def test_non_authorized_user_access_with_not_valid_share_link_to_exist_folder(self): folder = Folder.root(self.user) new_folder = folder.addNewFolder('new_folder') not_valid_share_key = misc.generate_uuid() response = self.client.get(reverse('folder-view', args=[new_folder.pk]), {'s': not_valid_share_key}) response = self.client.get(reverse('folder-view', args=[new_folder.pk])) self.assertEqual(response.status_code, 404)
def test_authorized_user_access_to_not_owned_exist_folder(self): """Forbidden access to not possessed folders.""" another_user = User.objects.create_user(username='******', password='******') folder = Folder.root(another_user) self.client.login(username='******', password='******') response = self.client.get(reverse('folder-view', args=[folder.pk])) self.assertEqual(response.status_code, 403)
def test_authorized_user_get_valid_share_link(self): folder = Folder.root(self.user) new_folder = folder.addNewFolder('new_folder') share = Share.objects.create(contributor=self.user, origin=new_folder) share.shareItems(folders=[folder]) # First request set session variables and redirect link = share.getLink() another_user = User.objects.create_user(username='******', password='******') self.client.login(username='******', password='******') response = self.client.get(link, follow=True) new_link, status = response.redirect_chain.pop() response = self.client.get(new_link) self.assertEqual(response.status_code, 200)
def test_non_authorized_user_access_with_share_link(self): folder = Folder.root(self.user) # Create and share folder at authorized user new_folder = folder.addNewFolder('new_folder') share = Share.objects.create(contributor=self.user, origin=new_folder) share.shareItems(folders=[folder]) # First request set session variables and redirect link = share.getLink() response = self.client.get(link) self.assertRedirects(response, reverse('folder-view', args=[share.origin.pk])) response = self.client.get(reverse('folder-view', args=[share.origin.pk])) self.assertEqual(response.status_code, 200)
def setUp(self): self.client = Client() self.user = User.objects.get(username='******') self.another_user = User.objects.get(username='******') self.root_folder = Folder.root(self.user) self.folders = {} n0 = self.root_folder.addNewFolder('n0') # /n0 self.folders['n0'] = n0 self.files = {} f0 = ContentFile(b"dummy string f0") f0.name = 'f0' file_0 = File.objects.createFile(f0, self.root_folder, self.user) self.files['f0'] = file_0
def isProperNonAuthorisedAccess(self, request): if 'current_folder' in request.session and 'share_id' in request.session: folder_id = request.session['current_folder'] share_id = request.session['share_id'] try: share = Share.objects.get(pk=share_id) self.share = share # Examine folder_id is share is_request_folder_share = share.folders.filter( pk=folder_id).exists() if is_request_folder_share or folder_id == share.origin.pk: self.cwd = Folder.objects.get(pk=folder_id) else: raise Folder.DoesNotExist(f"{folder_id} isn't shared.") except ObjectDoesNotExist as e: if settings.DEBUG: raise Exception(e) return False return True return False
def test_authorized_user_access_to_index_page(self): """Redirect to root folder.""" self.client.login(username='******', password='******') response = self.client.get('/') root = Folder.root(self.user) self.assertRedirects(response, reverse('folder-view', args=[root.pk]))
def test_authorized_user_access_to_own_exist_folder(self): folder = Folder.root(self.user) self.client.login(username='******', password='******') response = self.client.get(reverse('folder-view', args=[folder.pk])) self.assertEqual(response.status_code, 200)
def test_non_authorized_user_access_to_any_folder(self): """Redirect to login page in attempt malicious access.""" folder = Folder.root(self.user) response = self.client.get(reverse('folder-view', args=[folder.pk])) self.assertRedirects(response, '/login')
def setUp(self): self.client = Client() self.user = User.objects.create_user(username='******', password='******') self.another_user = User.objects.create_user(username='******', password='******') self.root_folder = Folder.root(self.user)
def setUp(self): self.user = User.objects.get(username='******') # Root folder implicit created simultaneously a new user is added self.root_folder = Folder.root(self.user)
def index(request): root = Folder.root(request.user) return HttpResponseRedirect(reverse('folder-view', args=[root.pk]))