Some security fixes and other fixes for file storage.

Also added unittests for creating files.
2016-03-25 18:23:01 +01:00
parent fd5bcaec52
commit 7c04e01cde
6 changed files with 127 additions and 19 deletions
--- a/tests/BlenderDesktopLogo.png
+++ b/tests/BlenderDesktopLogo.png
--- a/tests/common_test_class.py
+++ b/tests/common_test_class.py
@@ -34,6 +34,7 @@ class AbstractPillarTest(TestMinimal):
        app.config['BLENDER_ID_ENDPOINT'] = BLENDER_ID_ENDPOINT
        logging.getLogger('application').setLevel(logging.DEBUG)
        logging.getLogger('werkzeug').setLevel(logging.DEBUG)
+        logging.getLogger('eve').setLevel(logging.DEBUG)

        self.app = app
        self.client = app.test_client()
@@ -59,7 +60,20 @@ class AbstractPillarTest(TestMinimal):
            projects_collection.insert_one(EXAMPLE_PROJECT)
            result = files_collection.insert_one(file)
            file_id = result.inserted_id
-        return file_id, EXAMPLE_FILE
+        return file_id, file
+
+    def ensure_project_exists(self, project_overrides=None):
+        with self.app.test_request_context():
+            projects_collection = self.app.data.driver.db['projects']
+            assert isinstance(projects_collection, pymongo.collection.Collection)
+
+            project = copy.deepcopy(EXAMPLE_PROJECT)
+            if project_overrides is not None:
+                project.update(project_overrides)
+
+            result = projects_collection.insert_one(project)
+            project_id = result.inserted_id
+        return project_id, project

    def htp_blenderid_validate_unhappy(self):
        """Sets up HTTPretty to mock unhappy validation flow."""
--- a/tests/test_file_storage.py
+++ b/tests/test_file_storage.py
@@ -0,0 +1,58 @@
+"""Test cases for file handling."""
+
+from __future__ import print_function
+
+import os
+import shutil
+import copy
+import json
+
+from common_test_class import AbstractPillarTest, MY_PATH
+from common_test_data import EXAMPLE_FILE
+
+
+class FileUploadingTest(AbstractPillarTest):
+
+    def test_create_file_missing_on_fs(self):
+        from application import utils
+        from application.utils import PillarJSONEncoder
+
+        to_post = utils.remove_private_keys(EXAMPLE_FILE)
+        json_file = json.dumps(to_post, cls=PillarJSONEncoder)
+
+        with self.app.test_request_context():
+            self.ensure_project_exists()
+
+            resp = self.client.post('/files',
+                                    data=json_file,
+                                    headers={'Content-Type': 'application/json'})
+
+        self.assertEqual(422, resp.status_code)
+
+
+    def test_create_file_exists_on_fs(self):
+        from application import utils
+        from application.utils import PillarJSONEncoder
+
+        filename = 'BlenderDesktopLogo.png'
+        full_file = copy.deepcopy(EXAMPLE_FILE)
+        full_file[u'name'] = filename
+        to_post = utils.remove_private_keys(full_file)
+        json_file = json.dumps(to_post, cls=PillarJSONEncoder)
+
+        with self.app.test_request_context():
+            self.ensure_project_exists()
+
+            target_dir = os.path.join(self.app.config['SHARED_DIR'], filename[:2])
+            if os.path.exists(target_dir):
+                assert os.path.isdir(target_dir)
+            else:
+                os.makedirs(target_dir)
+            shutil.copy(os.path.join(MY_PATH, filename), target_dir)
+
+            resp = self.client.post('/files',
+                                    data=json_file,
+                                    headers={'Content-Type': 'application/json'})
+
+        self.assertEqual(201, resp.status_code)
+