('trash', self.lib2.id)) assert resp.status_code == 200 assert resp.context['files'].__len__() == 0 resp = self.client.get(urlbilder('trash', self.lib.id)) assert resp.status_code == 200 assert resp.context['files'].__len__() == 1 resp = self.client.get(urlbilder('trash', 10)) assert resp.status_code == 200 assert escape( u"No such file lib or you don't have permissions") in unicode( resp.content, errors='ignore')
def test_Chroot(self): """ Test to inject in path something like that '../' """ self.client.login( username='******', password='******' ) for item in ['../', 'Test Folder/../../', '/', '/home', ]: link = urlbilder( 'browser', self.lib.id, p=item ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert "IOError" in resp.content, link
def test_Admin_History(self): """ Test History of History for Admin """ assert self.client.login(username='******', password='******') resp = self.client.get(urlbilder('history', self.lib2.id)) assert resp.status_code == 200 assert resp.context['history'].__len__() == 0 resp = self.client.get(urlbilder('history', self.lib.id)) assert resp.status_code == 200 assert resp.context['history'].__len__() == 3 resp = self.client.get(urlbilder('history', 10)) assert resp.status_code == 200 assert escape( u"No such file lib or you don't have permissions") in unicode( resp.content, errors='ignore')
def test_LinkToGallery(self): """ Test status code of resize view """ assert self.client.login( username='******', password='******' ) link = urlbilder( 'browser', self.lib.id, p='Test Folder' ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert escape( u"View in a gallery" ) in unicode( resp.content, errors='ignore' )
def test_Upload(self): """ Test Upload files """ file1 = self.storage.open( u"content.txt" ) self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file1]} ) file1.close( ) assert self.storage.exists( u"Test Folder/content.txt" ) == False self.client.login( username='******', password='******' ) file1 = self.storage.open( u"content.txt" ) self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file1]} ) file1.close( ) assert self.storage.exists( u"Test Folder/content.txt" ) == True file1 = self.storage.open( u"content.txt" ) file2 = self.storage.open( u"Фото 007.bin" ) self.storage.extra.create( u"test.io.text", "double" ) file3 = self.storage.open( u"test.io.text" ) self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file1, file2, file3]} ) file1.close( ) file2.close( ) file3.close( ) assert self.storage.exists( u"Test Folder/content.txt" ) == True assert self.storage.exists( u"Test Folder/Фото 007.bin" ) == True assert self.storage.exists( u"Test Folder/test.io.text" ) == True self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': []} ) his = self.getLastHistory( ) assert len( his.files ) == 3 assert his.files[0] == u"content.txt" assert his.files[1] == u"Фото 007.bin" assert his.files[2] == u"test.io.text" name = u"1a+-(_).t2t" self.storage.extra.create( name, "double" ) file4 = self.storage.open( name ) self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file4]} ) file4.close( ) assert self.storage.exists( u"Test Folder/{0}".format( name ) ) == True
def test_Admin_Trash(self): """ Test Trash of file libs for Admin """ assert self.client.login(username='******', password='******') if self.storage2.exists(settings.LIMITED_TRASH_PATH): self.storage2.remove(settings.LIMITED_TRASH_PATH) resp = self.client.get(urlbilder('trash', self.lib2.id)) assert self.storage2.exists(settings.LIMITED_TRASH_PATH) == True assert resp.status_code == 200 assert resp.context['files'].__len__() == 0 resp = self.client.get(urlbilder('trash', self.lib.id)) assert resp.status_code == 200 assert resp.context['files'].__len__() == 1 resp = self.client.get(urlbilder('trash', 10)) assert resp.status_code == 200 assert escape( u"No such file lib or you don't have permissions") in unicode( resp.content, errors='ignore')
def test_ResizeView(self): """ Test status code of reisze view with login and not """ link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"Test Folder/fantasy-world.jpeg" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert escape( u"Login form" ) in unicode( resp.content, errors='ignore' ) assert self.client.login( username='******', password='******' ) link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"Test Folder/fantasy-world.jpeg" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 assert self.client.login( username='******', password='******' ) link = urlbilder( u'resize', self.lib.id, u"200x200xC", p=u"Test Folder/fantasy-world.jpeg" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 200 # ResizeOptionsError assert self.client.login( username='******', password='******' ) link = urlbilder( u'resize', self.lib.id, u"200d200xC", p=u"Test Folder/fantasy-world.jpeg" ) resp = self.client.get( link, follow=True ) assert resp.status_code == 404
def test_Clear(self): """ Test ActionClear. test with not stuff user and with administrator """ link_cache = urlbilder( u'clear', self.lib.id, u'cache' ) link_trash = urlbilder( u'clear', self.lib.id, u'trash' ) file_cache = FilePath.join( settings.LIMITED_CACHE_PATH, u"test.bin" ) file_trash = FilePath.join( settings.LIMITED_TRASH_PATH, u"test.bin" ) self.storage.extra.create( file_cache, u"Test" ) self.storage.extra.create( file_trash, u"Test" ) self.client.login( username='******', password='******' ) resp = self.client.get( link_cache, follow=True ) assert resp.status_code == 200 assert escape( u"You have no permission to clear cache" ) in unicode( resp.content, errors='ignore' ) assert self.storage.exists( file_cache ) == True resp = self.client.get( link_trash, follow=True ) assert resp.status_code == 200 assert escape( u"You have no permission to clear trash" ) in unicode( resp.content, errors='ignore' ) assert self.storage.exists( file_trash ) == True self.client.login( username='******', password='******' ) resp = self.client.get( link_cache ) assert resp.status_code == 302 assert self.storage.exists( file_cache ) == False resp = self.client.get( link_trash ) assert resp.status_code == 302 assert self.storage.exists( file_trash ) == False
def test_Anon_Redirects(self): """ Test redirect to login page when user is Anonymous and settings.LIMITED_ANONYMOUS = False """ assert self.client.get('/').status_code == 302 assert self.client.get(urlbilder('browser', 1)).status_code == 302 assert self.client.get(urlbilder('trash', 1)).status_code == 302 assert self.client.get(urlbilder('history', 1)).status_code == 302 assert self.client.get(urlbilder('action', 1, 'delete', p='')).status_code == 302 assert self.client.get(urlbilder('clear', 1, 'cache')).status_code == 302 assert self.client.get(urlbilder('download', 1)).status_code == 302 assert self.client.get(urlbilder('upload', 1)).status_code == 302
def test_Path_Arr(self): """ Test ``class="breadcrumbs"`` in html or ``patharr`` in template interpretation. The order is not important because we already check it in ``CodeTest.test_split_path`` """ self.client.login(username='******', password='******') link = urlbilder('browser', self.lib2.id, p='limited/core/templatetags') resp = self.client.get(link) assert resp.status_code == 200 assert '<a href="/">#Home</a>' in resp.content assert '<a href="/lib1/">FileManager</a>' in resp.content assert '<a href="/lib1/?p=limited">limited</a>' in resp.content assert 'templatetags' in resp.content
def test_Feeds(self): """ Test that check feed exists for anon """ self.setAnonymous(True) rss_token = Profile.objects.get(user=self.data.UserB7W).rss_token Home.objects.filter(user=self.data.UserAnon, lib=self.data.LibTest).delete() def assertFeed(link, count): """ Simple helper to assert status code and count '<item>' in html code :param link: full link to page :param count: right count of '<item>' :return: None """ resp = self.client.get(link) assert resp.status_code == 200 assert unicode(resp.content, errors='ignore').count(u"<item>") == count link_anon = urlbilder('rss.user.anon') link_all = urlbilder('rss.user.all', rss_token) link_fm = urlbilder('rss.user.lib', rss_token, self.data.LibFM.id) link_test = urlbilder('rss.user.lib', rss_token, self.data.LibTest.id) assertFeed(link_anon, 0) History(user=self.data.UserAnon, lib=self.data.LibFM, type=3, path=u"Фото 070.jpg").save() assertFeed(link_anon, 1) assertFeed(link_fm, 1) assertFeed(link_test, 3) assertFeed(link_all, 4) resp = self.client.get(urlbilder('rss.user.all', u'none_exists')) assert resp.status_code == 404 resp = self.client.get(urlbilder('rss.user.lib', rss_token, 100)) assert resp.status_code == 404
def test_Download(self): """ Test response of download page """ self.client.login(username='******', password='******') link = urlbilder(u'download', self.lib.id, p=u'No Folder') resp = self.client.get(link) assert resp.status_code == 200 assert escape(u"No file or directory find") in unicode(resp.content, errors='ignore') link = urlbilder(u'download', self.lib.id, p=u'content.txt') resp = self.client.get(link) assert resp.status_code == 200 link = urlbilder(u'download', self.lib.id, p=u'Test Folder') resp = self.client.get(link) assert resp.status_code == 200 link = urlbilder(u'link', u"no_such_hash") resp = self.client.get(link) assert resp.status_code == 200 assert escape( u"such object does not exists or link is out of time") in unicode( resp.content, errors='ignore') hash = Link.objects.get(id=1).hash link = urlbilder('link', hash) resp = self.client.get(link) assert resp.status_code == 200 Link.objects.filter(id=1).update(path="No File") hash = Link.objects.get(id=1).hash link = urlbilder('link', hash) resp = self.client.get(link) assert resp.status_code == 200 assert escape(u"No file or directory find") in unicode(resp.content, errors='ignore')
def upload(): opn = self.storage.open with opn(u"test1.txt") as f1, opn(u"test2.txt") as f2: self.client.post(urlbilder(u'upload', self.lib.id), {'p': 'Test Folder', 'files': [f1, f2]}) assert self.storage.exists(u"Test Folder/test1.txt") == True assert self.storage.exists(u"Test Folder/test2.txt") == True
def test_Login(self): """ Test login page and redirect to login page """ resp = self.client.get(urlbilder('login')) assert resp.status_code == 200
def test_Anon_Action(self): """ Test Action for Anonymous in ID1: FileManager with ID5: Edit False, Move False, Delete False, Create True, Upload False, Http_get False, """ self.setAnonymous(True) storage = self.lib2.getStorage() # add True link = urlbilder('action', self.lib2.id, "add", p='', n='new dir') resp = self.client.get(link, follow=True) assert resp.status_code == 200 assert resp.context['messages'].__len__() == 1 assert 'created' in [ m.message for m in list(resp.context['messages']) ][0] storage.remove(FilePath.join('', 'new dir')) # delete False link = urlbilder('action', self.lib2.id, "delete", p=u"Фото 007.bin") resp = self.client.get(link, follow=True) assert resp.status_code == 200 assert resp.context['messages'].__len__() == 1 assert 'You have no permission' in [ m.message for m in list(resp.context['messages']) ][0] # trash False link = urlbilder('action', self.lib2.id, "trash", p=u"Фото 007.bin") resp = self.client.get(link, follow=True) assert resp.status_code == 200 assert resp.context['messages'].__len__() == 1 assert 'You have no permission' in [ m.message for m in list(resp.context['messages']) ][0] # rename False link = urlbilder('action', self.lib2.id, "rename", p=u"Фото 007.bin", n='Фото070.jpg') resp = self.client.get(link, follow=True) assert resp.status_code == 200 assert resp.context['messages'].__len__() == 1 assert 'You have no permission' in [ m.message for m in list(resp.context['messages']) ][0] # move False link = urlbilder('action', self.lib2.id, "move", p=u"Фото 007.bin", n='/') resp = self.client.get(link, follow=True) assert resp.status_code == 200 assert resp.context['messages'].__len__() == 1 assert 'You have no permission' in [ m.message for m in list(resp.context['messages']) ][0] # link True link = urlbilder('action', self.lib2.id, "link", p=u"Фото 007.bin") resp = self.client.get(link, follow=True) assert resp.status_code == 200 assert resp.context['messages'].__len__() == 1 assert 'link' in [m.message for m in list(resp.context['messages'])][0] # zip False link = urlbilder('action', self.lib2.id, "zip", p=u"Фото 007.bin") resp = self.client.get(link, follow=True) assert resp.status_code == 200 assert resp.context['messages'].__len__() == 1 assert 'You have no permission' in [ m.message for m in list(resp.context['messages']) ][0] # size very simple dir test link = urlbilder('action', self.lib2.id, "size", p='docs') resp = self.client.get(link, follow=True) assert resp.status_code == 200 size = filesizeformat(storage.size('docs', dir=True, cached=False)) assert size == resp.content.strip()
def item_link(self, item): return urlbilder(u"browser", item.lib_id, p=item.path, hl=item.hash())
def UploadView( request, id ): """ Files upload to POST 'h' - home id, 'p' - path, 'files' """ if request.user.is_anonymous( ) and not settings.LIMITED_ANONYMOUS: return HttpResponseRedirect( '%s?next=%s' % (settings.LOGIN_URL, request.path) ) lib_id = int( id ) path = request.POST['p'] if not FilePath.check(path, norm=True): logger.error( u"Files. Path check fail. home_id:{0}, path:{1}".format( lib_id, path ) ) return RenderError( request, u"IOError, Permission denied" ) if request.method == u"POST": file_paths = [] try: # file paths to delete them after any Exception home = get_home( request.user, lib_id ) if not home.permission.upload: raise PermissionError( u"You have no permission to upload" ) user = get_user( request.user ) storage = home.lib.getStorage( ) files = request.FILES.getlist( u'files' ) if not len( files ): messages.warning( request, u"No any files selected" ) return HttpResponseReload( request ) for file in files: if not check_file_name( file.name ): raise PermissionError( settings.LIMITED_FILES_MESSAGE.format( file.name ) ) history = History( user=user, lib=home.lib, type=History.UPLOAD, path=path ) for file in files: fool_path = FilePath.join( path, file.name ) name = storage.save( fool_path, file ) file_paths.append( name ) history.files = [FilePath.name( i ) for i in file_paths] history.save( ) if settings.LIMITED_EMAIL_NOTIFY['ENABLE']: domain = Site.objects.get_current( ).domain link = urlbilder( u"browser", lib_id, p=history.path ) libs = Home.objects.filter( lib_id=lib_id ) users = [i.user_id for i in libs] notify = MailFileNotify( ) notify.body = u"New files upload to '{0}' by user {1}\n".format(path or '/', history.user) notify.body += u"Link http://{0}{1}&hl={2}\n".format(domain, link, history.hash()) notify.files = [i.name for i in files] notify.users = users # Hack to stay in one thread and test mail.outbox notify.run( ) if settings.TEST else notify.start( ) except ObjectDoesNotExist: logger.error( u"Upload. No such file lib or you don't have permissions. home_id:{0}".format( lib_id ) ) return RenderError( request, u"No such file lib or you don't have permissions" ) except PermissionError as e: logger.info( u"Upload. {0}. home_id:{1}, path:{2}".format( e, lib_id, path ) ) messages.error( request, e ) except Exception: for file in file_paths: if storage.exists( file ): storage.remove( file ) raise return HttpResponseReload( request )
def dir_trash(self, obj): size = filesizeformat(obj.get_trash_size()) url = urlbilder(u'clear', obj.id, u'trash') return u'{0} / <a href="{1}">clear</a>'.format(size, url)