def test_bad_id(): user = ScreenshotsClient() user.login() try: try: user.create_shot(shot_id="!!!/test.com") except HTTPError, e: if e.response.status_code != 400: raise finally: user.delete_account()
def test_put_large_image(): user = ScreenshotsClient() user.login() try: try: user.create_shot(pad_image_to_length=100 * 1000 * 1000) except HTTPError, e: if e.response.status_code != 413: raise finally: user.delete_account()
def test_update(): user = ScreenshotsClient() user.login() shot_url = user.create_shot(docTitle="A_TEST_SITE_1", image_index=0) shot_page = user.read_shot(shot_url) assert "A_TEST_SITE_1" in shot_page["page"] shot_id = urlparse.urlsplit(shot_url).path.strip("/") user.create_shot(shot_id=shot_id, docTitle="A_TEST_SITE_2", image_index=1) later_shot_page = user.read_shot(shot_url) assert "A_TEST_SITE_2" in later_shot_page["page"] assert later_shot_page["clip_content"] assert later_shot_page["clip_content"] != shot_page["clip_content"] assert later_shot_page["clip_url"] != shot_page["clip_url"]
def test_put_auth(): first_user = ScreenshotsClient() second_user = ScreenshotsClient() first_user.login() second_user.login() shot_url = first_user.create_shot(docTitle="A_TEST_SITE_1") shot_id = urlparse.urlsplit(shot_url).path.strip("/") shot_page = first_user.read_shot(shot_url) print(first_user.read_shot(shot_url)["clip_url"], shot_page["clip_url"]) assert first_user.read_shot( shot_url)["clip_content"] == shot_page["clip_content"] assert "A_TEST_SITE_1" in shot_page["page"] try: second_user.create_shot(shot_id=shot_id, docTitle="A_TEST_SITE_2") except requests.HTTPError, e: if e.response.status_code != 403: raise
def test_scopes(): user = ScreenshotsClient() user.login() abtests = user.session.cookies["abtests"] abtests_sig = user.session.cookies["abtests.sig"] print(abtests, abtests_sig) shot = user.create_shot(docTitle="A_TEST_SITE") page = user.read_shot(shot) download_url = page["download_url"] resp = user.session.get(download_url) assert resp.headers.get("Content-Disposition") mixed_up = "%s?download=%s&sig=%s" % ( download_url.split("?")[0], urllib.quote(abtests), urllib.quote(abtests_sig), ) resp = user.session.get(mixed_up) assert not resp.headers.get("Content-Disposition")
def test_leave_screenshots_clears_csrf_cookie(): user = ScreenshotsClient() user.login() leave_resp = user.session.get(user.backend + "/leave-screenshots/") assert leave_resp.status_code == 200 assert_httponly_csrf_cookie(user.session) page = leave_resp.text csrf_match = re.search(r'<input.*name="_csrf".*value="([^"]*)"', page) csrf = csrf_match.group(1) first_csrf_cookie = user.session.cookies.get('_csrf') resp = user.session.post(urljoin(user.backend, "/leave-screenshots/leave"), json={"_csrf": csrf}) assert resp.status_code == 200 assert first_csrf_cookie != user.session.cookies.get('_csrf')
def test_leave_screenshots_clears_csrf_cookie(): user = ScreenshotsClient() user.login() leave_resp = user.session.get(user.backend + "/leave-screenshots/") assert leave_resp.status_code == 200 assert_httponly_csrf_cookie(user.session) page = leave_resp.text csrf_match = re.search(r'<input.*name="_csrf".*value="([^"]*)"', page) csrf = csrf_match.group(1) first_csrf_cookie = user.session.cookies.get('_csrf') resp = user.session.post( urljoin(user.backend, "/leave-screenshots/leave"), json={"_csrf": csrf}) assert resp.status_code == 200 assert first_csrf_cookie != user.session.cookies.get('_csrf')
def test_download_key(): user = ScreenshotsClient() user.login() shot_1_url = user.create_shot(docTitle="A_TEST_SITE_1") shot_2_url = user.create_shot(docTitle="A_TEST_SITE_2") shot_1_page = user.read_shot(shot_1_url) shot_2_page = user.read_shot(shot_2_url) shot_1_download_url = shot_1_page["download_url"] shot_2_download_url = shot_2_page["download_url"] resp = user.session.get(shot_1_download_url) # This should normally work: print("Normal download URL:", shot_1_download_url) assert resp.headers["Content-Disposition"], "Should get a proper download response" mixed_up = shot_1_download_url.split("?")[0] + "?" + shot_2_download_url.split("?")[1] # Getting mixed_up should fail, since the signed download parameter comes from shot_2 # but we're fetching the image from shot_1 resp = user.session.get(mixed_up) print("Mixed-up URL:", mixed_up) print("Response:", resp) print("Content-Disposition header:", resp.headers.get("Content-Disposition")) assert not resp.headers.get("Content-Disposition"), "The signature shouldn't work"
def test_set_login_cookie(): sess1 = ScreenshotsClient() login_resp = sess1.login() headers = {'x-screenshots-auth': login_resp.json()['authHeader']} assert sess1.session.cookies['user'] and sess1.session.cookies['user.sig'] sess2 = ScreenshotsClient() # Trying to login without any authentication won't work: resp = sess2.session.post(sess2.backend + "/api/set-login-cookie") assert resp.status_code == 401 assert not sess2.session.cookies.get('user') resp = sess2.session.post(sess2.backend + "/api/set-login-cookie", headers=headers) assert resp.status_code == 200 assert sess2.session.cookies['user'] and sess2.session.cookies['user.sig']
def test_put_auth(): first_user = ScreenshotsClient() second_user = ScreenshotsClient() first_user.login() second_user.login() shot_url = first_user.create_shot(docTitle="A_TEST_SITE_1") shot_id = urlparse.urlsplit(shot_url).path.strip("/") shot_page = first_user.read_shot(shot_url) print(first_user.read_shot(shot_url)["clip_url"], shot_page["clip_url"]) assert first_user.read_shot(shot_url)["clip_content"] == shot_page["clip_content"] assert "A_TEST_SITE_1" in shot_page["page"] try: second_user.create_shot(shot_id=shot_id, docTitle="A_TEST_SITE_2") except requests.HTTPError as e: if e.response.status_code != 403: raise else: assert False, "Second attempt to upload should have failed" second_shot_page = first_user.read_shot(shot_url) assert "A_TEST_SITE_1" in second_shot_page["page"] assert "A_TEST_SITE_2" not in second_shot_page["page"] assert shot_page["clip_url"] == second_shot_page["clip_url"] assert shot_page["clip_content"] == second_shot_page["clip_content"]
def setup_shot_on_device(): user = ScreenshotsClient() user.login() shot_url = user.create_shot(docTitle="A_TEST_SITE_1") return {'user': user, 'shot_url': shot_url}
def setup_shot_on_device(): user = ScreenshotsClient(hasAccount=True) user.login() shot_url = user.create_shot(docTitle="A_TEST_SITE_1") return {'user': user, 'shot_url': shot_url}