def test_allocate(self): store = session_store() store.find(TimeLimitedToken).remove() token1 = TimeLimitedToken.allocate('foo://') token2 = TimeLimitedToken.allocate('foo://') # We must get unique tokens self.assertNotEqual(token1, token2) # They must be bytestrings (as a surrogate for valid url fragment') self.assertIsInstance(token1, str) self.assertIsInstance(token2, str)
def test_restricted_with_token(self): fileAlias, url = self.get_restricted_file_and_public_url() # We have the base url for a restricted file; grant access to it # for a short time. token = TimeLimitedToken.allocate(url) # Now we should be able to access the file. response = requests.get(url, params={"token": token}) response.raise_for_status() self.assertEqual(b"a" * 12, response.content)
def test_restricted_with_token(self): fileAlias, url = self.get_restricted_file_and_public_url() # We have the base url for a restricted file; grant access to it # for a short time. token = TimeLimitedToken.allocate(url) url = url + "?token=%s" % token # Now we should be able to access the file. fileObj = urlopen(url) try: self.assertEqual("a"*12, fileObj.read()) finally: fileObj.close()
def test_restricted_with_expired_token(self): fileAlias, url = self.get_restricted_file_and_public_url() # We have the base url for a restricted file; grant access to it # for a short time. token = TimeLimitedToken.allocate(url) # But time has passed store = session_store() tokens = store.find(TimeLimitedToken, TimeLimitedToken.token==token) tokens.set( TimeLimitedToken.created==SQL("created - interval '1 week'")) url = url + "?token=%s" % token # Now, as per test_restricted_no_token we should get a 404. self.require404(url)
def test_restricted_with_expired_token(self): fileAlias, url = self.get_restricted_file_and_public_url() # We have the base url for a restricted file; grant access to it # for a short time. token = TimeLimitedToken.allocate(url) # But time has passed store = session_store() tokens = store.find( TimeLimitedToken, TimeLimitedToken.token == hashlib.sha256(token).hexdigest()) tokens.set( TimeLimitedToken.created == SQL("created - interval '1 week'")) # Now, as per test_restricted_no_token we should get a 404. self.require404(url, params={"token": token})
def test_restricted_with_token_encoding(self): fileAlias, url = self.get_restricted_file_and_public_url('foo~%') self.assertThat(url, EndsWith('/foo~%25')) # We have the base url for a restricted file; grant access to it # for a short time. token = TimeLimitedToken.allocate(url) # Now we should be able to access the file. response = requests.get(url, params={"token": token}) response.raise_for_status() self.assertEqual(b"a" * 12, response.content) # The token is valid even if the filename is encoded differently. mangled_url = url.replace('~', '%7E') self.assertNotEqual(mangled_url, url) response = requests.get(url, params={"token": token}) response.raise_for_status() self.assertEqual(b"a" * 12, response.content)
def test_restricted_file_headers(self): fileAlias, url = self.get_restricted_file_and_public_url() token = TimeLimitedToken.allocate(url) url = url + "?token=%s" % token # Change the date_created to a known value for testing. file_alias = IMasterStore(LibraryFileAlias).get( LibraryFileAlias, fileAlias) file_alias.date_created = datetime( 2001, 01, 30, 13, 45, 59, tzinfo=pytz.utc) # Commit the update. self.commit() # Fetch the file via HTTP, recording the interesting headers result = urlopen(url) last_modified_header = result.info()['Last-Modified'] cache_control_header = result.info()['Cache-Control'] # No caching for restricted files. self.failUnlessEqual(cache_control_header, 'max-age=0, private') # And we should have a correct Last-Modified header too. self.failUnlessEqual( last_modified_header, 'Tue, 30 Jan 2001 13:45:59 GMT')
def test_restricted_file_headers(self): fileAlias, url = self.get_restricted_file_and_public_url() token = TimeLimitedToken.allocate(url) # Change the date_created to a known value for testing. file_alias = IMasterStore(LibraryFileAlias).get( LibraryFileAlias, fileAlias) file_alias.date_created = datetime(2001, 1, 30, 13, 45, 59, tzinfo=pytz.utc) # Commit the update. self.commit() # Fetch the file via HTTP, recording the interesting headers response = requests.get(url, params={"token": token}) last_modified_header = response.headers['Last-Modified'] cache_control_header = response.headers['Cache-Control'] # No caching for restricted files. self.assertEqual(cache_control_header, 'max-age=0, private') # And we should have a correct Last-Modified header too. self.assertEqual(last_modified_header, 'Tue, 30 Jan 2001 13:45:59 GMT')