1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 from nose
.tools
import assert_equal
, assert_true
, assert_false
22 from pkg_resources
import resource_filename
24 from mediagoblin
.tests
.tools
import get_test_app
, \
26 from mediagoblin
import mg_globals
27 from mediagoblin
.tools
import template
30 def resource(filename
):
31 return resource_filename('mediagoblin.tests', 'test_submission/' + filename
)
34 GOOD_JPG
= resource('good.jpg')
35 GOOD_PNG
= resource('good.png')
36 EVIL_FILE
= resource('evil')
37 EVIL_JPG
= resource('evil.jpg')
38 EVIL_PNG
= resource('evil.png')
39 BIG_BLUE
= resource('bigblue.png')
41 GOOD_TAG_STRING
= 'yin,yang'
42 BAD_TAG_STRING
= 'rage,' + 'f' * 26 + 'u' * 26
44 FORM_CONTEXT
= ['mediagoblin/submit/start.html', 'submit_form']
45 REQUEST_CONTEXT
= ['mediagoblin/user_pages/user.html', 'request']
50 self
.test_app
= get_test_app()
52 # TODO: Possibly abstract into a decorator like:
53 # @as_authenticated_user('chris')
54 test_user
= fixture_add_user()
56 self
.test_user
= test_user
67 self
.test_app
.get('/auth/logout/')
69 def do_post(self
, data
, *context_keys
, **kwargs
):
70 url
= kwargs
.pop('url', '/submit/')
71 do_follow
= kwargs
.pop('do_follow', False)
72 template
.clear_test_template_context()
73 response
= self
.test_app
.post(url
, data
, **kwargs
)
76 context_data
= template
.TEMPLATE_TEST_CONTEXT
77 for key
in context_keys
:
78 context_data
= context_data
[key
]
79 return response
, context_data
81 def upload_data(self
, filename
):
82 return {'upload_files': [('file', filename
)]}
84 def check_comments(self
, request
, media
, count
):
85 comments
= request
.db
.MediaComment
.find({'media_entry': media
._id
})
86 assert_equal(count
, len(list(comments
)))
88 def test_missing_fields(self
):
91 response
, form
= self
.do_post({}, *FORM_CONTEXT
)
92 assert_equal(form
.file.errors
, [u
'You must provide a file.'])
96 response
, form
= self
.do_post({'title': 'test title'}, *FORM_CONTEXT
)
97 assert_equal(form
.file.errors
, [u
'You must provide a file.'])
99 def check_url(self
, response
, path
):
100 assert_equal(urlparse
.urlsplit(response
.location
)[2], path
)
102 def check_normal_upload(self
, title
, filename
):
103 response
, context
= self
.do_post({'title': title
}, do_follow
=True,
104 **self
.upload_data(filename
))
105 self
.check_url(response
, '/u/{0}/'.format(self
.test_user
.username
))
106 assert_true('mediagoblin/user_pages/user.html' in context
)
107 # Make sure the media view is at least reachable, logged in...
108 url
= '/u/{0}/m/{1}/'.format(self
.test_user
.username
,
109 title
.lower().replace(' ', '-'))
110 self
.test_app
.get(url
)
111 # ... and logged out too.
113 self
.test_app
.get(url
)
115 def test_normal_jpg(self
):
116 self
.check_normal_upload('Normal upload 1', GOOD_JPG
)
118 def test_normal_png(self
):
119 self
.check_normal_upload('Normal upload 2', GOOD_PNG
)
121 def check_media(self
, request
, find_data
, count
=None):
122 media
= request
.db
.MediaEntry
.find(find_data
)
123 if count
is not None:
124 assert_equal(media
.count(), count
)
132 response
, request
= self
.do_post({'title': 'Balanced Goblin',
133 'tags': GOOD_TAG_STRING
},
134 *REQUEST_CONTEXT
, do_follow
=True,
135 **self
.upload_data(GOOD_JPG
))
136 media
= self
.check_media(request
, {'title': 'Balanced Goblin'}, 1)
137 assert_equal(media
.tags
,
138 [{'name': u
'yin', 'slug': u
'yin'},
139 {'name': u
'yang', 'slug': u
'yang'}])
141 # Test tags that are too long
143 response
, form
= self
.do_post({'title': 'Balanced Goblin',
144 'tags': BAD_TAG_STRING
},
146 **self
.upload_data(GOOD_JPG
))
147 assert_equal(form
.tags
.errors
, [
148 u
'Tags must be shorter than 50 characters. ' \
149 'Tags that are too long: ' \
150 'ffffffffffffffffffffffffffuuuuuuuuuuuuuuuuuuuuuuuuuu'])
152 def test_delete(self
):
153 response
, request
= self
.do_post({'title': 'Balanced Goblin'},
154 *REQUEST_CONTEXT
, do_follow
=True,
155 **self
.upload_data(GOOD_JPG
))
156 media
= self
.check_media(request
, {'title': 'Balanced Goblin'}, 1)
158 # Add a comment, so we can test for its deletion later.
159 self
.check_comments(request
, media
, 0)
160 comment_url
= request
.urlgen(
161 'mediagoblin.user_pages.media_post_comment',
162 user
=self
.test_user
.username
, media
=media
._id
)
163 response
= self
.do_post({'comment_content': 'i love this test'},
164 url
=comment_url
, do_follow
=True)[0]
165 self
.check_comments(request
, media
, 1)
167 # Do not confirm deletion
168 # ---------------------------------------------------
169 delete_url
= request
.urlgen(
170 'mediagoblin.user_pages.media_confirm_delete',
171 user
=self
.test_user
.username
, media
=media
._id
)
172 # Empty data means don't confirm
173 response
= self
.do_post({}, do_follow
=True, url
=delete_url
)[0]
174 media
= self
.check_media(request
, {'title': 'Balanced Goblin'}, 1)
177 # ---------------------------------------------------
178 response
, request
= self
.do_post({'confirm': 'y'}, *REQUEST_CONTEXT
,
179 do_follow
=True, url
=delete_url
)
180 self
.check_media(request
, {'_id': media
._id
}, 0)
181 self
.check_comments(request
, media
, 0)
183 def test_evil_file(self
):
184 # Test non-suppoerted file with non-supported extension
185 # -----------------------------------------------------
186 response
, form
= self
.do_post({'title': 'Malicious Upload 1'},
188 **self
.upload_data(EVIL_FILE
))
189 assert_equal(len(form
.file.errors
), 1)
190 assert_true(re
.match(
191 r
'^Could not extract any file extension from ".*?"$',
192 str(form
.file.errors
[0])))
194 def test_sniffing(self
):
196 Test sniffing mechanism to assert that regular uploads work as intended
198 template
.clear_test_template_context()
199 response
= self
.test_app
.post(
201 'title': 'UNIQUE_TITLE_PLS_DONT_CREATE_OTHER_MEDIA_WITH_THIS_TITLE'
207 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/user_pages/user.html']
209 request
= context
['request']
211 media
= request
.db
.MediaEntry
.find_one({
212 u
'title': u
'UNIQUE_TITLE_PLS_DONT_CREATE_OTHER_MEDIA_WITH_THIS_TITLE'})
214 assert media
.media_type
== 'mediagoblin.media_types.image'
216 def check_false_image(self
, title
, filename
):
217 # NOTE: The following 2 tests will ultimately fail, but they
218 # *will* pass the initial form submission step. Instead,
219 # they'll be caught as failures during the processing step.
220 response
, context
= self
.do_post({'title': title
}, do_follow
=True,
221 **self
.upload_data(filename
))
222 self
.check_url(response
, '/u/{0}/'.format(self
.test_user
.username
))
223 entry
= mg_globals
.database
.MediaEntry
.find_one({'title': title
})
224 assert_equal(entry
.state
, 'failed')
225 assert_equal(entry
.fail_error
, u
'mediagoblin.processing:BadMediaFail')
227 def test_evil_jpg(self
):
228 # Test non-supported file with .jpg extension
229 # -------------------------------------------
230 self
.check_false_image('Malicious Upload 2', EVIL_JPG
)
232 def test_evil_png(self
):
233 # Test non-supported file with .png extension
234 # -------------------------------------------
235 self
.check_false_image('Malicious Upload 3', EVIL_PNG
)
237 def test_processing(self
):
238 data
= {'title': 'Big Blue'}
239 response
, request
= self
.do_post(data
, *REQUEST_CONTEXT
, do_follow
=True,
240 **self
.upload_data(BIG_BLUE
))
241 media
= self
.check_media(request
, data
, 1)
242 last_size
= 1024 ** 3 # Needs to be larger than bigblue.png
243 for key
, basename
in (('original', 'bigblue.png'),
244 ('medium', 'bigblue.medium.png'),
245 ('thumb', 'bigblue.thumbnail.png')):
246 # Does the processed image have a good filename?
247 filename
= resource_filename(
249 os
.path
.join('test_user_dev/media/public',
250 *media
['media_files'].get(key
, [])))
251 assert_true(filename
.endswith('_' + basename
))
252 # Is it smaller than the last processed image we looked at?
253 size
= os
.stat(filename
).st_size
254 assert_true(last_size
> size
)