def test_allocate(self):
     store = session_store()
     store.find(TimeLimitedToken).remove()
     token1 = TimeLimitedToken.allocate('foo://')
     token2 = TimeLimitedToken.allocate('foo://')
     # We must get unique tokens
     self.assertNotEqual(token1, token2)
     # They must be bytestrings (as a surrogate for valid url fragment')
     self.assertIsInstance(token1, str)
     self.assertIsInstance(token2, str)
 def test_allocate(self):
     store = session_store()
     store.find(TimeLimitedToken).remove()
     token1 = TimeLimitedToken.allocate('foo://')
     token2 = TimeLimitedToken.allocate('foo://')
     # We must get unique tokens
     self.assertNotEqual(token1, token2)
     # They must be bytestrings (as a surrogate for valid url fragment')
     self.assertIsInstance(token1, str)
     self.assertIsInstance(token2, str)
Example #3
0
 def test_restricted_with_token(self):
     fileAlias, url = self.get_restricted_file_and_public_url()
     # We have the base url for a restricted file; grant access to it
     # for a short time.
     token = TimeLimitedToken.allocate(url)
     # Now we should be able to access the file.
     response = requests.get(url, params={"token": token})
     response.raise_for_status()
     self.assertEqual(b"a" * 12, response.content)
Example #4
0
 def test_restricted_with_token(self):
     fileAlias, url = self.get_restricted_file_and_public_url()
     # We have the base url for a restricted file; grant access to it
     # for a short time.
     token = TimeLimitedToken.allocate(url)
     url = url + "?token=%s" % token
     # Now we should be able to access the file.
     fileObj = urlopen(url)
     try:
         self.assertEqual("a"*12, fileObj.read())
     finally:
         fileObj.close()
Example #5
0
 def test_restricted_with_expired_token(self):
     fileAlias, url = self.get_restricted_file_and_public_url()
     # We have the base url for a restricted file; grant access to it
     # for a short time.
     token = TimeLimitedToken.allocate(url)
     # But time has passed
     store = session_store()
     tokens = store.find(TimeLimitedToken, TimeLimitedToken.token==token)
     tokens.set(
         TimeLimitedToken.created==SQL("created - interval '1 week'"))
     url = url + "?token=%s" % token
     # Now, as per test_restricted_no_token we should get a 404.
     self.require404(url)
Example #6
0
 def test_restricted_with_expired_token(self):
     fileAlias, url = self.get_restricted_file_and_public_url()
     # We have the base url for a restricted file; grant access to it
     # for a short time.
     token = TimeLimitedToken.allocate(url)
     # But time has passed
     store = session_store()
     tokens = store.find(
         TimeLimitedToken,
         TimeLimitedToken.token == hashlib.sha256(token).hexdigest())
     tokens.set(
         TimeLimitedToken.created == SQL("created - interval '1 week'"))
     # Now, as per test_restricted_no_token we should get a 404.
     self.require404(url, params={"token": token})
Example #7
0
    def test_restricted_with_token_encoding(self):
        fileAlias, url = self.get_restricted_file_and_public_url('foo~%')
        self.assertThat(url, EndsWith('/foo~%25'))

        # We have the base url for a restricted file; grant access to it
        # for a short time.
        token = TimeLimitedToken.allocate(url)

        # Now we should be able to access the file.
        response = requests.get(url, params={"token": token})
        response.raise_for_status()
        self.assertEqual(b"a" * 12, response.content)

        # The token is valid even if the filename is encoded differently.
        mangled_url = url.replace('~', '%7E')
        self.assertNotEqual(mangled_url, url)
        response = requests.get(url, params={"token": token})
        response.raise_for_status()
        self.assertEqual(b"a" * 12, response.content)
Example #8
0
 def test_restricted_file_headers(self):
     fileAlias, url = self.get_restricted_file_and_public_url()
     token = TimeLimitedToken.allocate(url)
     url = url + "?token=%s" % token
     # Change the date_created to a known value for testing.
     file_alias = IMasterStore(LibraryFileAlias).get(
         LibraryFileAlias, fileAlias)
     file_alias.date_created = datetime(
         2001, 01, 30, 13, 45, 59, tzinfo=pytz.utc)
     # Commit the update.
     self.commit()
     # Fetch the file via HTTP, recording the interesting headers
     result = urlopen(url)
     last_modified_header = result.info()['Last-Modified']
     cache_control_header = result.info()['Cache-Control']
     # No caching for restricted files.
     self.failUnlessEqual(cache_control_header, 'max-age=0, private')
     # And we should have a correct Last-Modified header too.
     self.failUnlessEqual(
         last_modified_header, 'Tue, 30 Jan 2001 13:45:59 GMT')
Example #9
0
 def test_restricted_file_headers(self):
     fileAlias, url = self.get_restricted_file_and_public_url()
     token = TimeLimitedToken.allocate(url)
     # Change the date_created to a known value for testing.
     file_alias = IMasterStore(LibraryFileAlias).get(
         LibraryFileAlias, fileAlias)
     file_alias.date_created = datetime(2001,
                                        1,
                                        30,
                                        13,
                                        45,
                                        59,
                                        tzinfo=pytz.utc)
     # Commit the update.
     self.commit()
     # Fetch the file via HTTP, recording the interesting headers
     response = requests.get(url, params={"token": token})
     last_modified_header = response.headers['Last-Modified']
     cache_control_header = response.headers['Cache-Control']
     # No caching for restricted files.
     self.assertEqual(cache_control_header, 'max-age=0, private')
     # And we should have a correct Last-Modified header too.
     self.assertEqual(last_modified_header, 'Tue, 30 Jan 2001 13:45:59 GMT')