def test_WrongPaths(self):
"""
Test path hacks for chrooting
"""
assert self.client.login( username='******', password='******' )
link = urlbilder( u'images', 5, p=u"Test Folder" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert escape( u"No such file lib or you don't have permissions" ) in unicode( resp.content, errors='ignore' )
link = urlbilder( u'images', self.lib.id, p=u"NO Folder" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert escape( u"path 'NO Folder' doesn't exist or it isn't a directory" ) in unicode( resp.content, errors='ignore' )
link = urlbilder( u'resize', 5, u"1280x720", p=u"fantasy-world.jpeg" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert escape( u"No such file lib or you don't have permissions" ) in unicode( resp.content, errors='ignore' )
link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"none.jpeg" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 404
# file exists but not jpg|jpeg
link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"content.txt" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 404
def test_Upload_Files_Allowed(self):
"""
Test settings.LIMITED_FILES_ALLOWED
"""
settings.LIMITED_ANONYMOUS = True
file0 = self.storage.open( u"content.txt" )
self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file0]} )
file0.close( )
assert self.storage.exists( u"Test Folder/content.txt" ) == False
self.client.login( username='******', password='******' )
self.storage.extra.create( u"test.rar", "XXX" * 2 ** 4 )
file1 = self.storage.open( u"test.rar" )
self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file1]} )
file1.close( )
assert self.storage.exists( u"Test Folder/test.rar" ) == False
settings.LIMITED_FILES_ALLOWED['ONLY'] = ['.+\.txt']
file2 = self.storage.open( u"Фото 007.bin" )
self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file2]} )
file2.close( )
assert self.storage.exists( u"Test Folder/Фото 007.bin" ) == False
file3 = self.storage.open( u"content.txt" )
self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file3]} )
file3.close( )
assert self.storage.exists( u"Test Folder/content.txt" ) == True
def test_urlbilder(self):
assert urlbilder('action', 2, "add") == "/lib2/action/add/"
assert urlbilder('link', "hxhxhxhxhx",
r='2') == "/link/hxhxhxhxhx/?r=2"
assert urlbilder('link', "habr", r='/path/') == "/link/habr/?r=/path/"
assert urlbilder('action', 2, "add", p='test',
n='new dir') == "/lib2/action/add/?p=test&n=new%20dir"
def test_GalleryView(self):
"""
Test status code of gallery with login and not
"""
link = urlbilder( u'images', self.lib.id, p=u"Test Folder" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert escape( u"Login form" ) in unicode( resp.content, errors='ignore' )
assert self.client.login( username='******', password='******' )
link = urlbilder( u'images', self.lib.id, p=u"Test Folder" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
def test_PathHacks(self):
"""
Test path hacks for chrooting
"""
assert self.client.login( username='******', password='******' )
link = urlbilder( u'images', self.lib.id, p=u"../" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert escape( u"IOError" ) in unicode( resp.content, errors='ignore' )
link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"../fantasy-world.jpeg" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert escape( u"IOError" ) in unicode( resp.content, errors='ignore' )
def test_Dosnt_Exists(self):
"""
Test Error doesn't exist of file or FileLib
"""
assert self.client.login(username='******', password='******')
resp = self.client.get(urlbilder('browser', self.lib.id, p="None"))
assert resp.status_code == 200
assert escape(
u"path 'None' doesn't exist or it isn't a directory") in unicode(
resp.content, errors='ignore')
resp = self.client.get(urlbilder('browser', 10, p="None"))
assert resp.status_code == 200
assert escape(
u"No such file lib or you don't have permissions") in unicode(
resp.content, errors='ignore')
def test_Add(self):
"""
Test action add.
Create directory and upload file.
"""
url = u"http://www.google.ru/images/srpr/logo3w.png"
link_mkdir = urlbilder( 'action', self.lib.id, 'add', n='New dir', p='' )
link_url = urlbilder( 'action', self.lib.id, 'add', n=url, p='' )
self.client.login( username='******', password='******' )
resp = self.client.get( link_mkdir, follow=True )
assert resp.status_code == 200
assert self.storage.exists( u"New dir" ) == True
resp = self.client.get( link_url, follow=True )
assert resp.status_code == 200
assert self.storage.exists( u"logo3w.png" ) == True
def test_Zip(self):
"""
Test folder to zip/unzip
"""
self.client.login( username='******', password='******' )
self.storage.extra.create( u"Test Folder/test.txt", "double" )
link = urlbilder( 'action', self.lib.id, 'zip', p=u"Test Folder" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert self.storage.exists( u"Test Folder.zip" ) == True
self.storage.remove( u"Test Folder" )
link = urlbilder( 'action', self.lib.id, 'zip', p=u"Test Folder.zip" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert self.storage.exists( u"Test Folder" ) == True
assert self.storage.exists( u"Test Folder/test.txt" ) == True
def test_Anon_Trash(self):
"""
Test Trash of file libs for Anonymous
"""
self.setAnonymous(True)
resp = self.client.get(urlbilder('trash', self.lib2.id))
assert resp.status_code == 200
assert resp.context['files'].__len__() == 0
resp = self.client.get(urlbilder('trash', self.lib.id))
assert resp.status_code == 200
assert resp.context['files'].__len__() == 1
resp = self.client.get(urlbilder('trash', 10))
assert resp.status_code == 200
assert escape(
u"No such file lib or you don't have permissions") in unicode(
resp.content, errors='ignore')
def test_Chroot(self):
"""
Test to inject in path something like that '../'
"""
self.client.login( username='******', password='******' )
for item in ['../', 'Test Folder/../../', '/', '/home', ]:
link = urlbilder( 'browser', self.lib.id, p=item )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert "IOError" in resp.content, link
def test_Admin_History(self):
"""
Test History of History for Admin
"""
assert self.client.login(username='******', password='******')
resp = self.client.get(urlbilder('history', self.lib2.id))
assert resp.status_code == 200
assert resp.context['history'].__len__() == 0
resp = self.client.get(urlbilder('history', self.lib.id))
assert resp.status_code == 200
assert resp.context['history'].__len__() == 3
resp = self.client.get(urlbilder('history', 10))
assert resp.status_code == 200
assert escape(
u"No such file lib or you don't have permissions") in unicode(
resp.content, errors='ignore')
def test_LinkToGallery(self):
"""
Test status code of resize view
"""
assert self.client.login( username='******', password='******' )
link = urlbilder( 'browser', self.lib.id, p='Test Folder' )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert escape( u"View in a gallery" ) in unicode( resp.content, errors='ignore' )
def test_Upload(self):
"""
Test Upload files
"""
file1 = self.storage.open( u"content.txt" )
self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file1]} )
file1.close( )
assert self.storage.exists( u"Test Folder/content.txt" ) == False
self.client.login( username='******', password='******' )
file1 = self.storage.open( u"content.txt" )
self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file1]} )
file1.close( )
assert self.storage.exists( u"Test Folder/content.txt" ) == True
file1 = self.storage.open( u"content.txt" )
file2 = self.storage.open( u"Фото 007.bin" )
self.storage.extra.create( u"test.io.text", "double" )
file3 = self.storage.open( u"test.io.text" )
self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file1, file2, file3]} )
file1.close( )
file2.close( )
file3.close( )
assert self.storage.exists( u"Test Folder/content.txt" ) == True
assert self.storage.exists( u"Test Folder/Фото 007.bin" ) == True
assert self.storage.exists( u"Test Folder/test.io.text" ) == True
self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': []} )
his = self.getLastHistory( )
assert len( his.files ) == 3
assert his.files[0] == u"content.txt"
assert his.files[1] == u"Фото 007.bin"
assert his.files[2] == u"test.io.text"
name = u"1a+-(_).t2t"
self.storage.extra.create( name, "double" )
file4 = self.storage.open( name )
self.client.post( urlbilder( u'upload', self.lib.id ), {'p': 'Test Folder', 'files': [file4]} )
file4.close( )
assert self.storage.exists( u"Test Folder/{0}".format( name ) ) == True
def test_Admin_Trash(self):
"""
Test Trash of file libs for Admin
"""
assert self.client.login(username='******', password='******')
if self.storage2.exists(settings.LIMITED_TRASH_PATH):
self.storage2.remove(settings.LIMITED_TRASH_PATH)
resp = self.client.get(urlbilder('trash', self.lib2.id))
assert self.storage2.exists(settings.LIMITED_TRASH_PATH) == True
assert resp.status_code == 200
assert resp.context['files'].__len__() == 0
resp = self.client.get(urlbilder('trash', self.lib.id))
assert resp.status_code == 200
assert resp.context['files'].__len__() == 1
resp = self.client.get(urlbilder('trash', 10))
assert resp.status_code == 200
assert escape(
u"No such file lib or you don't have permissions") in unicode(
resp.content, errors='ignore')
def test_ResizeView(self):
"""
Test status code of reisze view with login and not
"""
link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"Test Folder/fantasy-world.jpeg" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert escape( u"Login form" ) in unicode( resp.content, errors='ignore' )
assert self.client.login( username='******', password='******' )
link = urlbilder( u'resize', self.lib.id, u"1280x720", p=u"Test Folder/fantasy-world.jpeg" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
assert self.client.login( username='******', password='******' )
link = urlbilder( u'resize', self.lib.id, u"200x200xC", p=u"Test Folder/fantasy-world.jpeg" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 200
# ResizeOptionsError
assert self.client.login( username='******', password='******' )
link = urlbilder( u'resize', self.lib.id, u"200d200xC", p=u"Test Folder/fantasy-world.jpeg" )
resp = self.client.get( link, follow=True )
assert resp.status_code == 404
def test_Clear(self):
"""
Test ActionClear.
test with not stuff user and with administrator
"""
link_cache = urlbilder( u'clear', self.lib.id, u'cache' )
link_trash = urlbilder( u'clear', self.lib.id, u'trash' )
file_cache = FilePath.join( settings.LIMITED_CACHE_PATH, u"test.bin" )
file_trash = FilePath.join( settings.LIMITED_TRASH_PATH, u"test.bin" )
self.storage.extra.create( file_cache, u"Test" )
self.storage.extra.create( file_trash, u"Test" )
self.client.login( username='******', password='******' )
resp = self.client.get( link_cache, follow=True )
assert resp.status_code == 200
assert escape( u"You have no permission to clear cache" ) in unicode( resp.content, errors='ignore' )
assert self.storage.exists( file_cache ) == True
resp = self.client.get( link_trash, follow=True )
assert resp.status_code == 200
assert escape( u"You have no permission to clear trash" ) in unicode( resp.content, errors='ignore' )
assert self.storage.exists( file_trash ) == True
self.client.login( username='******', password='******' )
resp = self.client.get( link_cache )
assert resp.status_code == 302
assert self.storage.exists( file_cache ) == False
resp = self.client.get( link_trash )
assert resp.status_code == 302
assert self.storage.exists( file_trash ) == False
def test_Anon_Redirects(self):
"""
Test redirect to login page when user is Anonymous
and settings.LIMITED_ANONYMOUS = False
"""
assert self.client.get('/').status_code == 302
assert self.client.get(urlbilder('browser', 1)).status_code == 302
assert self.client.get(urlbilder('trash', 1)).status_code == 302
assert self.client.get(urlbilder('history', 1)).status_code == 302
assert self.client.get(urlbilder('action', 1, 'delete',
p='')).status_code == 302
assert self.client.get(urlbilder('clear', 1,
'cache')).status_code == 302
assert self.client.get(urlbilder('download', 1)).status_code == 302
assert self.client.get(urlbilder('upload', 1)).status_code == 302
def test_Path_Arr(self):
"""
Test ``class="breadcrumbs"`` in html or ``patharr`` in template interpretation.
The order is not important because we already check it in ``CodeTest.test_split_path``
"""
self.client.login(username='******', password='******')
link = urlbilder('browser',
self.lib2.id,
p='limited/core/templatetags')
resp = self.client.get(link)
assert resp.status_code == 200
assert '<a href="/">#Home</a>' in resp.content
assert '<a href="/lib1/">FileManager</a>' in resp.content
assert '<a href="/lib1/?p=limited">limited</a>' in resp.content
assert 'templatetags' in resp.content
def test_Feeds(self):
"""
Test that check feed exists for anon
"""
self.setAnonymous(True)
rss_token = Profile.objects.get(user=self.data.UserB7W).rss_token
Home.objects.filter(user=self.data.UserAnon,
lib=self.data.LibTest).delete()
def assertFeed(link, count):
"""
Simple helper to assert status code and count '<item>' in html code
:param link: full link to page
:param count: right count of '<item>'
:return: None
"""
resp = self.client.get(link)
assert resp.status_code == 200
assert unicode(resp.content,
errors='ignore').count(u"<item>") == count
link_anon = urlbilder('rss.user.anon')
link_all = urlbilder('rss.user.all', rss_token)
link_fm = urlbilder('rss.user.lib', rss_token, self.data.LibFM.id)
link_test = urlbilder('rss.user.lib', rss_token, self.data.LibTest.id)
assertFeed(link_anon, 0)
History(user=self.data.UserAnon,
lib=self.data.LibFM,
type=3,
path=u"Фото 070.jpg").save()
assertFeed(link_anon, 1)
assertFeed(link_fm, 1)
assertFeed(link_test, 3)
assertFeed(link_all, 4)
resp = self.client.get(urlbilder('rss.user.all', u'none_exists'))
assert resp.status_code == 404
resp = self.client.get(urlbilder('rss.user.lib', rss_token, 100))
assert resp.status_code == 404
def test_Download(self):
"""
Test response of download page
"""
self.client.login(username='******', password='******')
link = urlbilder(u'download', self.lib.id, p=u'No Folder')
resp = self.client.get(link)
assert resp.status_code == 200
assert escape(u"No file or directory find") in unicode(resp.content,
errors='ignore')
link = urlbilder(u'download', self.lib.id, p=u'content.txt')
resp = self.client.get(link)
assert resp.status_code == 200
link = urlbilder(u'download', self.lib.id, p=u'Test Folder')
resp = self.client.get(link)
assert resp.status_code == 200
link = urlbilder(u'link', u"no_such_hash")
resp = self.client.get(link)
assert resp.status_code == 200
assert escape(
u"such object does not exists or link is out of time") in unicode(
resp.content, errors='ignore')
hash = Link.objects.get(id=1).hash
link = urlbilder('link', hash)
resp = self.client.get(link)
assert resp.status_code == 200
Link.objects.filter(id=1).update(path="No File")
hash = Link.objects.get(id=1).hash
link = urlbilder('link', hash)
resp = self.client.get(link)
assert resp.status_code == 200
assert escape(u"No file or directory find") in unicode(resp.content,
errors='ignore')
def upload():
opn = self.storage.open
with opn(u"test1.txt") as f1, opn(u"test2.txt") as f2:
self.client.post(urlbilder(u'upload', self.lib.id), {'p': 'Test Folder', 'files': [f1, f2]})
assert self.storage.exists(u"Test Folder/test1.txt") == True
assert self.storage.exists(u"Test Folder/test2.txt") == True
def test_Login(self):
"""
Test login page and redirect to login page
"""
resp = self.client.get(urlbilder('login'))
assert resp.status_code == 200
def test_Anon_Action(self):
"""
Test Action for Anonymous
in ID1: FileManager
with ID5: Edit False, Move False, Delete False, Create True, Upload False, Http_get False,
"""
self.setAnonymous(True)
storage = self.lib2.getStorage()
# add True
link = urlbilder('action', self.lib2.id, "add", p='', n='new dir')
resp = self.client.get(link, follow=True)
assert resp.status_code == 200
assert resp.context['messages'].__len__() == 1
assert 'created' in [
m.message for m in list(resp.context['messages'])
][0]
storage.remove(FilePath.join('', 'new dir'))
# delete False
link = urlbilder('action', self.lib2.id, "delete", p=u"Фото 007.bin")
resp = self.client.get(link, follow=True)
assert resp.status_code == 200
assert resp.context['messages'].__len__() == 1
assert 'You have no permission' in [
m.message for m in list(resp.context['messages'])
][0]
# trash False
link = urlbilder('action', self.lib2.id, "trash", p=u"Фото 007.bin")
resp = self.client.get(link, follow=True)
assert resp.status_code == 200
assert resp.context['messages'].__len__() == 1
assert 'You have no permission' in [
m.message for m in list(resp.context['messages'])
][0]
# rename False
link = urlbilder('action',
self.lib2.id,
"rename",
p=u"Фото 007.bin",
n='Фото070.jpg')
resp = self.client.get(link, follow=True)
assert resp.status_code == 200
assert resp.context['messages'].__len__() == 1
assert 'You have no permission' in [
m.message for m in list(resp.context['messages'])
][0]
# move False
link = urlbilder('action',
self.lib2.id,
"move",
p=u"Фото 007.bin",
n='/')
resp = self.client.get(link, follow=True)
assert resp.status_code == 200
assert resp.context['messages'].__len__() == 1
assert 'You have no permission' in [
m.message for m in list(resp.context['messages'])
][0]
# link True
link = urlbilder('action', self.lib2.id, "link", p=u"Фото 007.bin")
resp = self.client.get(link, follow=True)
assert resp.status_code == 200
assert resp.context['messages'].__len__() == 1
assert 'link' in [m.message for m in list(resp.context['messages'])][0]
# zip False
link = urlbilder('action', self.lib2.id, "zip", p=u"Фото 007.bin")
resp = self.client.get(link, follow=True)
assert resp.status_code == 200
assert resp.context['messages'].__len__() == 1
assert 'You have no permission' in [
m.message for m in list(resp.context['messages'])
][0]
# size very simple dir test
link = urlbilder('action', self.lib2.id, "size", p='docs')
resp = self.client.get(link, follow=True)
assert resp.status_code == 200
size = filesizeformat(storage.size('docs', dir=True, cached=False))
assert size == resp.content.strip()
def item_link(self, item):
return urlbilder(u"browser", item.lib_id, p=item.path, hl=item.hash())
def UploadView( request, id ):
"""
Files upload to
POST 'h' - home id, 'p' - path, 'files'
"""
if request.user.is_anonymous( ) and not settings.LIMITED_ANONYMOUS:
return HttpResponseRedirect( '%s?next=%s' % (settings.LOGIN_URL, request.path) )
lib_id = int( id )
path = request.POST['p']
if not FilePath.check(path, norm=True):
logger.error( u"Files. Path check fail. home_id:{0}, path:{1}".format( lib_id, path ) )
return RenderError( request, u"IOError, Permission denied" )
if request.method == u"POST":
file_paths = []
try:
# file paths to delete them after any Exception
home = get_home( request.user, lib_id )
if not home.permission.upload:
raise PermissionError( u"You have no permission to upload" )
user = get_user( request.user )
storage = home.lib.getStorage( )
files = request.FILES.getlist( u'files' )
if not len( files ):
messages.warning( request, u"No any files selected" )
return HttpResponseReload( request )
for file in files:
if not check_file_name( file.name ):
raise PermissionError( settings.LIMITED_FILES_MESSAGE.format( file.name ) )
history = History( user=user, lib=home.lib, type=History.UPLOAD, path=path )
for file in files:
fool_path = FilePath.join( path, file.name )
name = storage.save( fool_path, file )
file_paths.append( name )
history.files = [FilePath.name( i ) for i in file_paths]
history.save( )
if settings.LIMITED_EMAIL_NOTIFY['ENABLE']:
domain = Site.objects.get_current( ).domain
link = urlbilder( u"browser", lib_id, p=history.path )
libs = Home.objects.filter( lib_id=lib_id )
users = [i.user_id for i in libs]
notify = MailFileNotify( )
notify.body = u"New files upload to '{0}' by user {1}\n".format(path or '/', history.user)
notify.body += u"Link http://{0}{1}&hl={2}\n".format(domain, link, history.hash())
notify.files = [i.name for i in files]
notify.users = users
# Hack to stay in one thread and test mail.outbox
notify.run( ) if settings.TEST else notify.start( )
except ObjectDoesNotExist:
logger.error( u"Upload. No such file lib or you don't have permissions. home_id:{0}".format( lib_id ) )
return RenderError( request, u"No such file lib or you don't have permissions" )
except PermissionError as e:
logger.info( u"Upload. {0}. home_id:{1}, path:{2}".format( e, lib_id, path ) )
messages.error( request, e )
except Exception:
for file in file_paths:
if storage.exists( file ):
storage.remove( file )
raise
return HttpResponseReload( request )
def dir_trash(self, obj):
size = filesizeformat(obj.get_trash_size())
url = urlbilder(u'clear', obj.id, u'trash')
return u'{0} / <a href="{1}">clear</a>'.format(size, url)
