def test_get_content_with_token(self):
rf = RequestsFactory(self.request_id)
response = rf.add_file()
valid_token = ResponseTokens(response.id)
expired_token = ResponseTokens(response.id,
expiration_date=datetime.utcnow())
create_object(valid_token)
create_object(expired_token)
path = '/response/' + str(response.id)
# invalid token (400)
resp = self.client.get(path, query_string={'token': 'not_a_real_token'})
self.assertEqual(resp.status_code, 400)
# expired token (400)
resp = self.client.get(path, query_string={'token': expired_token.token})
self.assertEqual(resp.status_code, 400)
self.assertTrue(
ResponseTokens.query.filter_by(token=expired_token.token).first() is
None) # assert response token has been deleted
# valid token (success)
resp = self.client.get(path, query_string={'token': valid_token.token})
self.assert_file_sent(resp, rf.request.id, response.name)
def test_edit_file_missing_file(self):
rf = RequestsFactory(self.request_id)
response = rf.add_file()
old_filename = response.name
old = [
response.privacy, response.title, old_filename, response.mime_type,
response.size, response.deleted
]
new_filename = 'bovine.txt'
with self.client as client:
with client.session_transaction() as session:
session['user_id'] = rf.requester.get_id()
session['_fresh'] = True
resp = self.client.patch('/response/' + str(response.id),
data={
'privacy': RELEASE_AND_PUBLIC,
'title': 'The Cow Goes Quack',
'filename': new_filename,
})
self.assertEqual(
json.loads(resp.data.decode()),
{'errors': ["File '{}' not found.".format(new_filename)]})
# assert nothing was changed or created
self.assertEqual(old, [
response.privacy,
response.title,
old_filename,
response.mime_type,
response.size,
response.deleted,
])
self.assertTrue(
os.path.exists(os.path.join(self.upload_path, old_filename)))
events = Events.query.filter_by(response_id=response.id).all()
self.assertFalse(events)
def test_get_content(self):
rf = RequestsFactory(self.request_id)
response = rf.add_file()
unassociated_user = create_user()
path = '/response/' + str(response.id)
redirect_url = urljoin(
flask_request.url_root,
url_for('auth.index',
sso2=True,
return_to=urljoin(flask_request.url_root, path)))
# user not authenticated (redirect)
resp = self.client.get(path)
self.assertEqual(resp.location, redirect_url)
# user authenticated but not associated with request (400)
with self.client as client:
with client.session_transaction() as session:
session['user_id'] = unassociated_user.get_id()
session['_fresh'] = True
resp = self.client.get(path)
self.assertEqual(resp.status_code, 400)
# user authenticated and associated with request (success)
with self.client as client:
with client.session_transaction() as session:
session['user_id'] = rf.requester.get_id()
session['_fresh'] = True
resp = self.client.get(path)
self.assert_file_sent(resp, rf.request.id, response.name)
def test_post_update_existing(self, scan_and_complete_patch):
"""
The uploaded file should be saved to quarantine in spite
of having the same name as an previously uploaded file.
"""
os.mkdir(self.upload_basepath)
rf = RequestsFactory(self.request_id)
rf.add_file(self.upload_path)
file_contents = b"contents"
with scan_and_complete_patch:
response = self.client.post(
'/upload/' + self.request_id,
data={
"file": (BytesIO(file_contents), self.filename),
"update": True
}
)
self.assertEqual(
json.loads(response.data.decode()),
{
"files": [{
"name": self.filename_secure,
"original_name": self.filename,
"size": len(file_contents)
}]
}
)
# checked mocked call (is_update = True)
scan_and_complete_patch.assert_called_once_with(
self.request_id, self.quarantine_path, True)
# check redis key set
self.assertEqual(redis.get(self.key_update).decode(), upload_status.PROCESSING)
# check file saved
self.assertTrue(os.path.exists(self.quarantine_path))
def test_delete(self):
rf = RequestsFactory(self.request_id)
response = rf.add_file()
with self.client as client, patch(
'app.response.utils._send_delete_response_email'
) as send_email_patch:
with client.session_transaction() as session:
session['user_id'] = rf.requester.get_id()
session['_fresh'] = True
resp_bad_1 = self.client.patch('/response/' + str(response.id),
data={
'deleted': True,
'confirmation': 'invalid'
})
self.assertEqual(json.loads(resp_bad_1.data.decode()),
{"message": "No changes detected."})
self.assertFalse(response.deleted)
resp_bad_2 = self.client.patch(
'/response/' + str(response.id),
data={
'deleted': True,
# confirmation missing
})
self.assertEqual(json.loads(resp_bad_2.data.decode()),
{"message": "No changes detected."})
self.assertFalse(response.deleted)
resp_good = self.client.patch('/response/' + str(response.id),
data={
'deleted': True,
'confirmation': 'DELETE'
})
self.assertEquals(json.loads(resp_good.data.decode()), {
'old': {
'deleted': 'False'
},
'new': {
'deleted': 'True'
}
})
self.assertTrue(response.deleted)
# Check file moved to 'deleted' directory
self.assertFalse(
os.path.exists(os.path.join(self.upload_path, response.name)))
self.assertTrue(
os.path.exists(
os.path.join(self.upload_path, DELETED_FILE_DIRNAME,
response.hash)))
# check email sent
send_email_patch.assert_called_once_with(rf.request.id, response)
def test_get_content_failure(self):
# no Response
resp = self.client.get('/response/42')
self.assertEqual(resp.status_code, 400)
rf = RequestsFactory()
response = rf.add_note()
# wrong Response type
resp = self.client.get('/response/' + str(response.id))
self.assertEqual(resp.status_code, 400)
def test_get_content_with_token(self):
rf = RequestsFactory(self.request_id)
response = rf.add_file()
valid_token = ResponseTokens(response.id)
expired_token = ResponseTokens(response)
create_object(valid_token)
create_object(expired_token)
path = '/response/' + str(response.id)
# invalid token (400)
resp = self.client.get(path, query_string={'token': 'not_a_real_token'})
self.assertEqual(resp.status_code, 400)
# valid token (success)
resp = self.client.get(path, query_string={'token': valid_token.token})
self.assert_file_sent(resp, rf.request.id, response.name)
def test_post_existing_file(self):
os.mkdir(self.upload_basepath)
rf = RequestsFactory(self.request_id)
rf.add_file(self.upload_path)
response = self.client.post(
'/upload/' + self.request_id,
data={
"file": (BytesIO(b""), self.filename)
}
)
self.assertEqual(
json.loads(response.data.decode()),
{
"files": [{
"name": self.filename_secure,
"error": "A file with this name has already "
"been uploaded for this request."
}]
}
)
# make sure file wasn't deleted
self.assertTrue(os.path.exists(self.upload_path))
def test_edit_file(self):
rf = RequestsFactory(self.request_id)
response = rf.add_file()
old_filename = response.name
data_old = {
'privacy': response.privacy,
'title': response.title,
'name': old_filename,
'mime_type': response.mime_type,
'size': response.size,
'hash': response.hash,
}
new_privacy = RELEASE_AND_PUBLIC
new_filename = PNG_FILE_NAME
new_title = "Updated Title, Shiny and Chrome"
new_mime_type = 'image/png'
new_size = os.path.getsize(PNG_FILE_PATH)
new_hash = fu.get_hash(PNG_FILE_PATH)
data_new = {
'privacy': new_privacy,
'title': new_title,
'name': new_filename,
'mime_type': new_mime_type,
'size': new_size,
'hash': new_hash,
}
# copy test file into proper directory
path = os.path.join(self.upload_path, UPDATED_FILE_DIRNAME)
os.makedirs(path)
filepath = os.path.join(path, new_filename)
shutil.copyfile(PNG_FILE_PATH, filepath)
email_content_agency = "email content agency"
email_content_requester = "email content requester"
# https://github.com/mattupstate/flask-security/issues/259
# http://stackoverflow.com/questions/16238462/flask-unit-test-how-to-test-request-from-logged-in-user/16238537#16238537
with self.client as client, patch(
'app.response.utils._send_edit_response_email'
) as send_email_patch, patch(
'app.response.utils._get_edit_response_template',
return_value=(email_content_requester, email_content_agency,
None)):
with client.session_transaction() as session:
session['user_id'] = rf.requester.get_id()
session['_fresh'] = True
# PUT it in there!
resp = self.client.patch('/response/' + str(response.id),
data={
'privacy': new_privacy,
'title': new_title,
'filename': new_filename,
})
# check email sent
send_email_patch.assert_called_once_with(rf.request.id,
email_content_agency,
email_content_requester)
# check flask response
self.assertEqual(json.loads(resp.data.decode()), {
'old': data_old,
'new': data_new
})
# check database (Responses & Metadatas)
self.assertEqual([
response.privacy,
response.title,
response.name,
response.mime_type,
response.size,
response.hash,
], [
new_privacy,
new_title,
new_filename,
new_mime_type,
new_size,
new_hash,
])
# check FILE_EDITED Event created
events = Events.query.filter_by(response_id=response.id).all()
self.assertEqual(len(events), 1)
event = events[0]
self.assertEqual([
event.request_id,
event.user_guid,
event.auth_user_type,
event.type,
event.previous_value,
event.new_value,
], [
rf.request.id,
rf.requester.guid,
rf.requester.auth_user_type,
FILE_EDITED,
data_old,
data_new,
])
# check file replaced
self.assertFalse(
os.path.exists(os.path.join(self.upload_path, old_filename)))
self.assertFalse(
os.path.exists(
os.path.join(self.upload_path, UPDATED_FILE_DIRNAME,
new_filename)))
self.assertTrue(
os.path.exists(os.path.join(self.upload_path, new_filename)))
def setUp(self):
super(UpdateObjectTests, self).setUp()
self.request_id = 'FOIL-UOT'
self.rf = RequestsFactory(self.request_id)