[mediagoblin.git] / mediagoblin / tests / test_submission.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011 Free Software Foundation, Inc
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import urlparse
import pkg_resources

from nose.tools import assert_equal

from mediagoblin.auth import lib as auth_lib
from mediagoblin.tests.tools import setup_fresh_app, get_test_app
from mediagoblin import mg_globals
from mediagoblin import util

GOOD_JPG = pkg_resources.resource_filename(
  'mediagoblin.tests', 'test_submission/good.jpg')
GOOD_PNG = pkg_resources.resource_filename(
  'mediagoblin.tests', 'test_submission/good.png')
EVIL_FILE = pkg_resources.resource_filename(
  'mediagoblin.tests', 'test_submission/evil')
EVIL_JPG = pkg_resources.resource_filename(
  'mediagoblin.tests', 'test_submission/evil.jpg')
EVIL_PNG = pkg_resources.resource_filename(
  'mediagoblin.tests', 'test_submission/evil.png')

GOOD_TAG_STRING = 'yin,yang'
BAD_TAG_STRING = 'rage,' + 'f' * 26 + 'u' * 26


class TestSubmission:
    def setUp(self):
        self.test_app = get_test_app()

        # TODO: Possibly abstract into a decorator like:
        # @as_authenticated_user('chris')
        test_user = mg_globals.database.User()
        test_user['username'] = u'chris'
        test_user['email'] = u'chris@example.com'
        test_user['email_verified'] = True
        test_user['status'] = u'active'
        test_user['pw_hash'] = auth_lib.bcrypt_gen_password_hash('toast')
        test_user.save()

        self.test_app.post(
            '/auth/login/', {
                'username': u'chris',
                'password': 'toast'})

    def test_missing_fields(self):
        # Test blank form
        # ---------------
        util.clear_test_template_context()
        response = self.test_app.post(
            '/submit/', {})
        context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
        form = context['submit_form']
        assert form.file.errors == [u'You must provide a file.']

        # Test blank file
        # ---------------
        util.clear_test_template_context()
        response = self.test_app.post(
            '/submit/', {
                'title': 'test title'})
        context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
        form = context['submit_form']
        assert form.file.errors == [u'You must provide a file.']


    def test_normal_uploads(self):
        # Test JPG
        # --------
        util.clear_test_template_context()
        response = self.test_app.post(
            '/submit/', {
                'title': 'Normal upload 1'
                }, upload_files=[(
                    'file', GOOD_JPG)])

        # User should be redirected
        response.follow()
        assert_equal(
            urlparse.urlsplit(response.location)[2],
            '/u/chris/')
        assert util.TEMPLATE_TEST_CONTEXT.has_key(
            'mediagoblin/user_pages/user.html')

        # Test PNG
        # --------
        util.clear_test_template_context()
        response = self.test_app.post(
            '/submit/', {
                'title': 'Normal upload 2'
                }, upload_files=[(
                    'file', GOOD_PNG)])

        response.follow()
        assert_equal(
            urlparse.urlsplit(response.location)[2],
            '/u/chris/')
        assert util.TEMPLATE_TEST_CONTEXT.has_key(
            'mediagoblin/user_pages/user.html')

    def test_tags(self):
        # Good tag string
        # --------
        util.clear_test_template_context()
        response = self.test_app.post(
            '/submit/', {
                'title': 'Balanced Goblin',
                'tags': GOOD_TAG_STRING
                }, upload_files=[(
                    'file', GOOD_JPG)])

        # New media entry with correct tags should be created
        response.follow()
        context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/user_pages/user.html']
        request = context['request']
        media = request.db.MediaEntry.find({'title': 'Balanced Goblin'})[0]
        assert_equal(media['tags'],
                     [{'name': u'yin', 'slug': u'yin'},
                                            {'name': u'yang', 'slug': u'yang'}])

        # Test tags that are too long
        # ---------------
        util.clear_test_template_context()
        response = self.test_app.post(
            '/submit/', {
                'title': 'Balanced Goblin',
                'tags': BAD_TAG_STRING
                }, upload_files=[(
                    'file', GOOD_JPG)])

        # Too long error should be raised
        context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
        form = context['submit_form']
        assert form.tags.errors == [
            u'Tags must be shorter than 50 characters.  Tags that are too long'\
             ': ffffffffffffffffffffffffffuuuuuuuuuuuuuuuuuuuuuuuuuu']

    def test_malicious_uploads(self):
        # Test non-suppoerted file with non-supported extension
        # -----------------------------------------------------
        util.clear_test_template_context()
        response = self.test_app.post(
            '/submit/', {
                'title': 'Malicious Upload 2'
                }, upload_files=[(
                    'file', EVIL_FILE)])

        context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
        form = context['submit_form']
        assert form.file.errors == ['The file doesn\'t seem to be an image!']

        # NOTE: The following 2 tests will fail. These can be uncommented
        #       after http://bugs.foocorp.net/issues/324 is resolved and
        #       bad files are handled properly.

        # Test non-supported file with .jpg extension
        # -------------------------------------------
        #util.clear_test_template_context()
        #response = self.test_app.post(
        #    '/submit/', {
        #        'title': 'Malicious Upload 2'
        #        }, upload_files=[(
        #            'file', EVIL_JPG)])

        #context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
        #form = context['submit_form']
        #assert form.file.errors == ['The file doesn\'t seem to be an image!']

        # Test non-supported file with .png extension
        # -------------------------------------------
        #util.clear_test_template_context()
        #response = self.test_app.post(
        #    '/submit/', {
        #        'title': 'Malicious Upload 3'
        #        }, upload_files=[(
        #            'file', EVIL_PNG)])

        #context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
        #form = context['submit_form']
        #assert form.file.errors == ['The file doesn\'t seem to be an image!']
Commit	Line	Data
1975b5dd CM	1	# GNU MediaGoblin -- federated, autonomous media hosting
	2	# Copyright (C) 2011 Free Software Foundation, Inc
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
	17	import urlparse
9df37e8a	18	import pkg_resources
1975b5dd CM	19
	20	from nose.tools import assert_equal
	21
	22	from mediagoblin.auth import lib as auth_lib
0a78be3e	23	from mediagoblin.tests.tools import setup_fresh_app, get_test_app
1975b5dd CM	24	from mediagoblin import mg_globals
	25	from mediagoblin import util
	26
9df37e8a CM	27	GOOD_JPG = pkg_resources.resource_filename(
	28	'mediagoblin.tests', 'test_submission/good.jpg')
	29	GOOD_PNG = pkg_resources.resource_filename(
	30	'mediagoblin.tests', 'test_submission/good.png')
	31	EVIL_FILE = pkg_resources.resource_filename(
	32	'mediagoblin.tests', 'test_submission/evil')
	33	EVIL_JPG = pkg_resources.resource_filename(
	34	'mediagoblin.tests', 'test_submission/evil.jpg')
	35	EVIL_PNG = pkg_resources.resource_filename(
	36	'mediagoblin.tests', 'test_submission/evil.png')
75ce65cf	37
8ff4dec7 CFD	38	GOOD_TAG_STRING = 'yin,yang'
	39	BAD_TAG_STRING = 'rage,' + 'f' * 26 + 'u' * 26
	40
1975b5dd	41
1975b5dd CM	42	class TestSubmission:
1975b5dd CM	43	def setUp(self):
0a78be3e CM	44	self.test_app = get_test_app()
0a78be3e CM	45
75ce65cf CM	46	# TODO: Possibly abstract into a decorator like:
75ce65cf CM	47	# @as_authenticated_user('chris')
1975b5dd CM	48	test_user = mg_globals.database.User()
	49	test_user['username'] = u'chris'
	50	test_user['email'] = u'chris@example.com'
ad35dd49 CM	51	test_user['email_verified'] = True
ad35dd49 CM	52	test_user['status'] = u'active'
1975b5dd CM	53	test_user['pw_hash'] = auth_lib.bcrypt_gen_password_hash('toast')
	54	test_user.save()
	55
75ce65cf CM	56	self.test_app.post(
	57	'/auth/login/', {
	58	'username': u'chris',
	59	'password': 'toast'})
	60
	61	def test_missing_fields(self):
ad35dd49 CM	62	# Test blank form
	63	# ---------------
	64	util.clear_test_template_context()
	65	response = self.test_app.post(
	66	'/submit/', {})
	67	context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
	68	form = context['submit_form']
	69	assert form.file.errors == [u'You must provide a file.']
	70
	71	# Test blank file
	72	# ---------------
	73	util.clear_test_template_context()
	74	response = self.test_app.post(
	75	'/submit/', {
	76	'title': 'test title'})
	77	context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
	78	form = context['submit_form']
	79	assert form.file.errors == [u'You must provide a file.']
	80
75ce65cf CM	81
75ce65cf CM	82	def test_normal_uploads(self):
75ce65cf	83	# Test JPG
ad35dd49 CM	84	# --------
	85	util.clear_test_template_context()
	86	response = self.test_app.post(
	87	'/submit/', {
	88	'title': 'Normal upload 1'
	89	}, upload_files=[(
9df37e8a	90	'file', GOOD_JPG)])
ad35dd49 CM	91
	92	# User should be redirected
	93	response.follow()
	94	assert_equal(
	95	urlparse.urlsplit(response.location)[2],
9df37e8a	96	'/u/chris/')
ad35dd49	97	assert util.TEMPLATE_TEST_CONTEXT.has_key(
9df37e8a	98	'mediagoblin/user_pages/user.html')
ad35dd49	99
75ce65cf	100	# Test PNG
ad35dd49 CM	101	# --------
	102	util.clear_test_template_context()
	103	response = self.test_app.post(
	104	'/submit/', {
	105	'title': 'Normal upload 2'
	106	}, upload_files=[(
9df37e8a	107	'file', GOOD_PNG)])
ad35dd49 CM	108
	109	response.follow()
	110	assert_equal(
	111	urlparse.urlsplit(response.location)[2],
9df37e8a	112	'/u/chris/')
ad35dd49	113	assert util.TEMPLATE_TEST_CONTEXT.has_key(
9df37e8a	114	'mediagoblin/user_pages/user.html')
75ce65cf	115
8ff4dec7 CFD	116	def test_tags(self):
	117	# Good tag string
	118	# --------
	119	util.clear_test_template_context()
	120	response = self.test_app.post(
	121	'/submit/', {
	122	'title': 'Balanced Goblin',
	123	'tags': GOOD_TAG_STRING
	124	}, upload_files=[(
	125	'file', GOOD_JPG)])
	126
	127	# New media entry with correct tags should be created
	128	response.follow()
	129	context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/user_pages/user.html']
	130	request = context['request']
	131	media = request.db.MediaEntry.find({'title': 'Balanced Goblin'})[0]
	132	assert_equal(media['tags'],
	133	[{'name': u'yin', 'slug': u'yin'},
	134	{'name': u'yang', 'slug': u'yang'}])
	135
	136	# Test tags that are too long
	137	# ---------------
	138	util.clear_test_template_context()
	139	response = self.test_app.post(
	140	'/submit/', {
	141	'title': 'Balanced Goblin',
	142	'tags': BAD_TAG_STRING
	143	}, upload_files=[(
	144	'file', GOOD_JPG)])
	145
	146	# Too long error should be raised
	147	context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
	148	form = context['submit_form']
	149	assert form.tags.errors == [
	150	u'Tags must be shorter than 50 characters. Tags that are too long'\
	151	': ffffffffffffffffffffffffffuuuuuuuuuuuuuuuuuuuuuuuuuu']
75ce65cf CM	152
75ce65cf CM	153	def test_malicious_uploads(self):
ad35dd49 CM	154	# Test non-suppoerted file with non-supported extension
	155	# -----------------------------------------------------
	156	util.clear_test_template_context()
	157	response = self.test_app.post(
	158	'/submit/', {
	159	'title': 'Malicious Upload 2'
	160	}, upload_files=[(
9df37e8a	161	'file', EVIL_FILE)])
ad35dd49 CM	162
	163	context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
	164	form = context['submit_form']
	165	assert form.file.errors == ['The file doesn\'t seem to be an image!']
	166
9df37e8a CM	167	# NOTE: The following 2 tests will fail. These can be uncommented
	168	# after http://bugs.foocorp.net/issues/324 is resolved and
	169	# bad files are handled properly.
	170
75ce65cf	171	# Test non-supported file with .jpg extension
ad35dd49	172	# -------------------------------------------
9df37e8a CM	173	#util.clear_test_template_context()
	174	#response = self.test_app.post(
	175	# '/submit/', {
	176	# 'title': 'Malicious Upload 2'
	177	# }, upload_files=[(
	178	# 'file', EVIL_JPG)])
ad35dd49	179
9df37e8a CM	180	#context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
	181	#form = context['submit_form']
	182	#assert form.file.errors == ['The file doesn\'t seem to be an image!']
ad35dd49	183
75ce65cf	184	# Test non-supported file with .png extension
ad35dd49	185	# -------------------------------------------
9df37e8a CM	186	#util.clear_test_template_context()
	187	#response = self.test_app.post(
	188	# '/submit/', {
	189	# 'title': 'Malicious Upload 3'
	190	# }, upload_files=[(
	191	# 'file', EVIL_PNG)])
	192
	193	#context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
	194	#form = context['submit_form']
	195	#assert form.file.errors == ['The file doesn\'t seem to be an image!']
0a78be3e	196