def test_connect_without_local_addresses(self,
mock_determine_local_addresses):
fake_addresses = [ipaddress.ip_network("200.1.1.1")]
mock_determine_local_addresses.return_value = fake_addresses
validator = permissive_validator(autodetect_local_addresses=True)
advocate.get("http://example.com/", validator=validator)
# Check that `is_ip_allowed` didn't make its own call to determine
# local addresses
mock_determine_local_addresses.assert_called_once_with()
mock_determine_local_addresses.reset_mock()
validator = permissive_validator(autodetect_local_addresses=False)
advocate.get("http://example.com", validator=validator)
mock_determine_local_addresses.assert_not_called()
def test_connection_reuse(self, mock_new_conn):
# Just because you can use an existing connection doesn't mean you
# should. The disadvantage of us working at the socket level means that
# we get bitten if a connection pool is shared between regular requests
# and advocate.
# This can never happen with requests, but let's set a good example :)
with CheckedSocket.bypass_checks():
# HTTPBin supports `keep-alive`, so it's a good test subject
requests.get("http://httpbin.org/")
try:
advocate.get("http://httpbin.org/")
except:
pass
# Requests may retry several times, but our mock doesn't return a real
# socket. Just check that it tried to create one.
mock_new_conn.assert_any_call()
def save_cover_from_url(url, book_path):
try:
if cli_param.allow_localhost:
img = requests.get(url, timeout=(10, 200), allow_redirects=False) # ToDo: Error Handling
elif use_advocate:
img = advocate.get(url, timeout=(10, 200), allow_redirects=False) # ToDo: Error Handling
else:
log.error("python module advocate is not installed but is needed")
return False, _("Python module 'advocate' is not installed but is needed for cover uploads")
img.raise_for_status()
return save_cover(img, book_path)
except (socket.gaierror,
requests.exceptions.HTTPError,
requests.exceptions.InvalidURL,
requests.exceptions.ConnectionError,
requests.exceptions.Timeout) as ex:
# "Invalid host" can be the result of a redirect response
log.error(u'Cover Download Error %s', ex)
return False, _("Error Downloading Cover")
except MissingDelegateError as ex:
log.info(u'File Format Error %s', ex)
return False, _("Cover Format Error")
except UnacceptableAddressException as e:
log.error("Localhost or local network was accessed for cover upload")
return False, _("You are not allowed to access localhost or the local network for cover uploads")
def test_redirect(self):
# Make sure httpbin even works
test_url = "http://httpbin.org/status/204"
self.assertEqual(advocate.get(test_url).status_code, 204)
redir_url = "http://httpbin.org/redirect-to?url=http://127.0.0.1/"
self.assertRaises(UnacceptableAddressException, advocate.get,
redir_url)
def get_hash():
url = request.args.get("url")
if not url:
return "Please specify a url!"
try:
headers = {"User-Agent": "Hashifier 0.1"}
resp = advocate.get(url, headers=headers)
except advocate.UnacceptableAddressException:
return "That URL points to a forbidden resource"
except requests.RequestException:
return "Failed to connect to the specified URL"
return hashlib.sha256(resp.content).hexdigest()
def upload_user_file_by_url(self, user, url, storage=None):
"""
Uploads a user file by downloading it from the provided URL.
:param user: The user on whose behalf the file is uploaded.
:type user: User
:param url: The URL where the file must be downloaded from.
:type url: str
:param storage: The storage where the file must be saved to.
:type storage: Storage
:raises FileURLCouldNotBeReached: If the file could not be downloaded from
the URL or if it points to an internal service.
:raises InvalidFileURLError: If the provided file url is invalid.
:return: The newly created user file.
:rtype: UserFile
"""
parsed_url = urlparse(url)
if parsed_url.scheme not in ["http", "https"]:
raise InvalidFileURLError("Only http and https are allowed.")
file_name = url.split("/")[-1]
try:
response = advocate.get(url, stream=True, timeout=10)
if not response.ok:
raise FileURLCouldNotBeReached(
"The response did not respond with an "
"OK status code.")
content = response.raw.read(settings.USER_FILE_SIZE_LIMIT + 1,
decode_content=True)
except (RequestException, UnacceptableAddressException):
raise FileURLCouldNotBeReached(
"The provided URL could not be reached.")
file = SimpleUploadedFile(file_name, content)
return UserFileHandler().upload_user_file(user, file_name, file,
storage)
def test_get(self):
self.assertEqual(advocate.get("http://example.com").status_code, 200)
self.assertEqual(advocate.get("https://example.com").status_code, 200)
