1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
import requests
from PySide2 import QtTest
from .gui_base_test import GuiBaseTest
class TestWebsite(GuiBaseTest):
# Shared test methods
def view_website(self, tab):
"""Test that we can download the share"""
url = f"http://127.0.0.1:{tab.app.port}/"
if tab.settings.get("general", "public"):
r = requests.get(url)
else:
r = requests.get(
url,
auth=requests.auth.HTTPBasicAuth(
"onionshare", tab.get_mode().server_status.web.password
),
)
QtTest.QTest.qWait(500, self.gui.qtapp)
self.assertTrue("This is a test website hosted by OnionShare" in r.text)
def check_csp_header(self, tab):
"""Test that the CSP header is present when enabled or vice versa"""
url = f"http://127.0.0.1:{tab.app.port}/"
if tab.settings.get("general", "public"):
r = requests.get(url)
else:
r = requests.get(
url,
auth=requests.auth.HTTPBasicAuth(
"onionshare", tab.get_mode().server_status.web.password
),
)
QtTest.QTest.qWait(500, self.gui.qtapp)
if tab.settings.get("website", "disable_csp"):
self.assertFalse("Content-Security-Policy" in r.headers)
else:
self.assertTrue("Content-Security-Policy" in r.headers)
def run_all_website_mode_setup_tests(self, tab):
"""Tests in website mode prior to starting a share"""
tab.get_mode().server_status.file_selection.file_list.add_file(
self.tmpfile_index_html
)
for filename in self.tmpfiles:
tab.get_mode().server_status.file_selection.file_list.add_file(filename)
self.file_selection_widget_has_files(tab, 11)
self.history_is_not_visible(tab)
self.click_toggle_history(tab)
self.history_is_visible(tab)
def run_all_website_mode_started_tests(self, tab, startup_time=500):
"""Tests in website mode after starting a share"""
self.server_working_on_start_button_pressed(tab)
self.server_status_indicator_says_starting(tab)
self.add_remove_buttons_hidden(tab)
self.server_is_started(tab, startup_time)
self.web_server_is_running(tab)
self.have_a_password(tab)
self.url_description_shown(tab)
self.have_copy_url_button(tab)
self.have_show_qr_code_button(tab)
self.server_status_indicator_says_started(tab)
def run_all_website_mode_download_tests(self, tab):
"""Tests in website mode after viewing the site"""
self.run_all_website_mode_setup_tests(tab)
self.run_all_website_mode_started_tests(tab, startup_time=500)
self.view_website(tab)
self.check_csp_header(tab)
self.history_widgets_present(tab)
self.server_is_stopped(tab)
self.web_server_is_stopped(tab)
self.server_status_indicator_says_closed(tab)
self.add_button_visible(tab)
# Tests
def test_website(self):
"""
Test website mode
"""
tab = self.new_website_tab()
self.run_all_website_mode_download_tests(tab)
self.close_all_tabs()
def test_csp_enabled(self):
"""
Test disabling CSP
"""
tab = self.new_website_tab()
tab.get_mode().disable_csp_checkbox.click()
self.run_all_website_mode_download_tests(tab)
self.close_all_tabs()
def test_405_page_returned_for_invalid_methods(self):
"""
Our custom 405 page should return for invalid methods
"""
tab = self.new_website_tab()
tab.get_mode().mode_settings_widget.public_checkbox.click()
self.run_all_common_setup_tests()
self.run_all_website_mode_setup_tests(tab)
self.run_all_website_mode_started_tests(tab)
url = f"http://127.0.0.1:{tab.app.port}/"
self.hit_405(url, expected_resp="OnionShare: 405 Method Not Allowed", data = {'foo':'bar'}, methods = ["put", "post", "delete", "options"])
self.close_all_tabs()
|
