def test_remove_hop_by_hop_headers(self):
headers1 = [("Connection", "closed"), ("Foo", "bar"), ("Keep-Alive", "wtf")]
headers2 = datastructures.Headers(headers1)
http.remove_hop_by_hop_headers(headers1)
assert headers1 == [("Foo", "bar")]
http.remove_hop_by_hop_headers(headers2)
assert headers2 == datastructures.Headers([("Foo", "bar")])
def test_remove_hop_by_hop_headers(self):
headers1 = [('Connection', 'closed'), ('Foo', 'bar'),
('Keep-Alive', 'wtf')]
headers2 = datastructures.Headers(headers1)
http.remove_hop_by_hop_headers(headers1)
assert headers1 == [('Foo', 'bar')]
http.remove_hop_by_hop_headers(headers2)
assert headers2 == datastructures.Headers([('Foo', 'bar')])
def test_remove_entity_headers(self):
now = http.http_date()
headers1 = [('Date', now), ('Content-Type', 'text/html'), ('Content-Length', '0')]
headers2 = datastructures.Headers(headers1)
http.remove_entity_headers(headers1)
assert headers1 == [('Date', now)]
http.remove_entity_headers(headers2)
assert headers2 == datastructures.Headers([(u'Date', now)])
def test_remove_entity_headers(self):
now = http.http_date()
headers1 = [
("Date", now),
("Content-Type", "text/html"),
("Content-Length", "0"),
]
headers2 = datastructures.Headers(headers1)
http.remove_entity_headers(headers1)
assert headers1 == [("Date", now)]
http.remove_entity_headers(headers2)
assert headers2 == datastructures.Headers([("Date", now)])
def test_cookie_unicode_dumping(self):
val = http.dump_cookie('foo', u'\N{SNOWMAN}')
h = datastructures.Headers()
h.add('Set-Cookie', val)
assert h['Set-Cookie'] == 'foo="\\342\\230\\203"; Path=/'
cookies = http.parse_cookie(h['Set-Cookie'])
assert cookies['foo'] == u'\N{SNOWMAN}'
def test_cookie_unicode_dumping(self):
val = http.dump_cookie("foo", "\N{SNOWMAN}")
h = datastructures.Headers()
h.add("Set-Cookie", val)
assert h["Set-Cookie"] == 'foo="\\342\\230\\203"; Path=/'
cookies = http.parse_cookie(h["Set-Cookie"])
assert cookies["foo"] == "\N{SNOWMAN}"
def test_extend(self):
h = self.storage_class([("a", "0"), ("b", "1"), ("c", "2")])
h.extend(ds.Headers([("a", "3"), ("a", "4")]))
assert h.getlist("a") == ["0", "3", "4"]
h.extend(b=["5", "6"])
assert h.getlist("b") == ["1", "5", "6"]
h.extend({"c": "7", "d": ["8", "9"]}, c="10")
assert h.getlist("c") == ["2", "7", "10"]
assert h.getlist("d") == ["8", "9"]
with pytest.raises(TypeError):
h.extend({"x": "x"}, {"x": "x"})
def test_update(self):
h = self.storage_class([("a", "0"), ("b", "1"), ("c", "2")])
h.update(datastructures.Headers([("a", "3"), ("a", "4")]))
assert h.getlist("a") == ["3", "4"]
h.update(b=["5", "6"])
assert h.getlist("b") == ["5", "6"]
h.update({"c": "7", "d": ["8", "9"]})
assert h.getlist("c") == ["7"]
assert h.getlist("d") == ["8", "9"]
h.update({"c": "10"}, c="11")
assert h.getlist("c") == ["11"]
with pytest.raises(TypeError):
h.extend({"x": "x"}, {"x": "x"})
def testGetSessionWithApiKey(self):
"""Test that an API Key can be used to make requests."""
key = '41' * 16
headers = datastructures.Headers()
headers.add('X-SCOREBOARD-API-KEY', key)
with self.client as c:
with self.queryLimit(1):
with mock.patch.object(models.User,
'get_by_api_key') as getter:
getter.return_value = self.admin_client.user
resp = c.get(self.PATH, headers=headers)
getter.assert_called_once_with(key)
self.assert200(resp)
self.assertEqual(flask.g.user.email, self.admin_client.user.email)
self.assertEqual(flask.g.uid, self.admin_client.user.uid)
self.assertTrue(flask.g.admin)
self.assertEqual(self.admin_client.user.nick,
resp.json['user']['nick'])
self.assertTrue(resp.json['user']['admin'])
def serve_static_files(request):
"""Serve a static file."""
# First, match the path against the regex.
matcher = re.match(url_re, request.path)
# Just for safety - the dispatcher should have matched this
if not matcher:
logging.error('Static file handler found no match for %s',
request.path)
return wrappers.Response(status=httplib.NOT_FOUND)
# Use the match and the files regex backref to choose a filename.
filename = matcher.expand(files_mapping)
# Check to see if the normalized path matched is in the upload regex.
# This provides path traversal protection, although apps running on
# Google servers are protected by the Google frontend (GFE)'s own path
# traversal protection as well.
if not re.match(upload_re, os.path.normpath(filename)):
logging.warn('Requested filename %s not in `upload`', filename)
return wrappers.Response(status=httplib.NOT_FOUND)
try:
fp = open(filename, 'rb')
# fp is not closed in this function as it is handed to the WSGI
# server directly.
except IOError:
logging.warn('Requested non-existent filename %s', filename)
return wrappers.Response(status=httplib.NOT_FOUND)
headers = datastructures.Headers()
if http_headers:
headers.extend(http_headers)
elif expiration:
expires = datetime.datetime.now() + expiration
headers['Expires'] = http.http_date(expires)
wrapped_file = wsgi.wrap_file(request.environ, fp)
return wrappers.Response(wrapped_file,
direct_passthrough=True,
mimetype=mime_type
or mimetypes.guess_type(filename)[0],
headers=headers)
def testGetSessionWithBadApiKey(self):
"""Test that an API Key with the wrong value does not work."""
key = '41' * 16
for key in ('41' * 16, '41' * 18, '41' * 15, '55' * 16, ''):
headers = datastructures.Headers()
headers.add('X-SCOREBOARD-API-KEY', key)
with self.client as c:
with self.queryLimit(1):
with mock.patch.object(models.User,
'get_by_api_key') as getter:
getter.return_value = None
resp = c.get(self.PATH, headers=headers)
if len(key) == 32:
getter.assert_called_once_with(key)
else:
getter.assert_not_called()
self.assert403(resp)
with self.assertRaises(AttributeError):
_ = flask.g.user
self.assertIsNone(flask.g.uid)
def get_csrf_token_header(self):
resp = self.app.get('/api/v1/csrf-token')
headers = datastructures.Headers()
headers.add('X-CSRF-Token', json.loads(resp.get_data())['token'])
return headers