def test_bad_id():
user = ScreenshotsClient()
user.login()
try:
try:
user.create_shot(shot_id="!!!/test.com")
except HTTPError, e:
if e.response.status_code != 400:
raise
finally:
user.delete_account()
def test_bad_id():
user = ScreenshotsClient()
user.login()
try:
try:
user.create_shot(shot_id="!!!/test.com")
except HTTPError, e:
if e.response.status_code != 400:
raise
finally:
user.delete_account()
def test_put_large_image():
user = ScreenshotsClient()
user.login()
try:
try:
user.create_shot(pad_image_to_length=100 * 1000 * 1000)
except HTTPError, e:
if e.response.status_code != 413:
raise
finally:
user.delete_account()
def test_put_large_image():
user = ScreenshotsClient()
user.login()
try:
try:
user.create_shot(pad_image_to_length=100 * 1000 * 1000)
except HTTPError, e:
if e.response.status_code != 413:
raise
finally:
user.delete_account()
def test_update():
user = ScreenshotsClient()
user.login()
shot_url = user.create_shot(docTitle="A_TEST_SITE_1", image_index=0)
shot_page = user.read_shot(shot_url)
assert "A_TEST_SITE_1" in shot_page["page"]
shot_id = urlparse.urlsplit(shot_url).path.strip("/")
user.create_shot(shot_id=shot_id, docTitle="A_TEST_SITE_2", image_index=1)
later_shot_page = user.read_shot(shot_url)
assert "A_TEST_SITE_2" in later_shot_page["page"]
assert later_shot_page["clip_content"]
assert later_shot_page["clip_content"] != shot_page["clip_content"]
assert later_shot_page["clip_url"] != shot_page["clip_url"]
def test_update():
user = ScreenshotsClient()
user.login()
shot_url = user.create_shot(docTitle="A_TEST_SITE_1", image_index=0)
shot_page = user.read_shot(shot_url)
assert "A_TEST_SITE_1" in shot_page["page"]
shot_id = urlparse.urlsplit(shot_url).path.strip("/")
user.create_shot(shot_id=shot_id, docTitle="A_TEST_SITE_2", image_index=1)
later_shot_page = user.read_shot(shot_url)
assert "A_TEST_SITE_2" in later_shot_page["page"]
assert later_shot_page["clip_content"]
assert later_shot_page["clip_content"] != shot_page["clip_content"]
assert later_shot_page["clip_url"] != shot_page["clip_url"]
def test_put_auth():
first_user = ScreenshotsClient()
second_user = ScreenshotsClient()
first_user.login()
second_user.login()
shot_url = first_user.create_shot(docTitle="A_TEST_SITE_1")
shot_id = urlparse.urlsplit(shot_url).path.strip("/")
shot_page = first_user.read_shot(shot_url)
print(first_user.read_shot(shot_url)["clip_url"], shot_page["clip_url"])
assert first_user.read_shot(
shot_url)["clip_content"] == shot_page["clip_content"]
assert "A_TEST_SITE_1" in shot_page["page"]
try:
second_user.create_shot(shot_id=shot_id, docTitle="A_TEST_SITE_2")
except requests.HTTPError, e:
if e.response.status_code != 403:
raise
def test_scopes():
user = ScreenshotsClient()
user.login()
abtests = user.session.cookies["abtests"]
abtests_sig = user.session.cookies["abtests.sig"]
print(abtests, abtests_sig)
shot = user.create_shot(docTitle="A_TEST_SITE")
page = user.read_shot(shot)
download_url = page["download_url"]
resp = user.session.get(download_url)
assert resp.headers.get("Content-Disposition")
mixed_up = "%s?download=%s&sig=%s" % (
download_url.split("?")[0],
urllib.quote(abtests),
urllib.quote(abtests_sig),
)
resp = user.session.get(mixed_up)
assert not resp.headers.get("Content-Disposition")
def test_leave_screenshots_clears_csrf_cookie():
user = ScreenshotsClient()
user.login()
leave_resp = user.session.get(user.backend + "/leave-screenshots/")
assert leave_resp.status_code == 200
assert_httponly_csrf_cookie(user.session)
page = leave_resp.text
csrf_match = re.search(r'<input.*name="_csrf".*value="([^"]*)"', page)
csrf = csrf_match.group(1)
first_csrf_cookie = user.session.cookies.get('_csrf')
resp = user.session.post(urljoin(user.backend, "/leave-screenshots/leave"),
json={"_csrf": csrf})
assert resp.status_code == 200
assert first_csrf_cookie != user.session.cookies.get('_csrf')
def test_leave_screenshots_clears_csrf_cookie():
user = ScreenshotsClient()
user.login()
leave_resp = user.session.get(user.backend + "/leave-screenshots/")
assert leave_resp.status_code == 200
assert_httponly_csrf_cookie(user.session)
page = leave_resp.text
csrf_match = re.search(r'<input.*name="_csrf".*value="([^"]*)"', page)
csrf = csrf_match.group(1)
first_csrf_cookie = user.session.cookies.get('_csrf')
resp = user.session.post(
urljoin(user.backend, "/leave-screenshots/leave"),
json={"_csrf": csrf})
assert resp.status_code == 200
assert first_csrf_cookie != user.session.cookies.get('_csrf')
def test_download_key():
user = ScreenshotsClient()
user.login()
shot_1_url = user.create_shot(docTitle="A_TEST_SITE_1")
shot_2_url = user.create_shot(docTitle="A_TEST_SITE_2")
shot_1_page = user.read_shot(shot_1_url)
shot_2_page = user.read_shot(shot_2_url)
shot_1_download_url = shot_1_page["download_url"]
shot_2_download_url = shot_2_page["download_url"]
resp = user.session.get(shot_1_download_url)
# This should normally work:
print("Normal download URL:", shot_1_download_url)
assert resp.headers["Content-Disposition"], "Should get a proper download response"
mixed_up = shot_1_download_url.split("?")[0] + "?" + shot_2_download_url.split("?")[1]
# Getting mixed_up should fail, since the signed download parameter comes from shot_2
# but we're fetching the image from shot_1
resp = user.session.get(mixed_up)
print("Mixed-up URL:", mixed_up)
print("Response:", resp)
print("Content-Disposition header:", resp.headers.get("Content-Disposition"))
assert not resp.headers.get("Content-Disposition"), "The signature shouldn't work"
def test_set_login_cookie():
sess1 = ScreenshotsClient()
login_resp = sess1.login()
headers = {'x-screenshots-auth': login_resp.json()['authHeader']}
assert sess1.session.cookies['user'] and sess1.session.cookies['user.sig']
sess2 = ScreenshotsClient()
# Trying to login without any authentication won't work:
resp = sess2.session.post(sess2.backend + "/api/set-login-cookie")
assert resp.status_code == 401
assert not sess2.session.cookies.get('user')
resp = sess2.session.post(sess2.backend + "/api/set-login-cookie", headers=headers)
assert resp.status_code == 200
assert sess2.session.cookies['user'] and sess2.session.cookies['user.sig']
def test_put_auth():
first_user = ScreenshotsClient()
second_user = ScreenshotsClient()
first_user.login()
second_user.login()
shot_url = first_user.create_shot(docTitle="A_TEST_SITE_1")
shot_id = urlparse.urlsplit(shot_url).path.strip("/")
shot_page = first_user.read_shot(shot_url)
print(first_user.read_shot(shot_url)["clip_url"], shot_page["clip_url"])
assert first_user.read_shot(shot_url)["clip_content"] == shot_page["clip_content"]
assert "A_TEST_SITE_1" in shot_page["page"]
try:
second_user.create_shot(shot_id=shot_id, docTitle="A_TEST_SITE_2")
except requests.HTTPError as e:
if e.response.status_code != 403:
raise
else:
assert False, "Second attempt to upload should have failed"
second_shot_page = first_user.read_shot(shot_url)
assert "A_TEST_SITE_1" in second_shot_page["page"]
assert "A_TEST_SITE_2" not in second_shot_page["page"]
assert shot_page["clip_url"] == second_shot_page["clip_url"]
assert shot_page["clip_content"] == second_shot_page["clip_content"]
def test_set_login_cookie():
sess1 = ScreenshotsClient()
login_resp = sess1.login()
headers = {'x-screenshots-auth': login_resp.json()['authHeader']}
assert sess1.session.cookies['user'] and sess1.session.cookies['user.sig']
sess2 = ScreenshotsClient()
# Trying to login without any authentication won't work:
resp = sess2.session.post(sess2.backend + "/api/set-login-cookie")
assert resp.status_code == 401
assert not sess2.session.cookies.get('user')
resp = sess2.session.post(sess2.backend + "/api/set-login-cookie",
headers=headers)
assert resp.status_code == 200
assert sess2.session.cookies['user'] and sess2.session.cookies['user.sig']
def setup_shot_on_device():
user = ScreenshotsClient()
user.login()
shot_url = user.create_shot(docTitle="A_TEST_SITE_1")
return {'user': user, 'shot_url': shot_url}
def setup_shot_on_device():
user = ScreenshotsClient(hasAccount=True)
user.login()
shot_url = user.create_shot(docTitle="A_TEST_SITE_1")
return {'user': user, 'shot_url': shot_url}