OLD | NEW |
(Empty) | |
| 1 # Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 # Use of this source code is govered by a BSD-style |
| 3 # license that can be found in the LICENSE file or at |
| 4 # https://developers.google.com/open-source/licenses/bsd |
| 5 |
| 6 """Tests for monorail.tracker.issueattachment.""" |
| 7 |
| 8 import unittest |
| 9 |
| 10 from google.appengine.api import images |
| 11 from google.appengine.ext import testbed |
| 12 |
| 13 import mox |
| 14 import webapp2 |
| 15 |
| 16 from framework import permissions |
| 17 from framework import servlet |
| 18 from proto import tracker_pb2 |
| 19 from services import service_manager |
| 20 from testing import fake |
| 21 from testing import testing_helpers |
| 22 from tracker import issueattachment |
| 23 |
| 24 from third_party import cloudstorage |
| 25 |
| 26 def MockResize(_self, image_data, width=None, height=None): |
| 27 """Mock of images.resize() used to test AttachmentPage.""" |
| 28 _image_data = image_data |
| 29 _width = width |
| 30 _height = height |
| 31 return 'this is a thumbnail' |
| 32 |
| 33 class IssueattachmentTest(unittest.TestCase): |
| 34 |
| 35 def setUp(self): |
| 36 self.mox = mox.Mox() |
| 37 self.testbed = testbed.Testbed() |
| 38 self.testbed.activate() |
| 39 self.testbed.init_memcache_stub() |
| 40 self.testbed.init_app_identity_stub() |
| 41 self.testbed.init_urlfetch_stub() |
| 42 self.attachment_data = "" |
| 43 |
| 44 self._old_gcs_open = cloudstorage.open |
| 45 cloudstorage.open = fake.gcs_open |
| 46 |
| 47 services = service_manager.Services( |
| 48 project=fake.ProjectService(), |
| 49 config=fake.ConfigService(), |
| 50 issue=fake.IssueService(), |
| 51 user=fake.UserService()) |
| 52 self.project = services.project.TestAddProject('proj') |
| 53 self.servlet = issueattachment.AttachmentPage( |
| 54 'req', webapp2.Response(), services=services) |
| 55 self.issue = fake.MakeTestIssue( |
| 56 self.project.project_id, 1, 'summary', 'New', 111L) |
| 57 services.issue.TestAddIssue(self.issue) |
| 58 self.comment = tracker_pb2.IssueComment( |
| 59 id=123, issue_id=self.issue.issue_id, |
| 60 project_id=self.project.project_id, user_id=111L, |
| 61 content='this is a comment') |
| 62 services.issue.TestAddComment(self.comment, self.issue.local_id) |
| 63 self.attachment = tracker_pb2.Attachment( |
| 64 attachment_id=54321, filename='hello.txt', filesize=23432, |
| 65 mimetype='text/plain', gcs_object_id='/pid/attachments/hello.txt') |
| 66 services.issue.TestAddAttachment( |
| 67 self.attachment, self.comment.id, self.issue.issue_id) |
| 68 |
| 69 images.resize = MockResize |
| 70 |
| 71 def tearDown(self): |
| 72 cloudstorage.open = self._old_gcs_open |
| 73 |
| 74 def testGatherPageData_NotFound(self): |
| 75 aid = 12345 |
| 76 # But, no such attachment is in the database. |
| 77 _request, mr = testing_helpers.GetRequestObjects( |
| 78 project=self.project, |
| 79 path='/p/proj/issues/attachment?aid=%s' % aid, |
| 80 perms=permissions.EMPTY_PERMISSIONSET) |
| 81 try: |
| 82 self.servlet.GatherPageData(mr) |
| 83 self.fail() |
| 84 except webapp2.HTTPException as e: |
| 85 self.assertEquals(404, e.code) |
| 86 |
| 87 # TODO(jrobbins): test cases for missing comment and missing issue. |
| 88 |
| 89 def testGatherPageData_PermissionDenied(self): |
| 90 aid = self.attachment.attachment_id |
| 91 _request, mr = testing_helpers.GetRequestObjects( |
| 92 project=self.project, |
| 93 path='/p/proj/issues/attachment?aid=%s' % aid, |
| 94 perms=permissions.EMPTY_PERMISSIONSET) # not even VIEW |
| 95 self.assertRaises( |
| 96 permissions.PermissionException, |
| 97 self.servlet.GatherPageData, mr) |
| 98 |
| 99 _request, mr = testing_helpers.GetRequestObjects( |
| 100 project=self.project, |
| 101 path='/p/proj/issues/attachment?aid=%s' % aid, |
| 102 perms=permissions.READ_ONLY_PERMISSIONSET) # includes VIEW |
| 103 |
| 104 # issue is now deleted |
| 105 self.issue.deleted = True |
| 106 self.assertRaises( |
| 107 permissions.PermissionException, |
| 108 self.servlet.GatherPageData, mr) |
| 109 self.issue.deleted = False |
| 110 |
| 111 # issue is now restricted |
| 112 self.issue.labels.extend(['Restrict-View-PermYouLack']) |
| 113 self.assertRaises( |
| 114 permissions.PermissionException, |
| 115 self.servlet.GatherPageData, mr) |
| 116 |
| 117 def testGatherPageData_Download(self): |
| 118 aid = self.attachment.attachment_id |
| 119 self.mox.StubOutWithMock(self.servlet, 'redirect') |
| 120 _request, mr = testing_helpers.GetRequestObjects( |
| 121 project=self.project, |
| 122 path='/p/proj/issues/attachment?aid=%s' % aid, |
| 123 perms=permissions.READ_ONLY_PERMISSIONSET) # includes VIEW |
| 124 self.servlet.redirect(mox.StrContains(self.attachment.filename), abort=True) |
| 125 self.mox.ReplayAll() |
| 126 self.servlet.GatherPageData(mr) |
| 127 self.mox.VerifyAll() |
| 128 |
| 129 def testGatherPageData_DownloadBadFilename(self): |
| 130 aid = self.attachment.attachment_id |
| 131 self.attachment.filename = '<script>alert("xsrf")</script>.txt'; |
| 132 self.mox.StubOutWithMock(self.servlet, 'redirect') |
| 133 _request, mr = testing_helpers.GetRequestObjects( |
| 134 project=self.project, |
| 135 path='/p/proj/issues/attachment?aid=%s' % aid, |
| 136 perms=permissions.READ_ONLY_PERMISSIONSET) # includes VIEW |
| 137 self.servlet.redirect(mox.And( |
| 138 mox.Not(mox.StrContains(self.attachment.filename)), |
| 139 mox.StrContains('attachment-%d.dat' % aid)), abort=True) |
| 140 self.mox.ReplayAll() |
| 141 self.servlet.GatherPageData(mr) |
| 142 self.mox.VerifyAll() |
| 143 |
| 144 |
| 145 if __name__ == '__main__': |
| 146 unittest.main() |
OLD | NEW |