Commit | Line | Data |
---|---|---|
1975b5dd | 1 | # GNU MediaGoblin -- federated, autonomous media hosting |
cf29e8a8 | 2 | # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. |
1975b5dd CM |
3 | # |
4 | # This program is free software: you can redistribute it and/or modify | |
5 | # it under the terms of the GNU Affero General Public License as published by | |
6 | # the Free Software Foundation, either version 3 of the License, or | |
7 | # (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU Affero General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | ||
17 | import urlparse | |
6573573d | 18 | import os |
a246ccca | 19 | import re |
6573573d | 20 | import time |
1975b5dd | 21 | |
afe4e513 | 22 | from nose.tools import assert_equal, assert_true, assert_false |
e75d4a0d | 23 | from pkg_resources import resource_filename |
1975b5dd | 24 | |
9754802d E |
25 | from mediagoblin.tests.tools import setup_fresh_app, get_test_app, \ |
26 | fixture_add_user | |
1975b5dd | 27 | from mediagoblin import mg_globals |
6573573d | 28 | from mediagoblin.processing import create_pub_filepath |
ae3bc7fa | 29 | from mediagoblin.tools import template, common |
1975b5dd | 30 | |
e75d4a0d BS |
31 | def resource(filename): |
32 | return resource_filename('mediagoblin.tests', 'test_submission/' + filename) | |
33 | ||
34 | GOOD_JPG = resource('good.jpg') | |
35 | GOOD_PNG = resource('good.png') | |
36 | EVIL_FILE = resource('evil') | |
37 | EVIL_JPG = resource('evil.jpg') | |
38 | EVIL_PNG = resource('evil.png') | |
6573573d | 39 | BIG_BLUE = resource('bigblue.png') |
75ce65cf | 40 | |
8ff4dec7 CFD |
41 | GOOD_TAG_STRING = 'yin,yang' |
42 | BAD_TAG_STRING = 'rage,' + 'f' * 26 + 'u' * 26 | |
43 | ||
31dd6013 BS |
44 | FORM_CONTEXT = ['mediagoblin/submit/start.html', 'submit_form'] |
45 | REQUEST_CONTEXT = ['mediagoblin/user_pages/user.html', 'request'] | |
1975b5dd | 46 | |
1975b5dd CM |
47 | class TestSubmission: |
48 | def setUp(self): | |
0a78be3e CM |
49 | self.test_app = get_test_app() |
50 | ||
75ce65cf CM |
51 | # TODO: Possibly abstract into a decorator like: |
52 | # @as_authenticated_user('chris') | |
9754802d | 53 | test_user = fixture_add_user() |
1975b5dd | 54 | |
afe4e513 JW |
55 | self.test_user = test_user |
56 | ||
c2d6792d E |
57 | self.login() |
58 | ||
59 | def login(self): | |
75ce65cf CM |
60 | self.test_app.post( |
61 | '/auth/login/', { | |
62 | 'username': u'chris', | |
63 | 'password': 'toast'}) | |
64 | ||
c2d6792d E |
65 | def logout(self): |
66 | self.test_app.get('/auth/logout/') | |
67 | ||
31dd6013 BS |
68 | def do_post(self, data, *context_keys, **kwargs): |
69 | url = kwargs.pop('url', '/submit/') | |
70 | do_follow = kwargs.pop('do_follow', False) | |
71 | template.clear_test_template_context() | |
72 | response = self.test_app.post(url, data, **kwargs) | |
73 | if do_follow: | |
74 | response.follow() | |
75 | context_data = template.TEMPLATE_TEST_CONTEXT | |
76 | for key in context_keys: | |
77 | context_data = context_data[key] | |
78 | return response, context_data | |
79 | ||
80 | def upload_data(self, filename): | |
81 | return {'upload_files': [('file', filename)]} | |
82 | ||
c16b8196 BS |
83 | def check_comments(self, request, media, count): |
84 | comments = request.db.MediaComment.find({'media_entry': media._id}) | |
85 | assert_equal(count, len(list(comments))) | |
86 | ||
75ce65cf | 87 | def test_missing_fields(self): |
ad35dd49 CM |
88 | # Test blank form |
89 | # --------------- | |
31dd6013 | 90 | response, form = self.do_post({}, *FORM_CONTEXT) |
d1f52dc7 | 91 | assert_equal(form.file.errors, [u'You must provide a file.']) |
ad35dd49 CM |
92 | |
93 | # Test blank file | |
94 | # --------------- | |
31dd6013 | 95 | response, form = self.do_post({'title': 'test title'}, *FORM_CONTEXT) |
d1f52dc7 | 96 | assert_equal(form.file.errors, [u'You must provide a file.']) |
ad35dd49 | 97 | |
c0e87ec9 BS |
98 | def check_url(self, response, path): |
99 | assert_equal(urlparse.urlsplit(response.location)[2], path) | |
100 | ||
101 | def check_normal_upload(self, title, filename): | |
102 | response, context = self.do_post({'title': title}, do_follow=True, | |
103 | **self.upload_data(filename)) | |
104 | self.check_url(response, '/u/{0}/'.format(self.test_user.username)) | |
105 | assert_true(context.has_key('mediagoblin/user_pages/user.html')) | |
c2d6792d | 106 | # Make sure the media view is at least reachable, logged in... |
c0e87ec9 BS |
107 | url = '/u/{0}/m/{1}/'.format(self.test_user.username, |
108 | title.lower().replace(' ', '-')) | |
109 | self.test_app.get(url) | |
c2d6792d E |
110 | # ... and logged out too. |
111 | self.logout() | |
c0e87ec9 | 112 | self.test_app.get(url) |
c2d6792d | 113 | |
c0e87ec9 BS |
114 | def test_normal_jpg(self): |
115 | self.check_normal_upload('Normal upload 1', GOOD_JPG) | |
116 | ||
117 | def test_normal_png(self): | |
118 | self.check_normal_upload('Normal upload 2', GOOD_PNG) | |
75ce65cf | 119 | |
77445d13 BS |
120 | def check_media(self, request, find_data, count=None): |
121 | media = request.db.MediaEntry.find(find_data) | |
122 | if count is not None: | |
123 | assert_equal(media.count(), count) | |
124 | if count == 0: | |
125 | return | |
126 | return media[0] | |
127 | ||
8ff4dec7 CFD |
128 | def test_tags(self): |
129 | # Good tag string | |
130 | # -------- | |
31dd6013 BS |
131 | response, request = self.do_post({'title': 'Balanced Goblin', |
132 | 'tags': GOOD_TAG_STRING}, | |
133 | *REQUEST_CONTEXT, do_follow=True, | |
134 | **self.upload_data(GOOD_JPG)) | |
77445d13 | 135 | media = self.check_media(request, {'title': 'Balanced Goblin'}, 1) |
8efcd405 | 136 | assert_equal(media.tags, |
8ff4dec7 | 137 | [{'name': u'yin', 'slug': u'yin'}, |
77445d13 | 138 | {'name': u'yang', 'slug': u'yang'}]) |
8ff4dec7 CFD |
139 | |
140 | # Test tags that are too long | |
141 | # --------------- | |
31dd6013 BS |
142 | response, form = self.do_post({'title': 'Balanced Goblin', |
143 | 'tags': BAD_TAG_STRING}, | |
144 | *FORM_CONTEXT, | |
145 | **self.upload_data(GOOD_JPG)) | |
d1f52dc7 BS |
146 | assert_equal(form.tags.errors, [ |
147 | u'Tags must be shorter than 50 characters. ' \ | |
148 | 'Tags that are too long: ' \ | |
149 | 'ffffffffffffffffffffffffffuuuuuuuuuuuuuuuuuuuuuuuuuu']) | |
75ce65cf | 150 | |
afe4e513 | 151 | def test_delete(self): |
31dd6013 BS |
152 | response, request = self.do_post({'title': 'Balanced Goblin'}, |
153 | *REQUEST_CONTEXT, do_follow=True, | |
154 | **self.upload_data(GOOD_JPG)) | |
77445d13 | 155 | media = self.check_media(request, {'title': 'Balanced Goblin'}, 1) |
afe4e513 | 156 | |
a0a7f87f | 157 | # Add a comment, so we can test for its deletion later. |
c16b8196 BS |
158 | self.check_comments(request, media, 0) |
159 | comment_url = request.urlgen( | |
160 | 'mediagoblin.user_pages.media_post_comment', | |
161 | user=self.test_user.username, media=media._id) | |
162 | response = self.do_post({'comment_content': 'i love this test'}, | |
163 | url=comment_url, do_follow=True)[0] | |
164 | self.check_comments(request, media, 1) | |
a0a7f87f | 165 | |
afe4e513 JW |
166 | # Do not confirm deletion |
167 | # --------------------------------------------------- | |
31dd6013 BS |
168 | delete_url = request.urlgen( |
169 | 'mediagoblin.user_pages.media_confirm_delete', | |
170 | user=self.test_user.username, media=media._id) | |
171 | # Empty data means don't confirm | |
172 | response = self.do_post({}, do_follow=True, url=delete_url)[0] | |
77445d13 | 173 | media = self.check_media(request, {'title': 'Balanced Goblin'}, 1) |
afe4e513 JW |
174 | |
175 | # Confirm deletion | |
176 | # --------------------------------------------------- | |
31dd6013 BS |
177 | response, request = self.do_post({'confirm': 'y'}, *REQUEST_CONTEXT, |
178 | do_follow=True, url=delete_url) | |
77445d13 | 179 | self.check_media(request, {'_id': media._id}, 0) |
c16b8196 | 180 | self.check_comments(request, media, 0) |
afe4e513 | 181 | |
c3739034 | 182 | def test_evil_file(self): |
ad35dd49 CM |
183 | # Test non-suppoerted file with non-supported extension |
184 | # ----------------------------------------------------- | |
31dd6013 BS |
185 | response, form = self.do_post({'title': 'Malicious Upload 1'}, |
186 | *FORM_CONTEXT, | |
187 | **self.upload_data(EVIL_FILE)) | |
d1f52dc7 BS |
188 | assert_equal(len(form.file.errors), 1) |
189 | assert_true(re.match( | |
190 | r'^Could not extract any file extension from ".*?"$', | |
191 | str(form.file.errors[0]))) | |
ad35dd49 | 192 | |
c3739034 BS |
193 | def check_false_image(self, title, filename): |
194 | # NOTE: These images should ultimately fail, but they | |
68f3ffbe CAW |
195 | # *will* pass the initial form submission step. Instead, |
196 | # they'll be caught as failures during the processing step. | |
c3739034 BS |
197 | response, context = self.do_post({'title': title}, do_follow=True, |
198 | **self.upload_data(filename)) | |
199 | self.check_url(response, '/u/{0}/'.format(self.test_user.username)) | |
200 | entry = mg_globals.database.MediaEntry.find_one({'title': title}) | |
201 | assert_equal(entry.state, 'failed') | |
202 | assert_equal(entry.fail_error, u'mediagoblin.processing:BadMediaFail') | |
9df37e8a | 203 | |
c3739034 | 204 | def test_evil_jpg(self): |
75ce65cf | 205 | # Test non-supported file with .jpg extension |
ad35dd49 | 206 | # ------------------------------------------- |
c3739034 | 207 | self.check_false_image('Malicious Upload 2', EVIL_JPG) |
ad35dd49 | 208 | |
c3739034 | 209 | def test_evil_png(self): |
75ce65cf | 210 | # Test non-supported file with .png extension |
ad35dd49 | 211 | # ------------------------------------------- |
c3739034 | 212 | self.check_false_image('Malicious Upload 3', EVIL_PNG) |
6573573d BS |
213 | |
214 | def test_processing(self): | |
215 | data = {'title': 'Big Blue'} | |
216 | response, request = self.do_post(data, *REQUEST_CONTEXT, do_follow=True, | |
217 | **self.upload_data(BIG_BLUE)) | |
218 | media = self.check_media(request, data, 1) | |
219 | last_size = 1024 ** 3 # Needs to be larger than bigblue.png | |
220 | for key, basename in (('original', 'bigblue.png'), | |
221 | ('medium', 'bigblue.medium.png'), | |
222 | ('thumb', 'bigblue.thumbnail.png')): | |
223 | # Does the processed image have a good filename? | |
224 | filename = resource_filename( | |
225 | 'mediagoblin.tests', | |
226 | os.path.join('test_user_dev/media/public', | |
227 | *media['media_files'].get(key, []))) | |
228 | assert_true(filename.endswith('_' + basename)) | |
229 | # Is it smaller than the last processed image we looked at? | |
230 | size = os.stat(filename).st_size | |
231 | assert_true(last_size > size) | |
232 | last_size = size |