def test_other_user_with_general_token(self): other_user = User.objects.create_user('oho', '*****@*****.**', 'nono') with override_settings(MEDIA_ROOT=self.tempdir, MEDIA_URL='/'): request = toolbox.add_request('abc', requester=self.user) toolbox.attach_file(request, ContentFile(b'abc')) token = toolbox.create_general_token(request) http_request = self.factory.get('/something') http_request.user = other_user # With no verification and no requester required response = serve_file(http_request, token, require_requester=False, verify_requester=False) self.assertEqual(response.status_code, 200) # Now try with simply not requiring the requester http_request.user = other_user self.assertRaises(UserIsNotRequester, serve_file, http_request, token, require_requester=False) # Now try with requiring the requester but not verifying http_request.user = other_user self.assertRaises(SuspiciousToken, serve_file, http_request, token, verify_requester=False)
def test_invalid_token(self): with override_settings(MEDIA_ROOT=self.tempdir, MEDIA_URL='/'): request = toolbox.add_request('abc', requester=self.user) toolbox.attach_file(request, ContentFile(b'abc')) token = toolbox.create_token(request) http_request = self.factory.get('/something') http_request.user = self.user self.assertRaises(SuspiciousToken, serve_file, http_request, token + 'a')
def test_other_user(self): other_user = User.objects.create_user('oho', '*****@*****.**', 'nono') with override_settings(MEDIA_ROOT=self.tempdir, MEDIA_URL='/'): request = toolbox.add_request('abc', requester=self.user) toolbox.attach_file(request, ContentFile(b'abc')) token = toolbox.create_token(request) http_request = self.factory.get('/something') http_request.user = other_user self.assertRaises(UserIsNotRequester, serve_file, http_request, token)
def test_token_expired(self, decode_mock): decode_mock.side_effect = SignatureExpired with override_settings(MEDIA_ROOT=self.tempdir, MEDIA_URL='/'): request = toolbox.add_request('abc', requester=self.user) toolbox.attach_file(request, ContentFile(b'abc')) token = toolbox.create_token(request) http_request = self.factory.get('/something') http_request.user = self.user self.assertRaises(SignatureHasExpired, serve_file, http_request, token)
def test(self): request = toolbox.add_request('abc') with override_settings(MEDIA_ROOT=self.tempdir, MEDIA_URL=''): contents = ContentFile('something special') toolbox.attach_file(request, contents, 'something.txt', 'text/plain') path = request.filehandle.path self.assertTrue(os.path.isfile(path)) request.delete() self.assertFalse(os.path.isfile(path))
def test_other_user_with_no_verification(self): other_user = User.objects.create_user('oho', '*****@*****.**', 'nono') with override_settings(MEDIA_ROOT=self.tempdir, MEDIA_URL='/'): request = toolbox.add_request('abc', requester=self.user) toolbox.attach_file(request, ContentFile(b'abc')) token = toolbox.create_token(request) http_request = self.factory.get('/something') http_request.user = other_user response = serve_file(http_request, token, verify_requester=False) self.assertEqual(response.status_code, 200)
def test(self): request = toolbox.add_request('abc') with override_settings(MEDIA_ROOT=self.tempdir, MEDIA_URL=''): contents = ContentFile('something special') toolbox.attach_file(request, contents, 'something.txt') response = toolbox.serve(request) self.assertEqual(response['Content-Type'], 'application/octet-stream') self.assertEqual(response['Content-Disposition'], 'attachment; filename="something.txt"') self.assertEqual(response.content, b'something special') response = toolbox.serve(request, default_content_type='text/plain') self.assertEqual(response['Content-Type'], 'text/plain') self.assertEqual(response.content, b'something special') self.assertEqual(response['Content-Disposition'], 'attachment; filename="something.txt"') request.filename = '' request.save() response = toolbox.serve(request, default_content_type='text/plain') self.assertEqual(response['Content-Type'], 'text/plain') self.assertEqual(response.content, b'something special') self.assertFalse(response.get('Content-Disposition'))