def test_request_state_and_redirects(self):
# Remote HTTP connection with HTTPS disabled
request = forge_request(uri=b'http://www.globaleaks.org/')
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
# Local HTTP connection on port 8082 should be marked as not coming from Tor
request = forge_request(uri=b'http://127.0.0.1:8082/',
client_addr=IPv4Address(
'TCP', '127.0.0.1', 12345))
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
# Local HTTP connection on port 8083 should be marked as coming from Tor
request = forge_request(uri=b'http://127.0.0.1:8083/',
client_addr=IPv4Address(
'TCP', '127.0.0.1', 12345))
self.api.render(request)
self.assertTrue(request.client_using_tor)
self.assertEqual(request.responseCode, 302)
# Remote HTTP connection not coming from Tor should be redirected to HTTPS
State.tenant_cache[1].https_enabled = True
request = forge_request(uri=b'http://www.globaleaks.org/public',
client_addr=IPv4Address(
'TCP', '8.8.8.8', 12345))
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 302)
self.assertEqual(
request.responseHeaders.getRawHeaders('location')[0],
'https://www.globaleaks.org/public')
State.tenant_cache[1].https_enabled = False
def test_status_codes_assigned(self):
test_cases = [
(b'GET', 200),
(b'HEAD', 200),
(b'POST', 501),
(b'PUT', 501),
(b'DELETE', 501),
(b'XXX', 501),
(b'', 501),
]
server_headers = [
('Cache-control', 'no-cache, no-store, must-revalidate'),
('Content-Language', 'en'),
('Content-Security-Policy', 'default-src \'none\';script-src \'self\';connect-src \'self\';style-src \'self\';img-src \'self\' data:;font-src \'self\' data:;media-src \'self\';frame-ancestors \'none\';'),
('Expires', '-1'),
('Pragma', 'no-cache'),
('Referrer-Policy', 'no-referrer'),
('Server', 'Globaleaks'),
('X-Content-Type-Options', 'nosniff'),
('X-Check-Tor', 'False'),
('X-Frame-Options', 'deny'),
('X-XSS-Protection', '1; mode=block'),
]
for method, status_code in test_cases:
request = forge_request(uri=b"https://www.globaleaks.org/", method=method)
self.api.render(request)
self.assertEqual(request.responseCode, status_code)
for headerName, expectedHeaderValue in server_headers:
returnedHeaderValue = request.responseHeaders.getRawHeaders(headerName)[0]
self.assertEqual(returnedHeaderValue, expectedHeaderValue)
def test_tor_detection(self):
url = b'http://aaaaaaaaaaaaaaaa.onion/'
State.tor_exit_set.add(b'1.2.3.4')
request = forge_request(url)
self.api.render(request)
self.assertTrue(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
request = forge_request(url, client_addr=IPv4Address('TCP', '127.0.0.1', 12345))
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
State.tor_exit_set.clear()
def test_tor_detection(self):
url = b'http://aaaaaaaaaaaaaaaa.onion/'
State.tor_exit_set.add(b'1.2.3.4')
request = forge_request(url)
self.api.render(request)
self.assertTrue(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
request = forge_request(url, client_addr=IPv4Address('TCP', '127.0.0.1', 12345))
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
State.tor_exit_set.clear()
def test_request_state(self):
url = "https://www.globaleaks.org/"
request = forge_request(url)
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
request = forge_request(url, client_addr=IPv4Address('TCP', '127.0.0.1', 12345))
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
request = forge_request(uri='http://127.0.0.1:8083/', client_addr=IPv4Address('TCP', '127.0.0.1', 12345))
self.api.render(request)
self.assertTrue(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
def test_get_with_gl_language_header_and_accept_language_header_3(self):
request = forge_request(
headers={
'GL-Language': 'antani',
'Accept-Language': 'antani1,antani2;q=0.8,antani3;q=0.6'
})
self.assertEqual(self.api.detect_language(request), 'en')
def test_status_codes_assigned(self):
test_cases = [
(b'GET', 200),
(b'HEAD', 200),
(b'POST', 501),
(b'PUT', 501),
(b'DELETE', 501),
(b'XXX', 501),
(b'', 501),
]
server_headers = [
('X-Content-Type-Options', 'nosniff'),
('Expires', '-1'),
('Server', 'Globaleaks'),
('Pragma', 'no-cache'),
('Cache-control', 'no-cache, no-store, must-revalidate'),
('Referrer-Policy', 'no-referrer'),
('X-Frame-Options', 'deny')
]
for meth, status_code in test_cases:
request = forge_request(uri=b"https://www.globaleaks.org/", method=meth)
self.api.render(request)
self.assertEqual(request.responseCode, status_code)
for headerName, expectedHeaderValue in server_headers:
returnedHeaderValue = request.responseHeaders.getRawHeaders(headerName)[0]
self.assertEqual(returnedHeaderValue, expectedHeaderValue)
def test_status_codes_assigned(self):
test_cases = [
(b'GET', 200),
(b'HEAD', 200),
(b'POST', 501),
(b'PUT', 501),
(b'DELETE', 501),
(b'XXX', 501),
(b'', 501),
]
server_headers = [('X-Content-Type-Options', 'nosniff'),
('Expires', '-1'), ('Server', 'Globaleaks'),
('Pragma', 'no-cache'),
('Cache-control',
'no-cache, no-store, must-revalidate'),
('Referrer-Policy', 'no-referrer'),
('X-Frame-Options', 'deny')]
for meth, status_code in test_cases:
request = forge_request(uri=b"https://www.globaleaks.org/",
method=meth)
self.api.render(request)
self.assertEqual(request.responseCode, status_code)
for headerName, expectedHeaderValue in server_headers:
returnedHeaderValue = request.responseHeaders.getRawHeaders(
headerName)[0]
self.assertEqual(returnedHeaderValue, expectedHeaderValue)
def test_request_state(self):
url = b"https://www.globaleaks.org/"
request = forge_request(url)
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
request = forge_request(url, client_addr=IPv4Address('TCP', '127.0.0.1', 12345))
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
request = forge_request(uri=b'http://127.0.0.1:8083/', client_addr=IPv4Address('TCP', '127.0.0.1', 12345))
self.api.render(request)
self.assertTrue(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
def test_tor_detection(self):
url = 'http://1234567890123456.onion/'
GLSettings.memory_copy.onionservice = '1234567890123456.onion'
GLSettings.appstate.tor_exit_set.add('1.2.3.4')
request = forge_request(url)
self.api.render(request)
self.assertTrue(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
request = forge_request(url, client_addr=IPv4Address('TCP', '127.0.0.1', 12345))
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 200)
GLSettings.appstate.tor_exit_set.clear()
def test_https_redirect(self):
State.tenant_cache[1].https_enabled = True
State.tenant_cache[1].hostname = 'www.globaleaks.org'
request = forge_request(uri=b"https://www.globaleaks.org/", headers={'X-Tor2Web': '1'})
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 301)
location = request.responseHeaders.getRawHeaders(b'location')[0]
self.assertEqual(b'https://www.globaleaks.org/', location)
State.tenant_cache[1].https_enabled = True
State.tenant_cache[1].hostname = 'www.globaleaks.org'
request = forge_request(uri=b"http://www.globaleaks.org/public", headers={'X-Tor2Web': '1'})
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 301)
location = request.responseHeaders.getRawHeaders(b'location')[0]
self.assertEqual(b'https://www.globaleaks.org/public', location)
def test_https_redirect(self):
State.tenant_cache[1].private.https_enabled = True
State.tenant_cache[1].hostname = 'www.globaleaks.org'
request = forge_request(uri="https://www.globaleaks.org/", headers={'X-Tor2Web': '1'})
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 301)
location = request.responseHeaders.getRawHeaders(b'location')[0]
self.assertEqual('https://www.globaleaks.org/', location)
State.tenant_cache[1].private.https_enabled = True
State.tenant_cache[1].hostname = 'www.globaleaks.org'
request = forge_request(uri="http://www.globaleaks.org/public", headers={'X-Tor2Web': '1'})
self.api.render(request)
self.assertFalse(request.client_using_tor)
self.assertEqual(request.responseCode, 301)
location = request.responseHeaders.getRawHeaders(b'location')[0]
self.assertEqual('https://www.globaleaks.org/public', location)
def test_tor_redirection(self):
State.tor_exit_set.add(b'1.2.3.4')
request = forge_request(uri=b"https://www.globaleaks.org/")
self.api.render(request)
self.assertTrue(request.client_using_tor)
self.assertEqual(request.responseCode, 301)
location = request.responseHeaders.getRawHeaders(b'location')[0]
self.assertEqual(b'http://aaaaaaaaaaaaaaaa.onion/', location)
State.tor_exit_set.clear()
def test_tor_redirection(self):
State.tor_exit_set.add(b'1.2.3.4')
request = forge_request(uri=b"https://www.globaleaks.org/")
self.api.render(request)
self.assertTrue(request.client_using_tor)
self.assertEqual(request.responseCode, 301)
location = request.responseHeaders.getRawHeaders(b'location')[0]
self.assertEqual(b'http://aaaaaaaaaaaaaaaa.onion/', location)
State.tor_exit_set.clear()
def test_tor_redirection(self):
State.tor_exit_set.add('1.2.3.4')
State.tenant_cache[1].onionservice = '1234567890123456.onion'
request = forge_request(uri="https://www.globaleaks.org/")
self.api.render(request)
self.assertTrue(request.client_using_tor)
self.assertEqual(request.responseCode, 301)
location = request.responseHeaders.getRawHeaders(b'location')[0]
self.assertEqual('http://1234567890123456.onion/', location)
State.tor_exit_set.clear()
def test_status_codes_assigned(self):
test_cases = [
(b'GET', 200),
(b'POST', 405),
(b'PUT', 405),
(b'DELETE', 405),
(b'XXX', 405),
(b'', 405),
]
for meth, status_code in test_cases:
request = forge_request(uri="https://www.globaleaks.org/", method=meth)
self.api.render(request)
self.assertEqual(request.responseCode, status_code)
def test_status_codes_assigned(self):
test_cases = [(b'', 501), (b'DELETE', 501), (b'GET', 200),
(b'HEAD', 200), (b'OPTIONS', 200), (b'POST', 501),
(b'PUT', 501), (b'XXX', 501)]
server_headers = [
('Cache-control', 'no-store'),
('Content-Language', 'en'),
('Content-Security-Policy', 'default-src \'none\';' \
'script-src \'self\';' \
'connect-src \'self\';' \
'style-src \'self\';' \
'img-src \'self\' data:;' \
'font-src \'self\' data:;' \
'media-src \'self\';' \
'form-action \'self\';' \
'frame-ancestors \'none\';' \
'block-all-mixed-content'),
('Feature-Policy', 'camera \'none\';' \
'display-capture \'none\';' \
'document-domain \'none\';' \
'fullscreen \'none\';' \
'geolocation \'none\';' \
'microphone \'none\';' \
'speaker \'none\''),
('Referrer-Policy', 'no-referrer'),
('Server', 'GlobaLeaks'),
('X-Content-Type-Options', 'nosniff'),
('X-Check-Tor', 'False'),
('X-Frame-Options', 'deny'),
('X-XSS-Protection', '1; mode=block'),
]
for method, status_code in test_cases:
request = forge_request(uri=b"https://www.globaleaks.org/",
method=method)
self.api.render(request)
self.assertEqual(request.responseCode, status_code)
for headerName, expectedHeaderValue in server_headers:
returnedHeaderValue = request.responseHeaders.getRawHeaders(
headerName)[0]
self.assertEqual(returnedHeaderValue, expectedHeaderValue)
def test_get_with_gl_language_header_and_accept_language_header_1(self):
request = forge_request(headers={
'GL-Language': 'en',
'Accept-Language': 'en-US,en;q=0.8,it;q=0.6'
})
self.assertEqual(self.api.detect_language(request), 'en')
def test_get_with_accept_language_header(self):
request = forge_request(
headers={'Accept-Language': 'ar;q=0.8,it;q=0.6'})
self.assertEqual(self.api.detect_language(request), 'ar')
def test_get_with_gl_language_header(self):
request = forge_request(headers={'GL-Language': 'it'})
self.assertEqual(self.api.detect_language(request), 'it')
def test_get_with_no_language_header(self):
request = forge_request()
self.assertEqual(self.api.detect_language(request), 'en')
def test_get_with_gl_language_header(self):
request = forge_request(headers={'GL-Language': 'it'})
self.assertEqual(self.api.detect_language(request), 'it')
def test_get_with_accept_language_header(self):
request = forge_request(headers={'Accept-Language': 'ar;q=0.8,it;q=0.6'})
self.assertEqual(self.api.detect_language(request), 'ar')
def test_get_with_gl_language_header_and_accept_language_header_1(self):
request = forge_request(headers={'GL-Language': 'en',
'Accept-Language': 'en-US,en;q=0.8,it;q=0.6'})
self.assertEqual(self.api.detect_language(request), 'en')
def test_get_with_no_language_header(self):
request = forge_request()
self.assertEqual(self.api.detect_language(request), 'en')
def test_get_with_gl_language_header_and_accept_language_header_3(self):
request = forge_request(headers={'GL-Language': 'antani',
'Accept-Language': 'antani1,antani2;q=0.8,antani3;q=0.6'})
self.assertEqual(self.api.detect_language(request), 'en')