def test_allocate(self):
store = session_store()
store.find(TimeLimitedToken).remove()
token1 = TimeLimitedToken.allocate('foo://')
token2 = TimeLimitedToken.allocate('foo://')
# We must get unique tokens
self.assertNotEqual(token1, token2)
# They must be bytestrings (as a surrogate for valid url fragment')
self.assertIsInstance(token1, str)
self.assertIsInstance(token2, str)
def test_allocate(self):
store = session_store()
store.find(TimeLimitedToken).remove()
token1 = TimeLimitedToken.allocate('foo://')
token2 = TimeLimitedToken.allocate('foo://')
# We must get unique tokens
self.assertNotEqual(token1, token2)
# They must be bytestrings (as a surrogate for valid url fragment')
self.assertIsInstance(token1, str)
self.assertIsInstance(token2, str)
def test_restricted_with_token(self):
fileAlias, url = self.get_restricted_file_and_public_url()
# We have the base url for a restricted file; grant access to it
# for a short time.
token = TimeLimitedToken.allocate(url)
# Now we should be able to access the file.
response = requests.get(url, params={"token": token})
response.raise_for_status()
self.assertEqual(b"a" * 12, response.content)
def test_restricted_with_token(self):
fileAlias, url = self.get_restricted_file_and_public_url()
# We have the base url for a restricted file; grant access to it
# for a short time.
token = TimeLimitedToken.allocate(url)
url = url + "?token=%s" % token
# Now we should be able to access the file.
fileObj = urlopen(url)
try:
self.assertEqual("a"*12, fileObj.read())
finally:
fileObj.close()
def test_restricted_with_expired_token(self):
fileAlias, url = self.get_restricted_file_and_public_url()
# We have the base url for a restricted file; grant access to it
# for a short time.
token = TimeLimitedToken.allocate(url)
# But time has passed
store = session_store()
tokens = store.find(TimeLimitedToken, TimeLimitedToken.token==token)
tokens.set(
TimeLimitedToken.created==SQL("created - interval '1 week'"))
url = url + "?token=%s" % token
# Now, as per test_restricted_no_token we should get a 404.
self.require404(url)
def test_restricted_with_expired_token(self):
fileAlias, url = self.get_restricted_file_and_public_url()
# We have the base url for a restricted file; grant access to it
# for a short time.
token = TimeLimitedToken.allocate(url)
# But time has passed
store = session_store()
tokens = store.find(
TimeLimitedToken,
TimeLimitedToken.token == hashlib.sha256(token).hexdigest())
tokens.set(
TimeLimitedToken.created == SQL("created - interval '1 week'"))
# Now, as per test_restricted_no_token we should get a 404.
self.require404(url, params={"token": token})
def test_restricted_with_token_encoding(self):
fileAlias, url = self.get_restricted_file_and_public_url('foo~%')
self.assertThat(url, EndsWith('/foo~%25'))
# We have the base url for a restricted file; grant access to it
# for a short time.
token = TimeLimitedToken.allocate(url)
# Now we should be able to access the file.
response = requests.get(url, params={"token": token})
response.raise_for_status()
self.assertEqual(b"a" * 12, response.content)
# The token is valid even if the filename is encoded differently.
mangled_url = url.replace('~', '%7E')
self.assertNotEqual(mangled_url, url)
response = requests.get(url, params={"token": token})
response.raise_for_status()
self.assertEqual(b"a" * 12, response.content)
def test_restricted_file_headers(self):
fileAlias, url = self.get_restricted_file_and_public_url()
token = TimeLimitedToken.allocate(url)
url = url + "?token=%s" % token
# Change the date_created to a known value for testing.
file_alias = IMasterStore(LibraryFileAlias).get(
LibraryFileAlias, fileAlias)
file_alias.date_created = datetime(
2001, 01, 30, 13, 45, 59, tzinfo=pytz.utc)
# Commit the update.
self.commit()
# Fetch the file via HTTP, recording the interesting headers
result = urlopen(url)
last_modified_header = result.info()['Last-Modified']
cache_control_header = result.info()['Cache-Control']
# No caching for restricted files.
self.failUnlessEqual(cache_control_header, 'max-age=0, private')
# And we should have a correct Last-Modified header too.
self.failUnlessEqual(
last_modified_header, 'Tue, 30 Jan 2001 13:45:59 GMT')
def test_restricted_file_headers(self):
fileAlias, url = self.get_restricted_file_and_public_url()
token = TimeLimitedToken.allocate(url)
# Change the date_created to a known value for testing.
file_alias = IMasterStore(LibraryFileAlias).get(
LibraryFileAlias, fileAlias)
file_alias.date_created = datetime(2001,
1,
30,
13,
45,
59,
tzinfo=pytz.utc)
# Commit the update.
self.commit()
# Fetch the file via HTTP, recording the interesting headers
response = requests.get(url, params={"token": token})
last_modified_header = response.headers['Last-Modified']
cache_control_header = response.headers['Cache-Control']
# No caching for restricted files.
self.assertEqual(cache_control_header, 'max-age=0, private')
# And we should have a correct Last-Modified header too.
self.assertEqual(last_modified_header, 'Tue, 30 Jan 2001 13:45:59 GMT')
