Exemple #1
0
def test_get_content_with_token(self):
    rf = RequestsFactory(self.request_id)
    response = rf.add_file()

    valid_token = ResponseTokens(response.id)
    expired_token = ResponseTokens(response.id,
                                   expiration_date=datetime.utcnow())
    create_object(valid_token)
    create_object(expired_token)

    path = '/response/' + str(response.id)

    # invalid token (400)
    resp = self.client.get(path, query_string={'token': 'not_a_real_token'})
    self.assertEqual(resp.status_code, 400)

    # expired token (400)
    resp = self.client.get(path, query_string={'token': expired_token.token})
    self.assertEqual(resp.status_code, 400)
    self.assertTrue(
        ResponseTokens.query.filter_by(token=expired_token.token).first() is
        None)  # assert response token has been deleted

    # valid token (success)
    resp = self.client.get(path, query_string={'token': valid_token.token})
    self.assert_file_sent(resp, rf.request.id, response.name)
Exemple #2
0
 def test_edit_file_missing_file(self):
     rf = RequestsFactory(self.request_id)
     response = rf.add_file()
     old_filename = response.name
     old = [
         response.privacy, response.title, old_filename, response.mime_type,
         response.size, response.deleted
     ]
     new_filename = 'bovine.txt'
     with self.client as client:
         with client.session_transaction() as session:
             session['user_id'] = rf.requester.get_id()
             session['_fresh'] = True
         resp = self.client.patch('/response/' + str(response.id),
                                  data={
                                      'privacy': RELEASE_AND_PUBLIC,
                                      'title': 'The Cow Goes Quack',
                                      'filename': new_filename,
                                  })
     self.assertEqual(
         json.loads(resp.data.decode()),
         {'errors': ["File '{}' not found.".format(new_filename)]})
     # assert nothing was changed or created
     self.assertEqual(old, [
         response.privacy,
         response.title,
         old_filename,
         response.mime_type,
         response.size,
         response.deleted,
     ])
     self.assertTrue(
         os.path.exists(os.path.join(self.upload_path, old_filename)))
     events = Events.query.filter_by(response_id=response.id).all()
     self.assertFalse(events)
Exemple #3
0
def test_get_content(self):
    rf = RequestsFactory(self.request_id)
    response = rf.add_file()
    unassociated_user = create_user()

    path = '/response/' + str(response.id)
    redirect_url = urljoin(
        flask_request.url_root,
        url_for('auth.index',
                sso2=True,
                return_to=urljoin(flask_request.url_root, path)))

    # user not authenticated (redirect)
    resp = self.client.get(path)
    self.assertEqual(resp.location, redirect_url)

    # user authenticated but not associated with request (400)
    with self.client as client:
        with client.session_transaction() as session:
            session['user_id'] = unassociated_user.get_id()
            session['_fresh'] = True
        resp = self.client.get(path)
        self.assertEqual(resp.status_code, 400)

    # user authenticated and associated with request (success)
    with self.client as client:
        with client.session_transaction() as session:
            session['user_id'] = rf.requester.get_id()
            session['_fresh'] = True
        resp = self.client.get(path)
        self.assert_file_sent(resp, rf.request.id, response.name)
Exemple #4
0
 def test_post_update_existing(self, scan_and_complete_patch):
     """
     The uploaded file should be saved to quarantine in spite
     of having the same name as an previously uploaded file.
     """
     os.mkdir(self.upload_basepath)
     rf = RequestsFactory(self.request_id)
     rf.add_file(self.upload_path)
     file_contents = b"contents"
     with scan_and_complete_patch:
         response = self.client.post(
             '/upload/' + self.request_id,
             data={
                 "file": (BytesIO(file_contents), self.filename),
                 "update": True
             }
         )
         self.assertEqual(
             json.loads(response.data.decode()),
             {
                 "files": [{
                     "name": self.filename_secure,
                     "original_name": self.filename,
                     "size": len(file_contents)
                 }]
             }
         )
         # checked mocked call (is_update = True)
         scan_and_complete_patch.assert_called_once_with(
             self.request_id, self.quarantine_path, True)
     # check redis key set
     self.assertEqual(redis.get(self.key_update).decode(), upload_status.PROCESSING)
     # check file saved
     self.assertTrue(os.path.exists(self.quarantine_path))
Exemple #5
0
    def test_delete(self):
        rf = RequestsFactory(self.request_id)
        response = rf.add_file()

        with self.client as client, patch(
                'app.response.utils._send_delete_response_email'
        ) as send_email_patch:
            with client.session_transaction() as session:
                session['user_id'] = rf.requester.get_id()
                session['_fresh'] = True
            resp_bad_1 = self.client.patch('/response/' + str(response.id),
                                           data={
                                               'deleted': True,
                                               'confirmation': 'invalid'
                                           })

            self.assertEqual(json.loads(resp_bad_1.data.decode()),
                             {"message": "No changes detected."})
            self.assertFalse(response.deleted)

            resp_bad_2 = self.client.patch(
                '/response/' + str(response.id),
                data={
                    'deleted': True,
                    # confirmation missing
                })

            self.assertEqual(json.loads(resp_bad_2.data.decode()),
                             {"message": "No changes detected."})
            self.assertFalse(response.deleted)

            resp_good = self.client.patch('/response/' + str(response.id),
                                          data={
                                              'deleted': True,
                                              'confirmation': 'DELETE'
                                          })

            self.assertEquals(json.loads(resp_good.data.decode()), {
                'old': {
                    'deleted': 'False'
                },
                'new': {
                    'deleted': 'True'
                }
            })
            self.assertTrue(response.deleted)
            # Check file moved to 'deleted' directory
            self.assertFalse(
                os.path.exists(os.path.join(self.upload_path, response.name)))
            self.assertTrue(
                os.path.exists(
                    os.path.join(self.upload_path, DELETED_FILE_DIRNAME,
                                 response.hash)))

            # check email sent
            send_email_patch.assert_called_once_with(rf.request.id, response)
Exemple #6
0
def test_get_content_failure(self):
    # no Response
    resp = self.client.get('/response/42')
    self.assertEqual(resp.status_code, 400)

    rf = RequestsFactory()
    response = rf.add_note()
    # wrong Response type
    resp = self.client.get('/response/' + str(response.id))
    self.assertEqual(resp.status_code, 400)
Exemple #7
0
def test_get_content_with_token(self):
    rf = RequestsFactory(self.request_id)
    response = rf.add_file()

    valid_token = ResponseTokens(response.id)
    expired_token = ResponseTokens(response)
    create_object(valid_token)
    create_object(expired_token)

    path = '/response/' + str(response.id)

    # invalid token (400)
    resp = self.client.get(path, query_string={'token': 'not_a_real_token'})
    self.assertEqual(resp.status_code, 400)

    # valid token (success)
    resp = self.client.get(path, query_string={'token': valid_token.token})
    self.assert_file_sent(resp, rf.request.id, response.name)
Exemple #8
0
 def test_post_existing_file(self):
     os.mkdir(self.upload_basepath)
     rf = RequestsFactory(self.request_id)
     rf.add_file(self.upload_path)
     response = self.client.post(
         '/upload/' + self.request_id,
         data={
             "file": (BytesIO(b""), self.filename)
         }
     )
     self.assertEqual(
         json.loads(response.data.decode()),
         {
             "files": [{
                 "name": self.filename_secure,
                 "error": "A file with this name has already "
                          "been uploaded for this request."
             }]
         }
     )
     # make sure file wasn't deleted
     self.assertTrue(os.path.exists(self.upload_path))
Exemple #9
0
    def test_edit_file(self):
        rf = RequestsFactory(self.request_id)
        response = rf.add_file()

        old_filename = response.name
        data_old = {
            'privacy': response.privacy,
            'title': response.title,
            'name': old_filename,
            'mime_type': response.mime_type,
            'size': response.size,
            'hash': response.hash,
        }

        new_privacy = RELEASE_AND_PUBLIC
        new_filename = PNG_FILE_NAME
        new_title = "Updated Title, Shiny and Chrome"
        new_mime_type = 'image/png'
        new_size = os.path.getsize(PNG_FILE_PATH)
        new_hash = fu.get_hash(PNG_FILE_PATH)
        data_new = {
            'privacy': new_privacy,
            'title': new_title,
            'name': new_filename,
            'mime_type': new_mime_type,
            'size': new_size,
            'hash': new_hash,
        }

        # copy test file into proper directory
        path = os.path.join(self.upload_path, UPDATED_FILE_DIRNAME)
        os.makedirs(path)
        filepath = os.path.join(path, new_filename)
        shutil.copyfile(PNG_FILE_PATH, filepath)

        email_content_agency = "email content agency"
        email_content_requester = "email content requester"

        # https://github.com/mattupstate/flask-security/issues/259
        # http://stackoverflow.com/questions/16238462/flask-unit-test-how-to-test-request-from-logged-in-user/16238537#16238537
        with self.client as client, patch(
                'app.response.utils._send_edit_response_email'
        ) as send_email_patch, patch(
                'app.response.utils._get_edit_response_template',
                return_value=(email_content_requester, email_content_agency,
                              None)):
            with client.session_transaction() as session:
                session['user_id'] = rf.requester.get_id()
                session['_fresh'] = True
            # PUT it in there!
            resp = self.client.patch('/response/' + str(response.id),
                                     data={
                                         'privacy': new_privacy,
                                         'title': new_title,
                                         'filename': new_filename,
                                     })
            # check email sent
            send_email_patch.assert_called_once_with(rf.request.id,
                                                     email_content_agency,
                                                     email_content_requester)

        # check flask response
        self.assertEqual(json.loads(resp.data.decode()), {
            'old': data_old,
            'new': data_new
        })
        # check database (Responses & Metadatas)
        self.assertEqual([
            response.privacy,
            response.title,
            response.name,
            response.mime_type,
            response.size,
            response.hash,
        ], [
            new_privacy,
            new_title,
            new_filename,
            new_mime_type,
            new_size,
            new_hash,
        ])
        # check FILE_EDITED Event created
        events = Events.query.filter_by(response_id=response.id).all()
        self.assertEqual(len(events), 1)
        event = events[0]
        self.assertEqual([
            event.request_id,
            event.user_guid,
            event.auth_user_type,
            event.type,
            event.previous_value,
            event.new_value,
        ], [
            rf.request.id,
            rf.requester.guid,
            rf.requester.auth_user_type,
            FILE_EDITED,
            data_old,
            data_new,
        ])
        # check file replaced
        self.assertFalse(
            os.path.exists(os.path.join(self.upload_path, old_filename)))
        self.assertFalse(
            os.path.exists(
                os.path.join(self.upload_path, UPDATED_FILE_DIRNAME,
                             new_filename)))
        self.assertTrue(
            os.path.exists(os.path.join(self.upload_path, new_filename)))
Exemple #10
0
 def setUp(self):
     super(UpdateObjectTests, self).setUp()
     self.request_id = 'FOIL-UOT'
     self.rf = RequestsFactory(self.request_id)