class DirectoryTopicFilterTest(TestCase): def setUp(self): self.directory = DirectoryPageFactory() # set up topics pf = TopicFactory(title='Press Freedom') irs = TopicFactory(title='IRS') pf.save() irs.save() # set up instances that are children of the directory and have those topics self.pf_instance = DirectoryEntryFactory(parent=self.directory) self.pf_instance.topics.add(pf) self.pf_instance.save() self.irs_instance = DirectoryEntryFactory(parent=self.directory) self.irs_instance.topics.add(irs) self.irs_instance.save() self.topic_filter = {'topics': pf} def test_topic_filtered_for_is_in_queryset(self): filtered_instances = self.directory.get_instances( filters=self.topic_filter) self.assertIn(self.pf_instance, filtered_instances) def test_topic_not_filtered_for_is_not_in_queryset(self): filtered_instances = self.directory.get_instances( filters=self.topic_filter) self.assertNotIn(self.irs_instance, filtered_instances)
def handle(self, *args, **options): number_of_instances = options['number_of_instances'] home_page = HomePage.objects.get(slug='home') directory = DirectoryPage.objects.first() if not directory: directory = DirectoryPageFactory(parent=home_page, title="Directory") directory.save() for i in range(number_of_instances): instance = DirectoryEntryFactory(parent=directory) if i % 3 == 0: scan = ScanResultFactory( securedrop=instance, landing_page_url=instance.landing_page_url, no_failures=True, ) elif i % 3 == 1: scan = ScanResultFactory( securedrop=instance, landing_page_url=instance.landing_page_url, severe_warning=True, ) else: scan = ScanResultFactory( securedrop=instance, landing_page_url=instance.landing_page_url, moderate_warning=True, ) scan.save() instance.save()
class DirectoryCountryFilterTest(TestCase): def setUp(self): self.directory = DirectoryPageFactory() # set up countries mexico = CountryFactory(title='Mexico') azerbaijan = CountryFactory(title='Azerbaijan') mexico.save() azerbaijan.save() # set up instances that are children of the directory and have those countries self.mexico_instance = DirectoryEntryFactory(parent=self.directory) self.mexico_instance.countries.add(mexico) self.mexico_instance.save() self.azerbaijan_instance = DirectoryEntryFactory(parent=self.directory) self.azerbaijan_instance.countries.add(azerbaijan) self.azerbaijan_instance.save() self.country_filter = {'countries': mexico} def test_country_filtered_for_is_in_queryset(self): filtered_instances = self.directory.get_instances( filters=self.country_filter) self.assertIn(self.mexico_instance, filtered_instances) def test_country_not_filtered_for_is_not_in_queryset(self): filtered_instances = self.directory.get_instances( filters=self.country_filter) self.assertNotIn(self.azerbaijan_instance, filtered_instances)
def setUp(self): self.directory = DirectoryPageFactory() self.best_instance = DirectoryEntryFactory(title="Best Instansce", parent=self.directory) self.worst_instance = DirectoryEntryFactory(title="Worst Instance", parent=self.directory) self.search_filter = {'title__icontains': 'best'}
class DirectoryLanguageFilterTest(TestCase): def setUp(self): self.directory = DirectoryPageFactory() # set up languages spanish = LanguageFactory(title='Spanish') chinese = LanguageFactory(title='Chinese') spanish.save() chinese.save() # set up instances that are children of the directory and have those languages self.spanish_instance = DirectoryEntryFactory(parent=self.directory) self.spanish_instance.languages.add(spanish) self.spanish_instance.save() self.chinese_instance = DirectoryEntryFactory(parent=self.directory) self.chinese_instance.languages.add(chinese) self.chinese_instance.save() self.lang_filter = {'languages': spanish} def test_language_filtered_for_is_in_queryset(self): filtered_instances = self.directory.get_instances( filters=self.lang_filter) self.assertIn(self.spanish_instance, filtered_instances) def test_langauge_not_filtered_for_is_not_in_queryset(self): filtered_instances = self.directory.get_instances( filters=self.lang_filter) self.assertNotIn(self.chinese_instance, filtered_instances)
def test_bulk_scan_not_live(self): """ When scanner.bulk_scan is called, it should save all new results to the database, even if one of the instances cannot be reached by HTTP. It should save a result to the database for the instance that cannot be reached by HTTP with live False In addition to vcrpy, this test mocks requests.get to simulate a ConnectionError for a URL that does not exist without actually sending an HTTP request to that URL """ sd1 = DirectoryEntryFactory.create( title='SecureDrop', landing_page_url='https://securedrop.org', onion_address='notreal.onion') sd2 = DirectoryEntryFactory.create( title='Freedom of the Press Foundation', landing_page_url=NON_EXISTENT_URL, onion_address='notreal-2.onion') sd3 = DirectoryEntryFactory.create( title='Freedom of the Press Foundation', landing_page_url='https://freedom.press', onion_address='notreal-3.onion') securedrop_pages_qs = DirectoryEntry.objects.all() scanner.bulk_scan(securedrop_pages_qs) self.assertTrue( DirectoryEntry.objects.get(pk=sd1.pk).results.all()[0].live) self.assertFalse( DirectoryEntry.objects.get(pk=sd2.pk).results.all()[0].live) self.assertTrue( DirectoryEntry.objects.get(pk=sd3.pk).results.all()[0].live)
def test_securedrop_can_save_expected_urls(self): securedrop = DirectoryEntryFactory( landing_page_url='https://www.something.org', onion_address='https://notreal.onion', ) securedrop.save() self.assertIn(securedrop, DirectoryEntry.objects.all())
class DirectoryEntryAuthTest(TestCase): def setUp(self): User = get_user_model() self.client = Client() self.username = "******" self.email = "*****@*****.**" self.password = "******" self.user = User.objects.create_user(username=self.username, email=self.email, password=self.password, is_active=True) self.user.save() # Create a verified email address object for this user via allauth EmailAddress.objects.create(user=self.user, email=self.email, verified=True) # Setup pages. Site is needed for valid urls. site = Site.objects.get() directory = DirectoryPageFactory(parent=site.root_page) self.unowned_sd_page = DirectoryEntryFactory(live=True, parent=directory) self.unowned_sd_page.save() self.user_owned_sd_page = DirectoryEntryFactory(live=True, parent=directory) self.user_owned_sd_page.save() SecuredropOwner(owner=self.user, page=self.user_owned_sd_page).save() def test_logged_in_user_should_see_edit_on_owned_pages(self): # Login self.client.post(reverse_lazy('account_login'), {'login': self.email, 'password': self.password}) response = self.client.get(self.user_owned_sd_page.url) self.assertTrue(response.context['page'].editable) def test_logged_out_user_should_not_see_edit(self): response = self.client.get(self.user_owned_sd_page.url) self.assertFalse(response.context['page'].editable) def test_logged_in_user_should_not_see_edit_on_unowned_pages(self): self.client.post(reverse_lazy('account_login'), {'login': self.email, 'password': self.password}) response = self.client.get(self.unowned_sd_page.url) self.assertFalse(response.context['page'].editable)
def test_cache_purged_for_directory_entry(self, purge_mock): "Homepage cache should be purged when a new directory entry is added" DirectoryEntryFactory.create() # DirectoryEntry saving logic causes it to be saved twice, triggering # the purge twice (this is not necessarily desireable, but it is # mostly harmless) purge_mock.assert_has_calls( [call(self.home_page), call(self.home_page)])
def test_duplicate_landing_pages_are_invalid(self): landing_page_url = 'https://www.freedom.press' DirectoryEntryFactory( landing_page_url=landing_page_url, ) with self.assertRaises(ValidationError): DirectoryEntryFactory( landing_page_url=landing_page_url, )
def test_returns_latest_live_result(self): sd = DirectoryEntryFactory() ScanResultFactory(live=False, securedrop=sd, landing_page_url=sd.landing_page_url).save() ScanResultFactory(live=False, securedrop=sd, landing_page_url=sd.landing_page_url).save() r3 = ScanResultFactory(live=True, securedrop=sd, landing_page_url=sd.landing_page_url) r3.save() sd = DirectoryEntry.objects.get(pk=sd.pk) self.assertEqual(r3, sd.get_live_result())
def test_domain_annotation(self): DirectoryEntryFactory.create( landing_page_url="https://securedrop.org/subpath" ) securedrop_page_qs = DirectoryEntry.objects.with_domain_annotation() self.assertEqual( securedrop_page_qs.values_list('domain', flat=True)[0], 'securedrop.org' )
def setUp(self): self.title = 'Awesome' self.landing_page_url = 'https://landing.com' self.onion_address = 'something.onion' self.description = 'Amaze' self.sd = DirectoryEntryFactory( title=self.title, landing_page_url=self.landing_page_url, onion_address=self.onion_address, organization_description=self.description ) self.search_content = self.sd.get_search_content()
def setUp(self): site = Site.objects.get() self.entry = DirectoryEntryFactory(parent=DirectoryPageFactory( parent=site.root_page)) self.result = ScanResultFactory( securedrop=self.entry, landing_page_url=self.entry.landing_page_url, moderate_warning=True, ) self.result.save() self.entry.save() self.client = Client()
def setUp(self): self.directory = DirectoryPageFactory() # set up countries mexico = CountryFactory(title='Mexico') azerbaijan = CountryFactory(title='Azerbaijan') mexico.save() azerbaijan.save() # set up instances that are children of the directory and have those countries self.mexico_instance = DirectoryEntryFactory(parent=self.directory) self.mexico_instance.countries.add(mexico) self.mexico_instance.save() self.azerbaijan_instance = DirectoryEntryFactory(parent=self.directory) self.azerbaijan_instance.countries.add(azerbaijan) self.azerbaijan_instance.save() self.country_filter = {'countries': mexico}
def setUp(self): self.directory = DirectoryPageFactory() # set up topics pf = TopicFactory(title='Press Freedom') irs = TopicFactory(title='IRS') pf.save() irs.save() # set up instances that are children of the directory and have those topics self.pf_instance = DirectoryEntryFactory(parent=self.directory) self.pf_instance.topics.add(pf) self.pf_instance.save() self.irs_instance = DirectoryEntryFactory(parent=self.directory) self.irs_instance.topics.add(irs) self.irs_instance.save() self.topic_filter = {'topics': pf}
def setUp(self): self.directory = DirectoryPageFactory() # set up languages spanish = LanguageFactory(title='Spanish') chinese = LanguageFactory(title='Chinese') spanish.save() chinese.save() # set up instances that are children of the directory and have those languages self.spanish_instance = DirectoryEntryFactory(parent=self.directory) self.spanish_instance.languages.add(spanish) self.spanish_instance.save() self.chinese_instance = DirectoryEntryFactory(parent=self.directory) self.chinese_instance.languages.add(chinese) self.chinese_instance.save() self.lang_filter = {'languages': spanish}
def test_bulk_scan(self): """ When scanner.bulk_scan is called, it should save all new results to the database, associated with the correct DirectoryEntrys """ DirectoryEntryFactory.create(title='SecureDrop', landing_page_url='https://securedrop.org', onion_address='notreal.onion') DirectoryEntryFactory.create(title='Freedom of the Press Foundation', landing_page_url='https://freedom.press', onion_address='notreal-2.onion') securedrop_pages_qs = DirectoryEntry.objects.all() scanner.bulk_scan(securedrop_pages_qs) for page in DirectoryEntry.objects.all(): self.assertEqual(1, page.results.count())
def test_forces_https_should_not_be_none(self): domain = 'https://sourceanonyme.radio-canada.ca' entry = DirectoryEntryFactory.create(title='Source Anonyme', landing_page_url=domain, onion_address='notreal.onion') r = scanner.scan(entry, commit=True) self.assertIsNotNone(r.forces_https)
def setUp(self): User = get_user_model() self.client = Client() self.username = "******" self.email = "*****@*****.**" self.password = "******" self.user = User.objects.create_user(username=self.username, email=self.email, password=self.password, is_active=True) self.site = Site.objects.get() self.directory = DirectoryPageFactory( parent=self.site.root_page, ) self.unowned_sd_page = DirectoryEntryFactory() self.unowned_sd_page.save() self.user_owned_sd_page = DirectoryEntryFactory() self.user_owned_sd_page.save() SecuredropOwner(owner=self.user, page=self.user_owned_sd_page).save() # Create a verified email address object for this user via allauth EmailAddress.objects.create(user=self.user, email=self.email, verified=True) # Create a device with pre-determined parameters to allow 2FA # token verification. Numbers copied from django_otp unit # tests. device = TOTPDevice.objects.create( user=self.user, confirmed=True, key='2a2bbba1092ffdd25a328ad1a0a5f5d61d7aacc4', step=30, t0=int(time() - (30 * 3)), digits=6, tolerance=0, drift=0, ) self.client.post( reverse('account_login'), {'login': self.email, 'password': self.password}, ) self.client.post( reverse('two-factor-authenticate'), # The token below corresponds to the parameters on the # device just created. {'otp_device': device.id, 'otp_token': '154567'}, )
def setUp(self): User = get_user_model() self.client = Client() self.username = "******" self.email = "*****@*****.**" self.password = "******" self.user = User.objects.create_user(username=self.username, email=self.email, password=self.password, is_active=True) self.user.save() # Create a verified email address object for this user via allauth EmailAddress.objects.create(user=self.user, email=self.email, verified=True) # Setup pages. Site is needed for valid urls. site = Site.objects.get() directory = DirectoryPageFactory(parent=site.root_page) self.unowned_sd_page = DirectoryEntryFactory(live=True, parent=directory) self.unowned_sd_page.save() self.user_owned_sd_page = DirectoryEntryFactory(live=True, parent=directory) self.user_owned_sd_page.save() SecuredropOwner(owner=self.user, page=self.user_owned_sd_page).save()
def test_redirect_target_saved(self): entry = DirectoryEntryFactory.create( title='SecureDrop', landing_page_url='https://httpbin.org/redirect/3', onion_address='notreal.onion', ) result = scanner.scan(entry) self.assertEqual(result.redirect_target, 'https://httpbin.org/get')
def test_redirect_target_not_saved_if_not_redirect(self): entry = DirectoryEntryFactory.create( title='SecureDrop', landing_page_url='https://securedrop.org', onion_address='notreal.onion', ) result = scanner.scan(entry) self.assertIsNone(result.redirect_target)
def setUp(self): User = get_user_model() self.client = Client() self.username = "******" self.email = "*****@*****.**" self.password = "******" self.user = User.objects.create_user(username=self.username, email=self.email, password=self.password, is_active=True) self.user.save() # Create a verified email address object for this user via allauth EmailAddress.objects.create(user=self.user, email=self.email, verified=True) self.unowned_sd_page = DirectoryEntryFactory() self.unowned_sd_page.save() self.user_owned_sd_page = DirectoryEntryFactory() self.user_owned_sd_page.save() SecuredropOwner(owner=self.user, page=self.user_owned_sd_page).save() # Login self.client.post(reverse('account_login'), {'login': self.email, 'password': self.password})
def test_redirect_from_subdomain(self): entry = DirectoryEntryFactory.create( title='SecureDrop', landing_page_url='http://health.nytimes.com', onion_address='notreal.onion', ) r = scanner.scan(entry) self.assertTrue(r.subdomain) self.assertTrue(r.no_cross_domain_redirects)
class DirectoryNoWarningTest(TestCase): def setUp(self): site = Site.objects.get() self.entry = DirectoryEntryFactory(parent=DirectoryPageFactory( parent=site.root_page)) self.result = ScanResultFactory( securedrop=self.entry, landing_page_url=self.entry.landing_page_url, no_failures=True, ) self.result.save() self.entry.save() self.client = Client() def test_page_request_should_succeed_if_no_warnings_on_result(self): response = self.client.get(self.entry.url) self.assertEqual(response.status_code, 200)
def test_scan_with_permitted_domain(self): securedrop = DirectoryEntryFactory.create( title='Freedom of the Press Foundation', landing_page_url='https://www.nytimes.com/tips', onion_address='notreal.onion', permitted_domains_for_assets=['nyt.com'], ) result = scanner.scan(securedrop) self.assertEqual(result.no_cross_domain_assets, True)
def test_save_associates_results(self): landing_page_url = 'https://www.something.org' result = ScanResult( live=True, hsts=True, hsts_max_age=True, securedrop=None, landing_page_url=landing_page_url, ) result.save() securedrop = DirectoryEntryFactory( landing_page_url=landing_page_url, onion_address='https://notreal.onion', ) securedrop.save() result.refresh_from_db() self.assertEqual(result.securedrop, securedrop)
def test_scan_with_permitted_domains_with_subdomain(self): securedrop = DirectoryEntryFactory.create( title='Freedom of the Press Foundation', landing_page_url='https://securedrop.org', onion_address='notreal.onion', permitted_domains_for_assets=['analytics.freedom.press'], ) result = scanner.scan(securedrop) self.assertEqual(result.no_cross_domain_assets, True)
def test_cross_domain_redirect_detected_and_saved(self): entry = DirectoryEntryFactory.create( title='SecureDrop', landing_page_url= 'https://httpbin.org/redirect-to?url=http%3A%2F%2Fwww.google.com&status_code=302', onion_address='notreal.onion', ) r = scanner.scan(entry) self.assertFalse(r.no_cross_domain_redirects)