2023-04-10 22:17:12 -04:00
|
|
|
import pytest
|
|
|
|
|
from io import BytesIO
|
|
|
|
|
from werkzeug.datastructures import FileStorage
|
2023-04-15 16:33:50 -04:00
|
|
|
import uuid
|
2023-04-10 22:17:12 -04:00
|
|
|
|
|
|
|
|
"""Test file share endpoints."""
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# if other storage backends are implemented we test them with the same suite
|
|
|
|
|
# this might be redundant because test_storage tests the backends already
|
|
|
|
|
@pytest.mark.parametrize("client", [{"SACHET_STORAGE": "filesystem"}], indirect=True)
|
|
|
|
|
class TestSuite:
|
2023-05-07 21:08:45 -04:00
|
|
|
def test_sharing(self, client, users, auth, rand, upload):
|
2023-04-10 22:17:12 -04:00
|
|
|
# create share
|
2023-04-15 17:56:48 -04:00
|
|
|
resp = client.post(
|
|
|
|
|
"/files", headers=auth("jeff"), json={"file_name": "content.bin"}
|
|
|
|
|
)
|
2023-04-10 22:17:12 -04:00
|
|
|
assert resp.status_code == 201
|
|
|
|
|
|
|
|
|
|
data = resp.get_json()
|
|
|
|
|
url = data.get("url")
|
|
|
|
|
|
|
|
|
|
assert url is not None
|
|
|
|
|
assert "/files/" in url
|
|
|
|
|
|
|
|
|
|
upload_data = rand.randbytes(4000)
|
|
|
|
|
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-10 22:17:12 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("jeff"),
|
2023-05-07 21:08:45 -04:00
|
|
|
chunk_size=1230,
|
2023-04-10 22:17:12 -04:00
|
|
|
)
|
|
|
|
|
assert resp.status_code == 201
|
|
|
|
|
|
|
|
|
|
# read file
|
|
|
|
|
resp = client.get(
|
|
|
|
|
url + "/content",
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("jeff"),
|
2023-04-10 22:17:12 -04:00
|
|
|
)
|
|
|
|
|
assert resp.data == upload_data
|
2023-04-15 18:12:50 -04:00
|
|
|
assert "filename=content.bin" in resp.headers["Content-Disposition"].split("; ")
|
2023-04-10 22:17:12 -04:00
|
|
|
|
|
|
|
|
# test deletion
|
|
|
|
|
resp = client.delete(
|
|
|
|
|
url,
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("jeff"),
|
2023-04-10 22:17:12 -04:00
|
|
|
)
|
|
|
|
|
assert resp.status_code == 200
|
|
|
|
|
|
|
|
|
|
# file shouldn't exist anymore
|
|
|
|
|
resp = client.get(
|
|
|
|
|
url + "/content",
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("jeff"),
|
2023-04-10 22:17:12 -04:00
|
|
|
)
|
|
|
|
|
assert resp.status_code == 404
|
2023-04-15 16:33:50 -04:00
|
|
|
|
2023-05-07 21:08:45 -04:00
|
|
|
def test_modification(self, client, users, auth, rand, upload):
|
2023-04-22 18:25:10 -04:00
|
|
|
# create share
|
|
|
|
|
resp = client.post(
|
|
|
|
|
"/files", headers=auth("jeff"), json={"file_name": "content.bin"}
|
|
|
|
|
)
|
|
|
|
|
data = resp.get_json()
|
|
|
|
|
url = data.get("url")
|
|
|
|
|
|
|
|
|
|
upload_data = rand.randbytes(4000)
|
|
|
|
|
new_data = rand.randbytes(4000)
|
|
|
|
|
|
|
|
|
|
# upload file to share
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-22 18:25:10 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-22 18:25:10 -04:00
|
|
|
headers=auth("jeff"),
|
|
|
|
|
)
|
2023-05-07 21:08:45 -04:00
|
|
|
assert resp.status_code == 201
|
2023-04-22 18:25:10 -04:00
|
|
|
|
|
|
|
|
# modify metadata
|
|
|
|
|
resp = client.patch(
|
|
|
|
|
url,
|
|
|
|
|
headers=auth("jeff"),
|
|
|
|
|
json={"file_name": "new_bin.bin"},
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 200
|
|
|
|
|
|
|
|
|
|
# modify file contents
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-22 18:25:10 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(new_data),
|
2023-04-22 18:25:10 -04:00
|
|
|
headers=auth("jeff"),
|
2023-05-07 21:08:45 -04:00
|
|
|
method=client.put,
|
2023-04-22 18:25:10 -04:00
|
|
|
)
|
2023-05-07 21:08:45 -04:00
|
|
|
assert resp.status_code == 201
|
2023-04-22 18:25:10 -04:00
|
|
|
|
|
|
|
|
# read file
|
|
|
|
|
resp = client.get(
|
|
|
|
|
url + "/content",
|
|
|
|
|
headers=auth("jeff"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.data == new_data
|
|
|
|
|
assert "filename=new_bin.bin" in resp.headers["Content-Disposition"].split("; ")
|
|
|
|
|
|
2023-05-07 21:08:45 -04:00
|
|
|
def test_invalid(self, client, users, auth, rand, upload):
|
2023-04-15 16:33:50 -04:00
|
|
|
"""Test invalid requests."""
|
|
|
|
|
|
|
|
|
|
upload_data = rand.randbytes(4000)
|
|
|
|
|
|
|
|
|
|
# unauthenticated
|
|
|
|
|
resp = client.post("/files")
|
|
|
|
|
assert resp.status_code == 401
|
|
|
|
|
|
|
|
|
|
# non-existent
|
|
|
|
|
resp = client.get("/files/" + str(uuid.UUID(int=0)), headers=auth("jeff"))
|
|
|
|
|
assert resp.status_code == 404
|
|
|
|
|
resp = client.get(
|
|
|
|
|
"/files/" + str(uuid.UUID(int=0)) + "/content", headers=auth("jeff")
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 404
|
|
|
|
|
resp = client.post(
|
|
|
|
|
"/files/" + str(uuid.UUID(int=0)) + "/content", headers=auth("jeff")
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 404
|
|
|
|
|
resp = client.put(
|
|
|
|
|
"/files/" + str(uuid.UUID(int=0)) + "/content", headers=auth("jeff")
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 404
|
|
|
|
|
|
|
|
|
|
# no CREATE permission
|
|
|
|
|
resp = client.post("/files", headers=auth("no_create_user"))
|
|
|
|
|
assert resp.status_code == 403
|
|
|
|
|
|
|
|
|
|
# valid share creation to move on to testing content endpoint
|
2023-04-15 17:56:48 -04:00
|
|
|
resp = client.post(
|
|
|
|
|
"/files", headers=auth("jeff"), json={"file_name": "content.bin"}
|
|
|
|
|
)
|
2023-04-15 16:33:50 -04:00
|
|
|
assert resp.status_code == 201
|
|
|
|
|
data = resp.get_json()
|
|
|
|
|
url = data.get("url")
|
|
|
|
|
|
|
|
|
|
# test invalid methods
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-15 16:33:50 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-15 16:33:50 -04:00
|
|
|
headers=auth("jeff"),
|
2023-05-07 21:08:45 -04:00
|
|
|
method=client.put,
|
2023-04-15 16:33:50 -04:00
|
|
|
)
|
|
|
|
|
assert resp.status_code == 423
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-15 16:33:50 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-15 16:33:50 -04:00
|
|
|
headers=auth("jeff"),
|
2023-05-07 21:08:45 -04:00
|
|
|
method=client.patch,
|
2023-04-15 16:33:50 -04:00
|
|
|
)
|
|
|
|
|
assert resp.status_code == 405
|
|
|
|
|
|
|
|
|
|
# test other user being unable to upload to this share
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-15 16:33:50 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-15 16:33:50 -04:00
|
|
|
headers=auth("dave"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 403
|
|
|
|
|
|
|
|
|
|
# upload file to share (properly)
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-15 16:33:50 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-15 16:33:50 -04:00
|
|
|
headers=auth("jeff"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 201
|
|
|
|
|
|
2023-04-29 12:09:32 -04:00
|
|
|
# test other user being unable to modify this share
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-29 12:09:32 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-29 12:09:32 -04:00
|
|
|
headers=auth("dave"),
|
2023-05-07 21:08:45 -04:00
|
|
|
method=client.put,
|
2023-04-29 12:09:32 -04:00
|
|
|
)
|
|
|
|
|
assert resp.status_code == 403
|
|
|
|
|
|
2023-04-15 16:33:50 -04:00
|
|
|
# test not allowing re-upload
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-15 16:33:50 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-15 16:33:50 -04:00
|
|
|
headers=auth("jeff"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 423
|
|
|
|
|
|
|
|
|
|
# no READ permission
|
|
|
|
|
resp = client.get(url, headers=auth("no_read_user"))
|
|
|
|
|
assert resp.status_code == 403
|
|
|
|
|
resp = client.get(url + "/content", headers=auth("no_read_user"))
|
|
|
|
|
assert resp.status_code == 403
|
2023-04-29 13:18:09 -04:00
|
|
|
|
2023-05-07 21:08:45 -04:00
|
|
|
def test_locking(self, client, users, auth, rand, upload):
|
2023-04-29 13:18:09 -04:00
|
|
|
# upload share
|
|
|
|
|
resp = client.post(
|
|
|
|
|
"/files", headers=auth("jeff"), json={"file_name": "content.bin"}
|
|
|
|
|
)
|
|
|
|
|
data = resp.get_json()
|
|
|
|
|
url = data.get("url")
|
|
|
|
|
upload_data = rand.randbytes(4000)
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-29 13:18:09 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-29 13:18:09 -04:00
|
|
|
headers=auth("jeff"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 201
|
|
|
|
|
|
|
|
|
|
# lock share
|
|
|
|
|
resp = client.post(
|
|
|
|
|
url + "/lock",
|
|
|
|
|
headers=auth("jeff"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 200
|
|
|
|
|
|
|
|
|
|
# attempt to modify share
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-29 13:18:09 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-29 13:18:09 -04:00
|
|
|
headers=auth("jeff"),
|
2023-05-07 21:08:45 -04:00
|
|
|
method=client.put,
|
2023-04-29 13:18:09 -04:00
|
|
|
)
|
|
|
|
|
assert resp.status_code == 423
|
|
|
|
|
|
|
|
|
|
# attempt to delete share
|
|
|
|
|
resp = client.delete(
|
|
|
|
|
url,
|
|
|
|
|
headers=auth("jeff"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 423
|
|
|
|
|
|
|
|
|
|
# unlock share
|
|
|
|
|
resp = client.post(
|
|
|
|
|
url + "/unlock",
|
|
|
|
|
headers=auth("jeff"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 200
|
|
|
|
|
|
|
|
|
|
# attempt to modify share
|
2023-05-07 21:08:45 -04:00
|
|
|
resp = upload(
|
2023-04-29 13:18:09 -04:00
|
|
|
url + "/content",
|
2023-05-07 21:08:45 -04:00
|
|
|
BytesIO(upload_data),
|
2023-04-29 13:18:09 -04:00
|
|
|
headers=auth("jeff"),
|
2023-05-07 21:08:45 -04:00
|
|
|
method=client.put,
|
2023-04-29 13:18:09 -04:00
|
|
|
)
|
2023-05-07 21:08:45 -04:00
|
|
|
assert resp.status_code == 201
|
2023-04-29 13:18:09 -04:00
|
|
|
|
|
|
|
|
# attempt to delete share
|
|
|
|
|
resp = client.delete(
|
|
|
|
|
url,
|
|
|
|
|
headers=auth("jeff"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 200
|
|
|
|
|
|
|
|
|
|
# attempt to lock/unlock without perms
|
|
|
|
|
resp = client.post(
|
|
|
|
|
url + "/lock",
|
|
|
|
|
headers=auth("no_lock_user"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 403
|
|
|
|
|
resp = client.post(
|
|
|
|
|
url + "/unlock",
|
|
|
|
|
headers=auth("no_lock_user"),
|
|
|
|
|
)
|
|
|
|
|
assert resp.status_code == 403
|
