1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
22 from nose
.tools
import assert_equal
, assert_true
, assert_false
23 from pkg_resources
import resource_filename
25 from mediagoblin
.tests
.tools
import setup_fresh_app
, get_test_app
, \
27 from mediagoblin
import mg_globals
28 from mediagoblin
.processing
import create_pub_filepath
29 from mediagoblin
.tools
import template
, common
31 def resource(filename
):
32 return resource_filename('mediagoblin.tests', 'test_submission/' + filename
)
34 GOOD_JPG
= resource('good.jpg')
35 GOOD_PNG
= resource('good.png')
36 EVIL_FILE
= resource('evil')
37 EVIL_JPG
= resource('evil.jpg')
38 EVIL_PNG
= resource('evil.png')
39 BIG_BLUE
= resource('bigblue.png')
41 GOOD_TAG_STRING
= 'yin,yang'
42 BAD_TAG_STRING
= 'rage,' + 'f' * 26 + 'u' * 26
44 FORM_CONTEXT
= ['mediagoblin/submit/start.html', 'submit_form']
45 REQUEST_CONTEXT
= ['mediagoblin/user_pages/user.html', 'request']
49 self
.test_app
= get_test_app()
51 # TODO: Possibly abstract into a decorator like:
52 # @as_authenticated_user('chris')
53 test_user
= fixture_add_user()
55 self
.test_user
= test_user
66 self
.test_app
.get('/auth/logout/')
68 def do_post(self
, data
, *context_keys
, **kwargs
):
69 url
= kwargs
.pop('url', '/submit/')
70 do_follow
= kwargs
.pop('do_follow', False)
71 template
.clear_test_template_context()
72 response
= self
.test_app
.post(url
, data
, **kwargs
)
75 context_data
= template
.TEMPLATE_TEST_CONTEXT
76 for key
in context_keys
:
77 context_data
= context_data
[key
]
78 return response
, context_data
80 def upload_data(self
, filename
):
81 return {'upload_files': [('file', filename
)]}
83 def check_comments(self
, request
, media
, count
):
84 comments
= request
.db
.MediaComment
.find({'media_entry': media
._id
})
85 assert_equal(count
, len(list(comments
)))
87 def test_missing_fields(self
):
90 response
, form
= self
.do_post({}, *FORM_CONTEXT
)
91 assert_equal(form
.file.errors
, [u
'You must provide a file.'])
95 response
, form
= self
.do_post({'title': 'test title'}, *FORM_CONTEXT
)
96 assert_equal(form
.file.errors
, [u
'You must provide a file.'])
98 def check_url(self
, response
, path
):
99 assert_equal(urlparse
.urlsplit(response
.location
)[2], path
)
101 def check_normal_upload(self
, title
, filename
):
102 response
, context
= self
.do_post({'title': title
}, do_follow
=True,
103 **self
.upload_data(filename
))
104 self
.check_url(response
, '/u/{0}/'.format(self
.test_user
.username
))
105 assert_true(context
.has_key('mediagoblin/user_pages/user.html'))
106 # Make sure the media view is at least reachable, logged in...
107 url
= '/u/{0}/m/{1}/'.format(self
.test_user
.username
,
108 title
.lower().replace(' ', '-'))
109 self
.test_app
.get(url
)
110 # ... and logged out too.
112 self
.test_app
.get(url
)
114 def test_normal_jpg(self
):
115 self
.check_normal_upload('Normal upload 1', GOOD_JPG
)
117 def test_normal_png(self
):
118 self
.check_normal_upload('Normal upload 2', GOOD_PNG
)
120 def check_media(self
, request
, find_data
, count
=None):
121 media
= request
.db
.MediaEntry
.find(find_data
)
122 if count
is not None:
123 assert_equal(media
.count(), count
)
131 response
, request
= self
.do_post({'title': 'Balanced Goblin',
132 'tags': GOOD_TAG_STRING
},
133 *REQUEST_CONTEXT
, do_follow
=True,
134 **self
.upload_data(GOOD_JPG
))
135 media
= self
.check_media(request
, {'title': 'Balanced Goblin'}, 1)
136 assert_equal(media
.tags
,
137 [{'name': u
'yin', 'slug': u
'yin'},
138 {'name': u
'yang', 'slug': u
'yang'}])
140 # Test tags that are too long
142 response
, form
= self
.do_post({'title': 'Balanced Goblin',
143 'tags': BAD_TAG_STRING
},
145 **self
.upload_data(GOOD_JPG
))
146 assert_equal(form
.tags
.errors
, [
147 u
'Tags must be shorter than 50 characters. ' \
148 'Tags that are too long: ' \
149 'ffffffffffffffffffffffffffuuuuuuuuuuuuuuuuuuuuuuuuuu'])
151 def test_delete(self
):
152 response
, request
= self
.do_post({'title': 'Balanced Goblin'},
153 *REQUEST_CONTEXT
, do_follow
=True,
154 **self
.upload_data(GOOD_JPG
))
155 media
= self
.check_media(request
, {'title': 'Balanced Goblin'}, 1)
157 # Add a comment, so we can test for its deletion later.
158 self
.check_comments(request
, media
, 0)
159 comment_url
= request
.urlgen(
160 'mediagoblin.user_pages.media_post_comment',
161 user
=self
.test_user
.username
, media
=media
._id
)
162 response
= self
.do_post({'comment_content': 'i love this test'},
163 url
=comment_url
, do_follow
=True)[0]
164 self
.check_comments(request
, media
, 1)
166 # Do not confirm deletion
167 # ---------------------------------------------------
168 delete_url
= request
.urlgen(
169 'mediagoblin.user_pages.media_confirm_delete',
170 user
=self
.test_user
.username
, media
=media
._id
)
171 # Empty data means don't confirm
172 response
= self
.do_post({}, do_follow
=True, url
=delete_url
)[0]
173 media
= self
.check_media(request
, {'title': 'Balanced Goblin'}, 1)
176 # ---------------------------------------------------
177 response
, request
= self
.do_post({'confirm': 'y'}, *REQUEST_CONTEXT
,
178 do_follow
=True, url
=delete_url
)
179 self
.check_media(request
, {'_id': media
._id
}, 0)
180 self
.check_comments(request
, media
, 0)
182 def test_evil_file(self
):
183 # Test non-suppoerted file with non-supported extension
184 # -----------------------------------------------------
185 response
, form
= self
.do_post({'title': 'Malicious Upload 1'},
187 **self
.upload_data(EVIL_FILE
))
188 assert_equal(len(form
.file.errors
), 1)
189 assert_true(re
.match(
190 r
'^Could not extract any file extension from ".*?"$',
191 str(form
.file.errors
[0])))
193 def check_false_image(self
, title
, filename
):
194 # NOTE: These images should ultimately fail, but they
195 # *will* pass the initial form submission step. Instead,
196 # they'll be caught as failures during the processing step.
197 response
, context
= self
.do_post({'title': title
}, do_follow
=True,
198 **self
.upload_data(filename
))
199 self
.check_url(response
, '/u/{0}/'.format(self
.test_user
.username
))
200 entry
= mg_globals
.database
.MediaEntry
.find_one({'title': title
})
201 assert_equal(entry
.state
, 'failed')
202 assert_equal(entry
.fail_error
, u
'mediagoblin.processing:BadMediaFail')
204 def test_evil_jpg(self
):
205 # Test non-supported file with .jpg extension
206 # -------------------------------------------
207 self
.check_false_image('Malicious Upload 2', EVIL_JPG
)
209 def test_evil_png(self
):
210 # Test non-supported file with .png extension
211 # -------------------------------------------
212 self
.check_false_image('Malicious Upload 3', EVIL_PNG
)
214 def test_processing(self
):
215 data
= {'title': 'Big Blue'}
216 response
, request
= self
.do_post(data
, *REQUEST_CONTEXT
, do_follow
=True,
217 **self
.upload_data(BIG_BLUE
))
218 media
= self
.check_media(request
, data
, 1)
219 last_size
= 1024 ** 3 # Needs to be larger than bigblue.png
220 for key
, basename
in (('original', 'bigblue.png'),
221 ('medium', 'bigblue.medium.png'),
222 ('thumb', 'bigblue.thumbnail.png')):
223 # Does the processed image have a good filename?
224 filename
= resource_filename(
226 os
.path
.join('test_user_dev/media/public',
227 *media
['media_files'].get(key
, [])))
228 assert_true(filename
.endswith('_' + basename
))
229 # Is it smaller than the last processed image we looked at?
230 size
= os
.stat(filename
).st_size
231 assert_true(last_size
> size
)