added a docker dev environment

Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
author: JF 2019-07-09 14:56:21 -0700
committer: jvoisin 2019-07-09 14:56:21 -0700
commit: 06346e19464c376c0c2ca13ef4218559f9df4212 (patch)
tree: 94db98bcfbcd68dffdec0fa60239baef278510a8 /test
parent: 9d155d171e916cd3c2c34f6c50955745f8929e79 (diff)
2 files changed, 258 insertions, 0 deletions
diff --git a/test/test.py b/test/test.py
new file mode 100644
index 0000000..34245d9
--- /dev/null
+++ b/test/test.py
@@ -0,0 +1,103 @@
+import unittest
+import tempfile
+import shutil
+import io
+import os
+import main
+class Mat2WebTestCase(unittest.TestCase):
+    def setUp(self):
+        os.environ.setdefault('MAT2_ALLOW_ORIGIN_WHITELIST', 'origin1.gnu origin2.gnu')
+        app = main.create_app()
+        self.upload_folder = tempfile.mkdtemp()
+        app.config.update(
+            TESTING=True,
+            UPLOAD_FOLDER=self.upload_folder
+        )
+        self.app = app.test_client()
+    def tearDown(self):
+        shutil.rmtree(self.upload_folder)
+    def test_get_root(self):
+        rv = self.app.get('/')
+        self.assertIn(b'mat2-web', rv.data)
+    def test_check_mimetypes(self):
+        rv = self.app.get('/')
+        self.assertIn(b'.torrent', rv.data)
+        self.assertIn(b'.ods', rv.data)
+    def test_get_download_dangerous_file(self):
+        rv = self.app.get('/download/1337/\..\filename')
+        self.assertEqual(rv.status_code, 302)
+    def test_get_download_without_key_file(self):
+        rv = self.app.get('/download/non_existant')
+        self.assertEqual(rv.status_code, 404)
+    def test_get_download_nonexistant_file(self):
+        rv = self.app.get('/download/1337/non_existant')
+        self.assertEqual(rv.status_code, 302)
+    def test_get_upload_without_file(self):
+        rv = self.app.post('/')
+        self.assertEqual(rv.status_code, 302)
+    def test_get_upload_empty_file(self):
+        rv = self.app.post('/',
+                data=dict(
+                    file=(io.BytesIO(b""), 'test.pdf'),
+                    ), follow_redirects=False)
+        self.assertEqual(rv.status_code, 302)
+    def test_get_upload_empty_file_redir(self):
+        rv = self.app.post('/',
+                data=dict(
+                    file=(io.BytesIO(b""), 'test.pdf'),
+                    ), follow_redirects=True)
+        self.assertIn(b'The type application/pdf is not supported',
+                rv.data)
+        self.assertEqual(rv.status_code, 200)
+    def test_get_upload_no_file_name(self):
+        rv = self.app.post('/',
+                data=dict(
+                    file=(io.BytesIO(b"aaa")),
+                    ), follow_redirects=True)
+        self.assertIn(b'No file part', rv.data)
+        self.assertEqual(rv.status_code, 200)
+    def test_get_upload_harmless_file(self):
+        rv = self.app.post('/',
+                data=dict(
+                    file=(io.BytesIO(b"Some text"), 'test.txt'),
+                    ), follow_redirects=True)
+        self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt', rv.data)
+        self.assertEqual(rv.status_code, 200)
+        self.assertNotIn('Access-Control-Allow-Origin', rv.headers)
+        rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
+        self.assertEqual(rv.status_code, 200)
+        rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
+        self.assertEqual(rv.status_code, 302)
+    def test_upload_wrong_hash(self):
+        rv = self.app.post('/',
+                           data=dict(
+                               file=(io.BytesIO(b"Some text"), 'test.txt'),
+                           ), follow_redirects=True)
+        self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt',
+                      rv.data)
+        self.assertEqual(rv.status_code, 200)
+        rv = self.app.get('/download/70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
+        self.assertEqual(rv.status_code, 302)
+if __name__ == '__main__':
+    unittest.main()
diff --git a/test/test_api.py b/test/test_api.py
new file mode 100644
index 0000000..d913cc4
--- /dev/null
+++ b/test/test_api.py
@@ -0,0 +1,155 @@
+import unittest
+import tempfile
+import shutil
+import json
+import os
+import main
+class Mat2APITestCase(unittest.TestCase):
+    def setUp(self):
+        os.environ.setdefault('MAT2_ALLOW_ORIGIN_WHITELIST', 'origin1.gnu origin2.gnu')
+        app = main.create_app()
+        self.upload_folder = tempfile.mkdtemp()
+        app.config.update(
+            TESTING=True,
+            UPLOAD_FOLDER=self.upload_folder
+        )
+        self.app = app.test_client()
+    def tearDown(self):
+        shutil.rmtree(self.upload_folder)
+        if os.environ.get('MAT2_ALLOW_ORIGIN_WHITELIST'):
+            del os.environ['MAT2_ALLOW_ORIGIN_WHITELIST']
+    def test_api_upload_valid(self):
+        request = self.app.post('/api/upload',
+                                data='{"file_name": "test_name.jpg", '
+                                     '"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
+                                     'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
+                                headers={'content-type': 'application/json'}
+                                )
+        self.assertEqual(request.headers['Content-Type'], 'application/json')
+        self.assertEqual(request.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
+        self.assertEqual(request.status_code, 200)
+        data = json.loads(request.data.decode('utf-8'))
+        expected  = {
+            'output_filename': 'test_name.cleaned.jpg',
+            'key': '81a541f9ebc0233d419d25ed39908b16f82be26a783f32d56c381559e84e6161',
+            'meta': {
+                'BitDepth': 8,
+                'ColorType': 'RGB with Alpha',
+                'Compression': 'Deflate/Inflate',
+                'Filter': 'Adaptive',
+                'Interlace': 'Noninterlaced'
+            },
+            'meta_after': {},
+            'download_link': 'http://localhost/api/download/'
+                             '81a541f9ebc0233d419d25ed39908b16f82be26a783f32d56c381559e84e6161/test_name.cleaned.jpg'
+        }
+        self.assertEqual(data, expected)
+    def test_api_upload_missing_params(self):
+        request = self.app.post('/api/upload',
+                                data='{"file_name": "test_name.jpg"}',
+                                headers={'content-type': 'application/json'}
+                                )
+        self.assertEqual(request.headers['Content-Type'], 'application/json')
+        self.assertEqual(request.status_code, 400)
+        error = json.loads(request.data.decode('utf-8'))['message']
+        self.assertEqual(error['file'], 'Post parameter is not specified: file')
+        request = self.app.post('/api/upload',
+                                data='{"file_name": "test_name.jpg", "file": "invalid base46 string"}',
+                                headers={'content-type': 'application/json'}
+                                )
+        self.assertEqual(request.headers['Content-Type'], 'application/json')
+        self.assertEqual(request.status_code, 400)
+        error = json.loads(request.data.decode('utf-8'))['message']
+        self.assertEqual(error, 'Failed decoding file: Incorrect padding')
+    def test_api_not_supported(self):
+        request = self.app.post('/api/upload',
+                                data='{"file_name": "test_name.pdf", '
+                                     '"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
+                                     'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
+                                headers={'content-type': 'application/json'}
+                                )
+        self.assertEqual(request.headers['Content-Type'], 'application/json')
+        self.assertEqual(request.status_code, 415)
+        error = json.loads(request.data.decode('utf-8'))['message']
+        self.assertEqual(error, 'The type application/pdf is not supported')
+    def test_api_supported_extensions(self):
+        rv = self.app.get('/api/extension')
+        self.assertEqual(rv.status_code, 200)
+        self.assertEqual(rv.headers['Content-Type'], 'application/json')
+        self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
+        extensions = json.loads(rv.data.decode('utf-8'))
+        self.assertIn('.pot', extensions)
+        self.assertIn('.asc', extensions)
+        self.assertIn('.png', extensions)
+        self.assertIn('.zip', extensions)
+    def test_api_cors_not_set(self):
+        del os.environ['MAT2_ALLOW_ORIGIN_WHITELIST']
+        app = main.create_app()
+        app.config.update(
+            TESTING=True
+        )
+        app = app.test_client()
+        rv = app.get('/api/extension')
+        self.assertEqual(rv.headers['Access-Control-Allow-Origin'], '*')
+    def test_api_cors(self):
+        rv = self.app.get('/api/extension')
+        self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
+        rv = self.app.get('/api/extension', headers={'Origin': 'origin2.gnu'})
+        self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin2.gnu')
+        rv = self.app.get('/api/extension', headers={'Origin': 'origin1.gnu'})
+        self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
+    def test_api_download(self):
+        request = self.app.post('/api/upload',
+                                data='{"file_name": "test_name.jpg", '
+                                     '"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
+                                     'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
+                                headers={'content-type': 'application/json'}
+                                )
+        self.assertEqual(request.status_code, 200)
+        data = json.loads(request.data.decode('utf-8'))
+        request = self.app.get('http://localhost/api/download/'
+                               '81a541f9ebc0233d419d25ed39908b16f82be26a783f32d56c381559e84e6161/test name.cleaned.jpg')
+        self.assertEqual(request.status_code, 400)
+        error = json.loads(request.data.decode('utf-8'))['message']
+        self.assertEqual(error, 'Insecure filename')
+        request = self.app.get('http://localhost/api/download/'
+                               '81a541f9ebc0233d419d25ed39908b16f82be26a783f32d56c381559e84e6161/'
+                               'wrong_file_name.jpg')
+        self.assertEqual(request.status_code, 404)
+        error = json.loads(request.data.decode('utf-8'))['message']
+        self.assertEqual(error, 'File not found')
+        request = self.app.get('http://localhost/api/download/81a541f9e/test_name.cleaned.jpg')
+        self.assertEqual(request.status_code, 400)
+        error = json.loads(request.data.decode('utf-8'))['message']
+        self.assertEqual(error, 'The file hash does not match')
+        request = self.app.get(data['download_link'])
+        self.assertEqual(request.status_code, 200)
+if __name__ == '__main__':
+    unittest.main()
author	JF	2019-07-09 14:56:21 -0700
committer	jvoisin	2019-07-09 14:56:21 -0700
commit	06346e19464c376c0c2ca13ef4218559f9df4212 (patch)
tree	94db98bcfbcd68dffdec0fa60239baef278510a8 /test
parent	9d155d171e916cd3c2c34f6c50955745f8929e79 (diff)

diff --git a/test/test.py b/test/test.py new file mode 100644 index 0000000..34245d9 --- /dev/null +++ b/test/test.py
@@ -0,0 +1,103 @@
	1	import unittest
	2	import tempfile
	3	import shutil
	4	import io
	5	import os
	6
	7	import main
	8
	9
	10	class Mat2WebTestCase(unittest.TestCase):
	11	def setUp(self):
	12	os.environ.setdefault('MAT2_ALLOW_ORIGIN_WHITELIST', 'origin1.gnu origin2.gnu')
	13	app = main.create_app()
	14	self.upload_folder = tempfile.mkdtemp()
	15	app.config.update(
	16	TESTING=True,
	17	UPLOAD_FOLDER=self.upload_folder
	18	)
	19	self.app = app.test_client()
	20
	21	def tearDown(self):
	22	shutil.rmtree(self.upload_folder)
	23
	24	def test_get_root(self):
	25	rv = self.app.get('/')
	26	self.assertIn(b'mat2-web', rv.data)
	27
	28	def test_check_mimetypes(self):
	29	rv = self.app.get('/')
	30	self.assertIn(b'.torrent', rv.data)
	31	self.assertIn(b'.ods', rv.data)
	32
	33	def test_get_download_dangerous_file(self):
	34	rv = self.app.get('/download/1337/\..\filename')
	35	self.assertEqual(rv.status_code, 302)
	36
	37	def test_get_download_without_key_file(self):
	38	rv = self.app.get('/download/non_existant')
	39	self.assertEqual(rv.status_code, 404)
	40
	41	def test_get_download_nonexistant_file(self):
	42	rv = self.app.get('/download/1337/non_existant')
	43	self.assertEqual(rv.status_code, 302)
	44
	45	def test_get_upload_without_file(self):
	46	rv = self.app.post('/')
	47	self.assertEqual(rv.status_code, 302)
	48
	49	def test_get_upload_empty_file(self):
	50	rv = self.app.post('/',
	51	data=dict(
	52	file=(io.BytesIO(b""), 'test.pdf'),
	53	), follow_redirects=False)
	54	self.assertEqual(rv.status_code, 302)
	55
	56	def test_get_upload_empty_file_redir(self):
	57	rv = self.app.post('/',
	58	data=dict(
	59	file=(io.BytesIO(b""), 'test.pdf'),
	60	), follow_redirects=True)
	61	self.assertIn(b'The type application/pdf is not supported',
	62	rv.data)
	63	self.assertEqual(rv.status_code, 200)
	64
	65	def test_get_upload_no_file_name(self):
	66	rv = self.app.post('/',
	67	data=dict(
	68	file=(io.BytesIO(b"aaa")),
	69	), follow_redirects=True)
	70	self.assertIn(b'No file part', rv.data)
	71	self.assertEqual(rv.status_code, 200)
	72
	73	def test_get_upload_harmless_file(self):
	74	rv = self.app.post('/',
	75	data=dict(
	76	file=(io.BytesIO(b"Some text"), 'test.txt'),
	77	), follow_redirects=True)
	78	self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt', rv.data)
	79	self.assertEqual(rv.status_code, 200)
	80	self.assertNotIn('Access-Control-Allow-Origin', rv.headers)
	81
	82	rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
	83	self.assertEqual(rv.status_code, 200)
	84
	85	rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
	86	self.assertEqual(rv.status_code, 302)
	87
	88	def test_upload_wrong_hash(self):
	89	rv = self.app.post('/',
	90	data=dict(
	91	file=(io.BytesIO(b"Some text"), 'test.txt'),
	92	), follow_redirects=True)
	93	self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt',
	94	rv.data)
	95	self.assertEqual(rv.status_code, 200)
	96
	97	rv = self.app.get('/download/70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
	98	self.assertEqual(rv.status_code, 302)
	99
	100
	101	if __name__ == '__main__':
	102	unittest.main()
	103


diff --git a/test/test_api.py b/test/test_api.py new file mode 100644 index 0000000..d913cc4 --- /dev/null +++ b/test/test_api.py
@@ -0,0 +1,155 @@
	1	import unittest
	2	import tempfile
	3	import shutil
	4	import json
	5	import os
	6
	7	import main
	8
	9
	10	class Mat2APITestCase(unittest.TestCase):
	11	def setUp(self):
	12	os.environ.setdefault('MAT2_ALLOW_ORIGIN_WHITELIST', 'origin1.gnu origin2.gnu')
	13	app = main.create_app()
	14	self.upload_folder = tempfile.mkdtemp()
	15	app.config.update(
	16	TESTING=True,
	17	UPLOAD_FOLDER=self.upload_folder
	18	)
	19	self.app = app.test_client()
	20
	21	def tearDown(self):
	22	shutil.rmtree(self.upload_folder)
	23	if os.environ.get('MAT2_ALLOW_ORIGIN_WHITELIST'):
	24	del os.environ['MAT2_ALLOW_ORIGIN_WHITELIST']
	25
	26	def test_api_upload_valid(self):
	27	request = self.app.post('/api/upload',
	28	data='{"file_name": "test_name.jpg", '
	29	'"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
	30	'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
	31	headers={'content-type': 'application/json'}
	32	)
	33	self.assertEqual(request.headers['Content-Type'], 'application/json')
	34	self.assertEqual(request.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
	35	self.assertEqual(request.status_code, 200)
	36
	37	data = json.loads(request.data.decode('utf-8'))
	38	expected = {
	39	'output_filename': 'test_name.cleaned.jpg',
	40	'key': '81a541f9ebc0233d419d25ed39908b16f82be26a783f32d56c381559e84e6161',
	41	'meta': {
	42	'BitDepth': 8,
	43	'ColorType': 'RGB with Alpha',
	44	'Compression': 'Deflate/Inflate',
	45	'Filter': 'Adaptive',
	46	'Interlace': 'Noninterlaced'
	47	},
	48	'meta_after': {},
	49	'download_link': 'http://localhost/api/download/'
	50	'81a541f9ebc0233d419d25ed39908b16f82be26a783f32d56c381559e84e6161/test_name.cleaned.jpg'
	51	}
	52	self.assertEqual(data, expected)
	53
	54	def test_api_upload_missing_params(self):
	55	request = self.app.post('/api/upload',
	56	data='{"file_name": "test_name.jpg"}',
	57	headers={'content-type': 'application/json'}
	58	)
	59	self.assertEqual(request.headers['Content-Type'], 'application/json')
	60
	61	self.assertEqual(request.status_code, 400)
	62	error = json.loads(request.data.decode('utf-8'))['message']
	63	self.assertEqual(error['file'], 'Post parameter is not specified: file')
	64
	65	request = self.app.post('/api/upload',
	66	data='{"file_name": "test_name.jpg", "file": "invalid base46 string"}',
	67	headers={'content-type': 'application/json'}
	68	)
	69	self.assertEqual(request.headers['Content-Type'], 'application/json')
	70
	71	self.assertEqual(request.status_code, 400)
	72	error = json.loads(request.data.decode('utf-8'))['message']
	73	self.assertEqual(error, 'Failed decoding file: Incorrect padding')
	74
	75	def test_api_not_supported(self):
	76	request = self.app.post('/api/upload',
	77	data='{"file_name": "test_name.pdf", '
	78	'"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
	79	'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
	80	headers={'content-type': 'application/json'}
	81	)
	82	self.assertEqual(request.headers['Content-Type'], 'application/json')
	83	self.assertEqual(request.status_code, 415)
	84
	85	error = json.loads(request.data.decode('utf-8'))['message']
	86	self.assertEqual(error, 'The type application/pdf is not supported')
	87
	88	def test_api_supported_extensions(self):
	89	rv = self.app.get('/api/extension')
	90	self.assertEqual(rv.status_code, 200)
	91	self.assertEqual(rv.headers['Content-Type'], 'application/json')
	92	self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
	93
	94	extensions = json.loads(rv.data.decode('utf-8'))
	95	self.assertIn('.pot', extensions)
	96	self.assertIn('.asc', extensions)
	97	self.assertIn('.png', extensions)
	98	self.assertIn('.zip', extensions)
	99
	100	def test_api_cors_not_set(self):
	101	del os.environ['MAT2_ALLOW_ORIGIN_WHITELIST']
	102	app = main.create_app()
	103	app.config.update(
	104	TESTING=True
	105	)
	106	app = app.test_client()
	107
	108	rv = app.get('/api/extension')
	109	self.assertEqual(rv.headers['Access-Control-Allow-Origin'], '*')
	110
	111	def test_api_cors(self):
	112	rv = self.app.get('/api/extension')
	113	self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
	114
	115	rv = self.app.get('/api/extension', headers={'Origin': 'origin2.gnu'})
	116	self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin2.gnu')
	117
	118	rv = self.app.get('/api/extension', headers={'Origin': 'origin1.gnu'})
	119	self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
	120
	121	def test_api_download(self):
	122	request = self.app.post('/api/upload',
	123	data='{"file_name": "test_name.jpg", '
	124	'"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
	125	'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
	126	headers={'content-type': 'application/json'}
	127	)
	128	self.assertEqual(request.status_code, 200)
	129	data = json.loads(request.data.decode('utf-8'))
	130
	131	request = self.app.get('http://localhost/api/download/'
	132	'81a541f9ebc0233d419d25ed39908b16f82be26a783f32d56c381559e84e6161/test name.cleaned.jpg')
	133	self.assertEqual(request.status_code, 400)
	134	error = json.loads(request.data.decode('utf-8'))['message']
	135	self.assertEqual(error, 'Insecure filename')
	136
	137	request = self.app.get('http://localhost/api/download/'
	138	'81a541f9ebc0233d419d25ed39908b16f82be26a783f32d56c381559e84e6161/'
	139	'wrong_file_name.jpg')
	140	self.assertEqual(request.status_code, 404)
	141	error = json.loads(request.data.decode('utf-8'))['message']
	142	self.assertEqual(error, 'File not found')
	143
	144	request = self.app.get('http://localhost/api/download/81a541f9e/test_name.cleaned.jpg')
	145	self.assertEqual(request.status_code, 400)
	146
	147	error = json.loads(request.data.decode('utf-8'))['message']
	148	self.assertEqual(error, 'The file hash does not match')
	149
	150	request = self.app.get(data['download_link'])
	151	self.assertEqual(request.status_code, 200)
	152
	153
	154	if __name__ == '__main__':
	155	unittest.main()