1 files changed, 103 insertions, 0 deletions
diff --git a/test/test.py b/test/test.py
new file mode 100644
index 0000000..34245d9
--- /dev/null
+++ b/test/test.py
@@ -0,0 +1,103 @@
+import unittest
+import tempfile
+import shutil
+import io
+import os
+import main
+class Mat2WebTestCase(unittest.TestCase):
+    def setUp(self):
+        os.environ.setdefault('MAT2_ALLOW_ORIGIN_WHITELIST', 'origin1.gnu origin2.gnu')
+        app = main.create_app()
+        self.upload_folder = tempfile.mkdtemp()
+        app.config.update(
+            TESTING=True,
+            UPLOAD_FOLDER=self.upload_folder
+        )
+        self.app = app.test_client()
+    def tearDown(self):
+        shutil.rmtree(self.upload_folder)
+    def test_get_root(self):
+        rv = self.app.get('/')
+        self.assertIn(b'mat2-web', rv.data)
+    def test_check_mimetypes(self):
+        rv = self.app.get('/')
+        self.assertIn(b'.torrent', rv.data)
+        self.assertIn(b'.ods', rv.data)
+    def test_get_download_dangerous_file(self):
+        rv = self.app.get('/download/1337/\..\filename')
+        self.assertEqual(rv.status_code, 302)
+    def test_get_download_without_key_file(self):
+        rv = self.app.get('/download/non_existant')
+        self.assertEqual(rv.status_code, 404)
+    def test_get_download_nonexistant_file(self):
+        rv = self.app.get('/download/1337/non_existant')
+        self.assertEqual(rv.status_code, 302)
+    def test_get_upload_without_file(self):
+        rv = self.app.post('/')
+        self.assertEqual(rv.status_code, 302)
+    def test_get_upload_empty_file(self):
+        rv = self.app.post('/',
+                data=dict(
+                    file=(io.BytesIO(b""), 'test.pdf'),
+                    ), follow_redirects=False)
+        self.assertEqual(rv.status_code, 302)
+    def test_get_upload_empty_file_redir(self):
+        rv = self.app.post('/',
+                data=dict(
+                    file=(io.BytesIO(b""), 'test.pdf'),
+                    ), follow_redirects=True)
+        self.assertIn(b'The type application/pdf is not supported',
+                rv.data)
+        self.assertEqual(rv.status_code, 200)
+    def test_get_upload_no_file_name(self):
+        rv = self.app.post('/',
+                data=dict(
+                    file=(io.BytesIO(b"aaa")),
+                    ), follow_redirects=True)
+        self.assertIn(b'No file part', rv.data)
+        self.assertEqual(rv.status_code, 200)
+    def test_get_upload_harmless_file(self):
+        rv = self.app.post('/',
+                data=dict(
+                    file=(io.BytesIO(b"Some text"), 'test.txt'),
+                    ), follow_redirects=True)
+        self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt', rv.data)
+        self.assertEqual(rv.status_code, 200)
+        self.assertNotIn('Access-Control-Allow-Origin', rv.headers)
+        rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
+        self.assertEqual(rv.status_code, 200)
+        rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
+        self.assertEqual(rv.status_code, 302)
+    def test_upload_wrong_hash(self):
+        rv = self.app.post('/',
+                           data=dict(
+                               file=(io.BytesIO(b"Some text"), 'test.txt'),
+                           ), follow_redirects=True)
+        self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt',
+                      rv.data)
+        self.assertEqual(rv.status_code, 200)
+        rv = self.app.get('/download/70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
+        self.assertEqual(rv.status_code, 302)
+if __name__ == '__main__':
+    unittest.main()

diff --git a/test/test.py b/test/test.py new file mode 100644 index 0000000..34245d9 --- /dev/null +++ b/test/test.py
@@ -0,0 +1,103 @@
	1	import unittest
	2	import tempfile
	3	import shutil
	4	import io
	5	import os
	6
	7	import main
	8
	9
	10	class Mat2WebTestCase(unittest.TestCase):
	11	def setUp(self):
	12	os.environ.setdefault('MAT2_ALLOW_ORIGIN_WHITELIST', 'origin1.gnu origin2.gnu')
	13	app = main.create_app()
	14	self.upload_folder = tempfile.mkdtemp()
	15	app.config.update(
	16	TESTING=True,
	17	UPLOAD_FOLDER=self.upload_folder
	18	)
	19	self.app = app.test_client()
	20
	21	def tearDown(self):
	22	shutil.rmtree(self.upload_folder)
	23
	24	def test_get_root(self):
	25	rv = self.app.get('/')
	26	self.assertIn(b'mat2-web', rv.data)
	27
	28	def test_check_mimetypes(self):
	29	rv = self.app.get('/')
	30	self.assertIn(b'.torrent', rv.data)
	31	self.assertIn(b'.ods', rv.data)
	32
	33	def test_get_download_dangerous_file(self):
	34	rv = self.app.get('/download/1337/\..\filename')
	35	self.assertEqual(rv.status_code, 302)
	36
	37	def test_get_download_without_key_file(self):
	38	rv = self.app.get('/download/non_existant')
	39	self.assertEqual(rv.status_code, 404)
	40
	41	def test_get_download_nonexistant_file(self):
	42	rv = self.app.get('/download/1337/non_existant')
	43	self.assertEqual(rv.status_code, 302)
	44
	45	def test_get_upload_without_file(self):
	46	rv = self.app.post('/')
	47	self.assertEqual(rv.status_code, 302)
	48
	49	def test_get_upload_empty_file(self):
	50	rv = self.app.post('/',
	51	data=dict(
	52	file=(io.BytesIO(b""), 'test.pdf'),
	53	), follow_redirects=False)
	54	self.assertEqual(rv.status_code, 302)
	55
	56	def test_get_upload_empty_file_redir(self):
	57	rv = self.app.post('/',
	58	data=dict(
	59	file=(io.BytesIO(b""), 'test.pdf'),
	60	), follow_redirects=True)
	61	self.assertIn(b'The type application/pdf is not supported',
	62	rv.data)
	63	self.assertEqual(rv.status_code, 200)
	64
	65	def test_get_upload_no_file_name(self):
	66	rv = self.app.post('/',
	67	data=dict(
	68	file=(io.BytesIO(b"aaa")),
	69	), follow_redirects=True)
	70	self.assertIn(b'No file part', rv.data)
	71	self.assertEqual(rv.status_code, 200)
	72
	73	def test_get_upload_harmless_file(self):
	74	rv = self.app.post('/',
	75	data=dict(
	76	file=(io.BytesIO(b"Some text"), 'test.txt'),
	77	), follow_redirects=True)
	78	self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt', rv.data)
	79	self.assertEqual(rv.status_code, 200)
	80	self.assertNotIn('Access-Control-Allow-Origin', rv.headers)
	81
	82	rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
	83	self.assertEqual(rv.status_code, 200)
	84
	85	rv = self.app.get('/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
	86	self.assertEqual(rv.status_code, 302)
	87
	88	def test_upload_wrong_hash(self):
	89	rv = self.app.post('/',
	90	data=dict(
	91	file=(io.BytesIO(b"Some text"), 'test.txt'),
	92	), follow_redirects=True)
	93	self.assertIn(b'/download/4c2e9e6da31a64c70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt',
	94	rv.data)
	95	self.assertEqual(rv.status_code, 200)
	96
	97	rv = self.app.get('/download/70623619c449a040968cdbea85945bf384fa30ed2d5d24fa3/test.cleaned.txt')
	98	self.assertEqual(rv.status_code, 302)
	99
	100
	101	if __name__ == '__main__':
	102	unittest.main()
	103