def test_restricted_subdomain_must_match_file_alias(self):
# IFF there is a .restricted. in the host, then the library file alias
# in the subdomain must match that in the path.
client = LibrarianClient()
fileAlias = client.addFile('sample',
12,
BytesIO(b'a' * 12),
contentType='text/plain')
fileAlias2 = client.addFile('sample',
12,
BytesIO(b'b' * 12),
contentType='text/plain')
self.commit()
url = client.getURLForAlias(fileAlias)
download_host = urlparse(config.librarian.download_url)[1]
if ':' in download_host:
download_host = download_host[:download_host.find(':')]
template_host = 'i%%d.restricted.%s' % download_host
path = get_libraryfilealias_download_path(fileAlias, 'sample')
# The basic URL must work.
response = requests.get(url)
response.raise_for_status()
# Use the network level protocol because DNS resolution won't work
# here (no wildcard support)
connection = httplib.HTTPConnection(config.librarian.download_host,
config.librarian.download_port)
# A valid subdomain based URL must work.
good_host = template_host % fileAlias
connection.request("GET", path, headers={'Host': good_host})
response = connection.getresponse()
response.read()
self.assertEqual(200, response.status, response)
# A subdomain based URL trying to put fileAlias into the restricted
# domain of fileAlias2 must not work.
hostile_host = template_host % fileAlias2
connection.request("GET", path, headers={'Host': hostile_host})
response = connection.getresponse()
response.read()
self.assertEqual(404, response.status)
# A subdomain which matches the LFA but is nested under one that
# doesn't is also treated as hostile.
nested_host = 'i%d.restricted.i%d.restricted.%s' % (
fileAlias, fileAlias2, download_host)
connection.request("GET", path, headers={'Host': nested_host})
response = connection.getresponse()
response.read()
self.assertEqual(404, response.status)
def test_restricted_subdomain_must_match_file_alias(self):
# IFF there is a .restricted. in the host, then the library file alias
# in the subdomain must match that in the path.
client = LibrarianClient()
fileAlias = client.addFile('sample', 12, StringIO('a'*12),
contentType='text/plain')
fileAlias2 = client.addFile('sample', 12, StringIO('b'*12),
contentType='text/plain')
self.commit()
url = client.getURLForAlias(fileAlias)
download_host = urlparse(config.librarian.download_url)[1]
if ':' in download_host:
download_host = download_host[:download_host.find(':')]
template_host = 'i%%d.restricted.%s' % download_host
path = get_libraryfilealias_download_path(fileAlias, 'sample')
# The basic URL must work.
urlopen(url)
# Use the network level protocol because DNS resolution won't work
# here (no wildcard support)
connection = httplib.HTTPConnection(
config.librarian.download_host,
config.librarian.download_port)
# A valid subdomain based URL must work.
good_host = template_host % fileAlias
connection.request("GET", path, headers={'Host': good_host})
response = connection.getresponse()
response.read()
self.assertEqual(200, response.status, response)
# A subdomain based URL trying to put fileAlias into the restricted
# domain of fileAlias2 must not work.
hostile_host = template_host % fileAlias2
connection.request("GET", path, headers={'Host': hostile_host})
response = connection.getresponse()
response.read()
self.assertEqual(404, response.status)
# A subdomain which matches the LFA but is nested under one that
# doesn't is also treated as hostile.
nested_host = 'i%d.restricted.i%d.restricted.%s' % (
fileAlias, fileAlias2, download_host)
connection.request("GET", path, headers={'Host': nested_host})
response = connection.getresponse()
response.read()
self.assertEqual(404, response.status)
def getURLForAliasObject(self, alias):
"""See `IFileDownloadClient`."""
if alias.deleted:
return None
path = get_libraryfilealias_download_path(alias.id, alias.filename)
return urljoin(self.download_url, path)
def getURLForAliasObject(self, alias):
"""See `IFileDownloadClient`."""
if alias.deleted:
return None
path = get_libraryfilealias_download_path(alias.id, alias.filename)
return urljoin(self.download_url, path)
