sachet-server/tests/test_anonymous.py

import pytest
from io import BytesIO
from werkzeug.datastructures import FileStorage
import uuid

"""Test anonymous authentication to endpoints."""


def test_files(client, auth, rand):
    # set create perm for anon users
    resp = client.patch(
        "/admin/settings",
        headers=auth("administrator"),
        json={"default_permissions": ["CREATE"]},
    )
    assert resp.status_code == 200

    # create share
    resp = client.post("/files", json={"file_name": "content.bin"})
    assert resp.status_code == 201

    data = resp.get_json()
    url = data.get("url")

    assert url is not None
    assert "/files/" in url

    upload_data = rand.randbytes(4000)

    # upload file to share
    resp = client.post(
        url + "/content",
        data={"upload": FileStorage(stream=BytesIO(upload_data), filename="upload")},
        content_type="multipart/form-data",
    )
    assert resp.status_code == 201

    # set read perm for anon users
    resp = client.patch(
        "/admin/settings",
        headers=auth("administrator"),
        json={"default_permissions": ["READ"]},
    )
    assert resp.status_code == 200

    # read file
    resp = client.get(
        url + "/content",
    )
    assert resp.data == upload_data
    assert "filename=content.bin" in resp.headers["Content-Disposition"].split("; ")

    # set modify perm for anon users
    resp = client.patch(
        "/admin/settings",
        headers=auth("administrator"),
        json={"default_permissions": ["MODIFY"]},
    )
    assert resp.status_code == 200

    # modify share
    upload_data = rand.randbytes(4000)
    resp = client.put(
        url + "/content",
        data={"upload": FileStorage(stream=BytesIO(upload_data), filename="upload")},
        content_type="multipart/form-data",
    )
    assert resp.status_code == 200
    resp = client.patch(
        url,
        json={"file_name": "new_bin.bin"},
    )
    assert resp.status_code == 200
    resp = client.get(
        url + "/content",
    )
    assert resp.data == upload_data
    assert "filename=new_bin.bin" in resp.headers["Content-Disposition"].split("; ")

    # set list perm for anon users
    resp = client.patch(
        "/admin/settings",
        headers=auth("administrator"),
        json={"default_permissions": ["LIST"]},
    )
    assert resp.status_code == 200

    # test listing file
    resp = client.get(
        "/files",
        json={},
    )
    data = resp.get_json()
    assert resp.status_code == 200
    listed = data.get("data")
    assert len(listed) == 1
    assert listed[0].get("initialized") is True

    # set delete perm for anon users
    resp = client.patch(
        "/admin/settings",
        headers=auth("administrator"),
        json={"default_permissions": ["DELETE"]},
    )
    assert resp.status_code == 200

    # test deletion
    resp = client.delete(
        url,
    )
    assert resp.status_code == 200

    # file shouldn't exist anymore
    resp = client.get(
        url + "/content",
    )
    assert resp.status_code == 404
/files/: add anon permissions 2023-04-27 20:32:46 -04:00			`import pytest`
			`from io import BytesIO`
			`from werkzeug.datastructures import FileStorage`
			`import uuid`

			`"""Test anonymous authentication to endpoints."""`


			`def test_files(client, auth, rand):`
			`# set create perm for anon users`
			`resp = client.patch(`
			`"/admin/settings",`
			`headers=auth("administrator"),`
			`json={"default_permissions": ["CREATE"]},`
			`)`
			`assert resp.status_code == 200`

			`# create share`
			`resp = client.post("/files", json={"file_name": "content.bin"})`
			`assert resp.status_code == 201`

			`data = resp.get_json()`
			`url = data.get("url")`

			`assert url is not None`
			`assert "/files/" in url`

			`upload_data = rand.randbytes(4000)`

			`# upload file to share`
			`resp = client.post(`
			`url + "/content",`
			`data={"upload": FileStorage(stream=BytesIO(upload_data), filename="upload")},`
			`content_type="multipart/form-data",`
			`)`
			`assert resp.status_code == 201`

			`# set read perm for anon users`
			`resp = client.patch(`
			`"/admin/settings",`
			`headers=auth("administrator"),`
			`json={"default_permissions": ["READ"]},`
			`)`
			`assert resp.status_code == 200`

			`# read file`
			`resp = client.get(`
			`url + "/content",`
			`)`
			`assert resp.data == upload_data`
			`assert "filename=content.bin" in resp.headers["Content-Disposition"].split("; ")`

			`# set modify perm for anon users`
			`resp = client.patch(`
			`"/admin/settings",`
			`headers=auth("administrator"),`
			`json={"default_permissions": ["MODIFY"]},`
			`)`
			`assert resp.status_code == 200`

			`# modify share`
			`upload_data = rand.randbytes(4000)`
			`resp = client.put(`
			`url + "/content",`
			`data={"upload": FileStorage(stream=BytesIO(upload_data), filename="upload")},`
			`content_type="multipart/form-data",`
			`)`
			`assert resp.status_code == 200`
			`resp = client.patch(`
			`url,`
			`json={"file_name": "new_bin.bin"},`
			`)`
			`assert resp.status_code == 200`
			`resp = client.get(`
			`url + "/content",`
			`)`
			`assert resp.data == upload_data`
			`assert "filename=new_bin.bin" in resp.headers["Content-Disposition"].split("; ")`

			`# set list perm for anon users`
			`resp = client.patch(`
			`"/admin/settings",`
			`headers=auth("administrator"),`
			`json={"default_permissions": ["LIST"]},`
			`)`
			`assert resp.status_code == 200`

			`# test listing file`
			`resp = client.get(`
			`"/files",`
			`json={},`
			`)`
			`data = resp.get_json()`
			`assert resp.status_code == 200`
			`listed = data.get("data")`
			`assert len(listed) == 1`
			`assert listed[0].get("initialized") is True`

			`# set delete perm for anon users`
			`resp = client.patch(`
			`"/admin/settings",`
			`headers=auth("administrator"),`
			`json={"default_permissions": ["DELETE"]},`
			`)`
			`assert resp.status_code == 200`

			`# test deletion`
			`resp = client.delete(`
			`url,`
			`)`
			`assert resp.status_code == 200`

			`# file shouldn't exist anymore`
			`resp = client.get(`
			`url + "/content",`
			`)`
			`assert resp.status_code == 404`