diff options
author | Miguel Jacq <mig@mig5.net> | 2021-08-27 15:52:29 +1000 |
---|---|---|
committer | Miguel Jacq <mig@mig5.net> | 2021-08-27 15:52:29 +1000 |
commit | 0bf8f53d30ded17dde0b3ebf66d98ea7d8e5313d (patch) | |
tree | f90e773c3951188248ac3085de31db71f29451cf /cli/tests | |
parent | f63e0c37d10dda759554321e7bf36a64477daaaa (diff) | |
download | onionshare-0bf8f53d30ded17dde0b3ebf66d98ea7d8e5313d.tar.gz onionshare-0bf8f53d30ded17dde0b3ebf66d98ea7d8e5313d.zip |
ClientAuthV3 fixes
* Remove Client Auth as an explicit option (it's on by default).
* Update wording about Public mode
* Fix tuple error when raising TorTooOldStealth exception in CLI
* Move Private Key button next to URL button in GUI
* Replace visual references of ClientAuth to Private Key
* Remove HTTPAuth Flask dependency and remove a lot of code to do with password generation,
401 auth triggers/invalid password rate limit detection etc
* Test updates
* Remove obsolete locale keys
Diffstat (limited to 'cli/tests')
-rw-r--r-- | cli/tests/test_cli_web.py | 90 |
1 files changed, 13 insertions, 77 deletions
diff --git a/cli/tests/test_cli_web.py b/cli/tests/test_cli_web.py index f8c96f9c..f2b1af62 100644 --- a/cli/tests/test_cli_web.py +++ b/cli/tests/test_cli_web.py @@ -48,7 +48,6 @@ def web_obj(temp_dir, common_obj, mode, num_files=0): common_obj.settings = Settings(common_obj) mode_settings = ModeSettings(common_obj) web = Web(common_obj, False, mode_settings, mode) - web.generate_password() web.running = True web.cleanup_filenames == [] @@ -75,23 +74,13 @@ class TestWeb: web = web_obj(temp_dir, common_obj, "share", 3) assert web.mode == "share" with web.app.test_client() as c: - # Load / without auth + # Load / res = c.get("/") res.get_data() - assert res.status_code == 401 - - # Load / with invalid auth - res = c.get("/", headers=self._make_auth_headers("invalid")) - res.get_data() - assert res.status_code == 401 - - # Load / with valid auth - res = c.get("/", headers=self._make_auth_headers(web.password)) - res.get_data() assert res.status_code == 200 # Download - res = c.get("/download", headers=self._make_auth_headers(web.password)) + res = c.get("/download") res.get_data() assert res.status_code == 200 assert ( @@ -107,7 +96,7 @@ class TestWeb: with web.app.test_client() as c: # Download the first time - res = c.get("/download", headers=self._make_auth_headers(web.password)) + res = c.get("/download") res.get_data() assert res.status_code == 200 assert ( @@ -127,7 +116,7 @@ class TestWeb: with web.app.test_client() as c: # Download the first time - res = c.get("/download", headers=self._make_auth_headers(web.password)) + res = c.get("/download") res.get_data() assert res.status_code == 200 assert ( @@ -141,18 +130,8 @@ class TestWeb: assert web.mode == "receive" with web.app.test_client() as c: - # Load / without auth - res = c.get("/") - res.get_data() - assert res.status_code == 401 - - # Load / with invalid auth - res = c.get("/", headers=self._make_auth_headers("invalid")) - res.get_data() - assert res.status_code == 401 - # Load / with valid auth - res = c.get("/", headers=self._make_auth_headers(web.password)) + res = c.get("/",) res.get_data() assert res.status_code == 200 @@ -171,7 +150,7 @@ class TestWeb: ) with web.app.test_client() as c: - res = c.get("/", headers=self._make_auth_headers(web.password)) + res = c.get("/") res.get_data() assert res.status_code == 200 @@ -180,7 +159,6 @@ class TestWeb: buffered=True, content_type="multipart/form-data", data={"file[]": (BytesIO(b"THIS IS A TEST FILE"), "new_york.jpg")}, - headers=self._make_auth_headers(web.password), ) res.get_data() assert res.status_code == 200 @@ -202,7 +180,6 @@ class TestWeb: buffered=True, content_type="multipart/form-data", data={"text": "you know just sending an anonymous message"}, - headers=self._make_auth_headers(web.password), ) content = res.get_data() assert res.status_code == 200 @@ -237,7 +214,6 @@ class TestWeb: "file[]": (BytesIO(b"THIS IS A TEST FILE"), "new_york.jpg"), "text": "you know just sending an anonymous message", }, - headers=self._make_auth_headers(web.password), ) content = res.get_data() assert res.status_code == 200 @@ -270,7 +246,6 @@ class TestWeb: buffered=True, content_type="multipart/form-data", data={"file[]": (BytesIO(b"THIS IS A TEST FILE"), "new_york.jpg")}, - headers=self._make_auth_headers(web.password), ) content = res.get_data() assert res.status_code == 200 @@ -303,7 +278,6 @@ class TestWeb: buffered=True, content_type="multipart/form-data", data={}, - headers=self._make_auth_headers(web.password), ) content = res.get_data() assert res.status_code == 200 @@ -326,26 +300,6 @@ class TestWeb: res.get_data() assert res.status_code == 200 - def test_public_mode_off(self, temp_dir, common_obj): - web = web_obj(temp_dir, common_obj, "receive") - web.settings.set("general", "public", False) - - with web.app.test_client() as c: - # Load / without auth - res = c.get("/") - res.get_data() - assert res.status_code == 401 - - # But static resources should work without auth - res = c.get(f"{web.static_url_path}/css/style.css") - res.get_data() - assert res.status_code == 200 - - # Load / with valid auth - res = c.get("/", headers=self._make_auth_headers(web.password)) - res.get_data() - assert res.status_code == 200 - def test_cleanup(self, common_obj, temp_dir_1024, temp_file_1024): web = web_obj(temp_dir_1024, common_obj, "share", 3) @@ -356,12 +310,6 @@ class TestWeb: assert os.path.exists(temp_dir_1024) is False assert web.cleanup_filenames == [] - def _make_auth_headers(self, password): - auth = base64.b64encode(b"onionshare:" + password.encode()).decode() - h = Headers() - h.add("Authorization", "Basic " + auth) - return h - class TestZipWriterDefault: @pytest.mark.parametrize( @@ -450,8 +398,7 @@ def live_server(web): proc.start() url = "http://127.0.0.1:{}".format(port) - auth = base64.b64encode(b"onionshare:" + web.password.encode()).decode() - req = Request(url, headers={"Authorization": "Basic {}".format(auth)}) + req = Request(url) attempts = 20 while True: @@ -509,7 +456,7 @@ class TestRangeRequests: url = "/download" with web.app.test_client() as client: - resp = client.get(url, headers=self._make_auth_headers(web.password)) + resp = client.get(url) assert resp.headers["ETag"].startswith('"sha256:') assert resp.headers["Accept-Ranges"] == "bytes" assert resp.headers.get("Last-Modified") is not None @@ -524,7 +471,7 @@ class TestRangeRequests: contents = f.read() with web.app.test_client() as client: - resp = client.get(url, headers=self._make_auth_headers(web.password)) + resp = client.get(url) assert resp.status_code == 200 assert resp.data == contents @@ -536,7 +483,7 @@ class TestRangeRequests: contents = f.read() with web.app.test_client() as client: - headers = self._make_auth_headers(web.password) + headers = Headers() headers.extend({"Range": "bytes=0-10"}) resp = client.get(url, headers=headers) assert resp.status_code == 206 @@ -572,7 +519,7 @@ class TestRangeRequests: contents = f.read() with web.app.test_client() as client: - headers = self._make_auth_headers(web.password) + headers = Headers() resp = client.get(url, headers=headers) assert resp.status_code == 200 @@ -587,7 +534,7 @@ class TestRangeRequests: url = "/download" with web.app.test_client() as client: - headers = self._make_auth_headers(web.password) + headers = Headers() resp = client.get(url, headers=headers) assert resp.status_code == 200 last_mod = resp.headers["Last-Modified"] @@ -602,7 +549,7 @@ class TestRangeRequests: url = "/download" with web.app.test_client() as client: - headers = self._make_auth_headers(web.password) + headers = Headers() resp = client.get(url, headers=headers) assert resp.status_code == 200 @@ -621,11 +568,6 @@ class TestRangeRequests: resp = client.get(url, headers=headers) assert resp.status_code == 206 - def _make_auth_headers(self, password): - auth = base64.b64encode(b"onionshare:" + password.encode()).decode() - h = Headers() - h.add("Authorization", "Basic " + auth) - return h @pytest.mark.skipif(sys.platform != "Linux", reason="requires Linux") @check_unsupported("curl", ["--version"]) @@ -638,12 +580,9 @@ class TestRangeRequests: with live_server(web) as url: # Debugging help from `man curl`, on error 33 # 33 HTTP range error. The range "command" didn't work. - auth_header = self._make_auth_headers(web.password) subprocess.check_call( [ "curl", - "-H", - str(auth_header).strip(), "--output", str(download), "--continue-at", @@ -663,12 +602,9 @@ class TestRangeRequests: download.write("x" * 10) with live_server(web) as url: - auth_header = self._make_auth_headers(web.password) subprocess.check_call( [ "wget", - "--header", - str(auth_header).strip(), "--continue", "-O", str(download), |