Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/tests/test_upload.py

2462 lines
106 KiB
Python
Raw Normal View History

python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
import datetime
import io
import os
import re
import shutil
import time
import urllib
from io import StringIO
from unittest import mock
from unittest.mock import patch
import botocore.exceptions
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-08-07 01:09:47 +02:00
import orjson
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
from django.conf import settings
typing: Use assertions for responses when appropriate. This is part of #18777.
2021-08-10 15:17:44 +02:00
from django.http.response import StreamingHttpResponse
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default.
2021-11-02 15:42:58 +01:00
from django.test import override_settings
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from django.utils.timezone import now as timezone_now
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-25 02:29:22 +02:00
from django_sendfile.utils import _get_sendfile
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from PIL import Image
upload: Remove `mimetype` url parameter in `get_file_info`. This `mimetype` parameter was introduced in c4fa29a and its last usage removed in 5bab2a3. This parameter was undocumented in the OpenAPI endpoint documentation for `/user_uploads`, therefore there shouldn't be client implementations that rely on it's presence. Removes the `request.GET` call for the `mimetype` parameter and replaces it by getting the `content_type` value from the file, which is an instance of Django's `UploadedFile` class and stores that file metadata as a property. If that returns `None` or an empty string, then we try to guess the `content_type` from the filename, which is the same as the previous behaviour when `mimetype` was `None` (which we assume has been true since it's usage was removed; see above). If unable to guess the `content_type` from the filename, we now fallback to "application/octet-stream", instead of an empty string or `None` value. Also, removes the specific test written for having `mimetype` as a url parameter in the request, and replaces it with a test that covers when we try to guess `content_type` from the filename.
2022-07-27 22:54:31 +02:00
from urllib3 import encode_multipart_formdata
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
import zerver.lib.upload
actions: Split out zerver.actions.create_realm. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:58:15 +02:00
from zerver.actions.create_realm import do_create_realm
actions: Create a separate message_delete.py file. This is preparatory commit for #18941. Importing `do_delete_message` from `message_edit.py` was causing a circular import error. In order to avoid that, we create a separate message_delete.py file which has all the functions related to deleting messages. The tests for deleting messages are present in `zerver/tests/test_message_edit.py`. Fixes a part of #18941
2022-07-17 13:00:21 +02:00
from zerver.actions.message_delete import do_delete_messages
actions: Split out zerver.actions.message_send. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:50:10 +02:00
from zerver.actions.message_send import internal_send_private_message
actions: Split out zerver.actions.realm_icon. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:39:22 +02:00
from zerver.actions.realm_icon import do_change_icon_source
actions: Split out zerver.actions.realm_logo. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:37:16 +02:00
from zerver.actions.realm_logo import do_change_logo_source
actions: Split out zerver.actions.realm_settings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:57:15 +02:00
from zerver.actions.realm_settings import do_change_realm_plan_type, do_set_realm_property
actions: Split out zerver.actions.uploads. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:43:26 +02:00
from zerver.actions.uploads import do_delete_old_unclaimed_attachments
actions: Split out zerver.actions.user_settings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:49:26 +02:00
from zerver.actions.user_settings import do_delete_avatar_image
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.avatar import avatar_url, get_avatar_field
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
from zerver.lib.avatar_hash import user_avatar_path
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.cache import cache_get, get_realm_used_upload_space_cache_key
create_user: Initialize settings according to realm-level defaults. This commit modifies the copy_user_settings code such that instead of source user profile, we can have two types of sources - a user profile and RealmUserDefault table of realm and then set the settings from RealmUserDefault only is there is no user profile as a source. We also rename copy_user_settings to copy_default_settings for clarity.
2021-06-29 18:08:42 +02:00
from zerver.lib.create_user import copy_default_settings
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
from zerver.lib.initial_password import initial_password
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default.
2021-11-02 15:42:58 +01:00
from zerver.lib.rate_limiter import add_ratelimit_rule, remove_ratelimit_rule
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
from zerver.lib.realm_icon import realm_icon_url
realm_logo: Remove redundant `realm_logo_url` function. This function is nothing but a redundant layer of call to `get_realm_logo_url`.
2019-08-19 19:46:45 +02:00
from zerver.lib.realm_logo import get_realm_logo_url
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
from zerver.lib.retention import clean_archived_data
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.test_classes import UploadSerializeMixin, ZulipTestCase
test-backend: Raise zerver/views/test_upload.py test coverage to 100%.
2017-03-08 19:47:42 +01:00
from zerver.lib.test_helpers import (
avatar_disk_path,
refactor: Add a helper function to create s3 buckets. This refactor makes upgrading boto to boto3 easier. Based on https://github.com/zulip/zulip/pull/10370/commits/43d2f6286c8d479eafa4b086348e1b17996f8c68
2018-12-07 18:15:51 +01:00
create_s3_buckets,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
get_test_image_file,
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
queries_captured,
tests: Use read_test_image_file. Fixes a ResourceWarning from the unclosed file at test_upload.py:1954. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 23:24:16 +01:00
read_test_image_file,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
use_s3_backend,
test-backend: Raise zerver/views/test_upload.py test coverage to 100%.
2017-03-08 19:47:42 +01:00
)
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.upload import (
DEFAULT_AVATAR_SIZE,
DEFAULT_EMOJI_SIZE,
MEDIUM_AVATAR_SIZE,
BadImageError,
LocalUploadBackend,
S3UploadBackend,
ZulipUploadBackend,
delete_export_tarball,
delete_message_image,
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
get_local_file_path,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
resize_avatar,
resize_emoji,
sanitize_name,
upload_emoji_image,
upload_export_tarball,
upload_message_file,
upload: Refactor and add tests for ensure_avatar_image in upload.py. `ensure_basic_avatar_image` and `ensure_medium_avatar_image` are essentially the same thing, except a size parameter. So, refactor them into a single function. This doesn't introduce any functional changes.
2021-03-17 17:54:23 +01:00
write_local_file,
Use sender realm in user_profiles_from_unvalidated_emails. This change is mostly based on a similar commit from hackerkid in a feature branch. It borrows both code and ideas. Some of it's my own stuff, as I was working on a newer branch. We now call get_user_including_cross_realm_email() inside of user_profiles_from_unvalidated_emails(), instead of using get_user_profile_by_email. This requires a few of our callers to pass down sender into us. One consequence of this change is that we change the symptoms for trying to send to emails outside of your realm. In some cases, we simply raise an error that an email is invalid to us instead of getting into the deeper validate_recipient_user_profiles check.
2017-08-18 12:26:43 +02:00
)
users: Get all API keys via wrapper method. Now reading API keys from a user is done with the get_api_key wrapper method, rather than directly fetching it from the user object. Also, every place where an action should be done for each API key is now using get_all_api_keys. This method returns for the moment a single-item list, containing the specified user's API key. This commit is the first step towards allowing users have multiple API keys.
2018-08-01 10:53:40 +02:00
from zerver.lib.users import get_api_key
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.models import (
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
ArchivedAttachment,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
Attachment,
Message,
Realm,
RealmDomain,
RealmEmoji,
UserProfile,
get_realm,
get_system_bot,
get_user_by_delivery_email,
validate_attachment_request,
)
test-backend: Raise zerver/views/test_upload.py test coverage to 100%.
2017-03-08 19:47:42 +01:00
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def destroy_uploads() -> None:
typing: Improve typing with assertions. This fixes some mypy errors discovered with django-stubs.
2021-08-18 17:54:22 +02:00
assert settings.LOCAL_UPLOADS_DIR is not None
Add SetAvatarTest to test_upload.py. Test multiple file uploads for /json/set_avatar. Test no file upload for /json/set_avatar. Add test images for SetAvatarTest.
2016-04-17 23:51:49 +02:00
if os.path.exists(settings.LOCAL_UPLOADS_DIR):
shutil.rmtree(settings.LOCAL_UPLOADS_DIR)
Add API route for uploading files.
2016-06-25 11:05:59 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
class FileUploadTest(UploadSerializeMixin, ZulipTestCase):
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_rest_endpoint(self) -> None:
Add API route for uploading files.
2016-06-25 11:05:59 +02:00
"""
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
Tests the /api/v1/user_uploads API endpoint. Here a single file is uploaded
Add API route for uploading files.
2016-06-25 11:05:59 +02:00
and downloaded using a username and api_key
"""
fp = StringIO("zulip!")
fp.name = "zulip.txt"
# Upload file via API
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.api_post(self.example_user("hamlet"), "/api/v1/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
self.assertIn("uri", response_dict)
uri = response_dict["uri"]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
base = "/user_uploads/"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(base, uri[: len(base)])
Add API route for uploading files.
2016-06-25 11:05:59 +02:00
Add support for serving files using API authentication. Also remove 'get_uploaded_file' view function and the corresponding old '/user_upload/' url pattern.
2016-06-27 16:41:58 +02:00
# Download file via API
tests: Add wrapper for client.logout in ZulipTestCase. In this commit we add a logout wrapper so as to enable developers to just do self.logout instead of doing a post request at API endpoint for logout. This is achieved by adding a wrapper function for the Django's client.logout contained in TestCase. We add this by extending ZulipTestCase to have a logout function.
2017-04-18 03:23:32 +02:00
self.logout()
test performance: Pass in users to api_* helpers. This reduces query counts in some cases, since we no longer need to look up the user again. In particular, it reduces some noise when we count queries for O(N)-related tests. The query count is usually reduced by 2 per API call. We no longer need to look up Realm and UserProfile. In most cases we are saving these lookups for the whole tests, since we usually already have the `user` objects for other reasons. In a few places we are simply moving where that query happens within the test. In some places I shorten names like `test_user` or `user_profile` to just be `user`.
2020-03-10 11:48:26 +01:00
response = self.api_get(self.example_user("hamlet"), uri)
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
self.assertEqual(response.status_code, 200)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
Add support for serving files using API authentication. Also remove 'get_uploaded_file' view function and the corresponding old '/user_upload/' url pattern.
2016-06-27 16:41:58 +02:00
text: Fix some typos (most of them found and fixed by codespell). Signed-off-by: Stefan Weil <sw@weilnetz.de>
2020-03-28 01:25:56 +01:00
# Files uploaded through the API should be accessible via the web client
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(self.client_get(uri), b"zulip!")
Add API route for uploading files.
2016-06-25 11:05:59 +02:00
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
def test_mobile_api_endpoint(self) -> None:
"""
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
Tests the /api/v1/user_uploads API endpoint with ?api_key
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
auth. Here a single file is uploaded and downloaded using a
username and api_key
"""
fp = StringIO("zulip!")
fp.name = "zulip.txt"
# Upload file via API
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.api_post(self.example_user("hamlet"), "/api/v1/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
self.assertIn("uri", response_dict)
uri = response_dict["uri"]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
base = "/user_uploads/"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(base, uri[: len(base)])
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
self.logout()
# Try to download file via API, passing URL and invalid API key
user_profile = self.example_user("hamlet")
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get(uri, {"api_key": "invalid"})
decorator: Set an error code for invalid API key errors. This should make it easily for mobile/terminal apps to handle situations like the user's API key changing. Also fix the fact we were incorrectly using a 400, not 401, status code for this case.
2019-01-05 20:18:18 +01:00
self.assertEqual(response.status_code, 401)
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get(uri, {"api_key": get_api_key(user_profile)})
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
self.assertEqual(response.status_code, 200)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_too_big_failure(self) -> None:
tests: Add test_file_too_big_failure().
2016-09-16 16:41:04 +02:00
"""
Attempting to upload big files should fail.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
tests: Add test_file_too_big_failure().
2016-09-16 16:41:04 +02:00
fp = StringIO("bah!")
fp.name = "a.txt"
# Use MAX_FILE_UPLOAD_SIZE of 0, because the next increment
# would be 1MB.
with self.settings(MAX_FILE_UPLOAD_SIZE=0):
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"f1": fp})
self.assert_json_error(result, "Uploaded file is larger than the allowed limit of 0 MiB")
tests: Add test_file_too_big_failure().
2016-09-16 16:41:04 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_multiple_upload_failure(self) -> None:
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
"""
Attempting to upload two files should fail.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
fp = StringIO("bah!")
fp.name = "a.txt"
fp2 = StringIO("pshaw!")
fp2.name = "b.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"f1": fp, "f2": fp2})
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
self.assert_json_error(result, "You may only upload one file at a time")
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_no_file_upload_failure(self) -> None:
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
"""
Calling this endpoint with no files should fail.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
uploads: Remove legacy /json/upload_file endpoint. This migrates Zulip to use the equivalent API endpoint that has been present for a while.
2017-07-31 20:52:17 +02:00
result = self.client_post("/json/user_uploads")
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
self.assert_json_error(result, "You must specify a file to upload")
upload: Remove `mimetype` url parameter in `get_file_info`. This `mimetype` parameter was introduced in c4fa29a and its last usage removed in 5bab2a3. This parameter was undocumented in the OpenAPI endpoint documentation for `/user_uploads`, therefore there shouldn't be client implementations that rely on it's presence. Removes the `request.GET` call for the `mimetype` parameter and replaces it by getting the `content_type` value from the file, which is an instance of Django's `UploadedFile` class and stores that file metadata as a property. If that returns `None` or an empty string, then we try to guess the `content_type` from the filename, which is the same as the previous behaviour when `mimetype` was `None` (which we assume has been true since it's usage was removed; see above). If unable to guess the `content_type` from the filename, we now fallback to "application/octet-stream", instead of an empty string or `None` value. Also, removes the specific test written for having `mimetype` as a url parameter in the request, and replaces it with a test that covers when we try to guess `content_type` from the filename.
2022-07-27 22:54:31 +02:00
def test_guess_content_type_from_filename(self) -> None:
"""
Test coverage for files without content-type in the metadata;
in which case we try to guess the content-type from the filename.
"""
data, content_type = encode_multipart_formdata({"file": ("somefile", b"zulip!", None)})
result = self.api_post(
self.example_user("hamlet"), "/api/v1/user_uploads", data, content_type=content_type
)
self.assert_json_success(result)
data, content_type = encode_multipart_formdata({"file": ("somefile.txt", b"zulip!", None)})
result = self.api_post(
self.example_user("hamlet"), "/api/v1/user_uploads", data, content_type=content_type
)
self.assert_json_success(result)
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
# This test will go through the code path for uploading files onto LOCAL storage
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
# when Zulip is in DEVELOPMENT mode.
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_upload_authed(self) -> None:
Add a test for local file uploads.
2016-04-14 23:44:39 +02:00
"""
uploads: Remove legacy /json/upload_file endpoint. This migrates Zulip to use the equivalent API endpoint that has been present for a while.
2017-07-31 20:52:17 +02:00
A call to /json/user_uploads should return a uri and actually create an
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
entry in the database. This entry will be marked unclaimed till a message
refers it.
Add a test for local file uploads.
2016-04-14 23:44:39 +02:00
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Add a test for local file uploads.
2016-04-14 23:44:39 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
self.assertIn("uri", response_dict)
uri = response_dict["uri"]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
base = "/user_uploads/"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(base, uri[: len(base)])
Add a test for local file uploads.
2016-04-14 23:44:39 +02:00
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
# In the future, local file requests will follow the same style as S3
docs: Fix many spelling mistakes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-08 00:13:33 +01:00
# requests; they will be first authenticated and redirected
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(self.client_get(uri), b"zulip!")
Add a test for local file uploads.
2016-04-14 23:44:39 +02:00
uploads: Add an endpoint which forces a download. This is most useful for images hosted in S3, which are otherwise always displayed in the browser.
2022-03-22 04:38:18 +01:00
# Check the download endpoint
download_uri = uri.replace("/user_uploads/", "/user_uploads/download/")
result = self.client_get(download_uri)
self.assert_streaming_content(result, b"zulip!")
self.assertIn("attachment;", result.headers["Content-Disposition"])
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
# check if DB has attachment marked as unclaimed
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
entry = Attachment.objects.get(file_name="zulip.txt")
tests: s/assertEquals/assertEqual/ due to deprecation. Fixes #2730.
2016-12-16 02:01:34 +01:00
self.assertEqual(entry.is_claimed(), False)
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
test_upload: Fix some URLs to uploaded files. Using http://localhost:9991 is incorrect - e.g. messages sent with file urls constructed trigger do_claim_attachments to be called with empty list in potential_path_ids. realm.host should be used in all these places, like in the other tests in the file.
2022-05-18 21:31:18 +02:00
hamlet = self.example_user("hamlet")
self.subscribe(hamlet, "Denmark")
body = f"First message ...[zulip.txt]({hamlet.realm.host}{uri})"
self.send_stream_message(hamlet, "Denmark", body, "test")
Add tests for upload title functionality.
2016-06-14 04:38:30 +02:00
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
# Now try the endpoint that's supposed to return a temporary URL for access
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
# to the file.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_get("/json" + uri)
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
data = self.assert_json_success(result)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
url_only_url = data["url"]
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
# Ensure this is different from the original uri:
self.assertNotEqual(url_only_url, uri)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assertIn("user_uploads/temporary/", url_only_url)
self.assertTrue(url_only_url.endswith("zulip.txt"))
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
# The generated URL has a token authorizing the requestor to access the file
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
# without being logged in.
self.logout()
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(self.client_get(url_only_url), b"zulip!")
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
# The original uri shouldn't work when logged out:
result = self.client_get(uri)
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default.
2021-11-02 15:42:58 +01:00
self.assertEqual(result.status_code, 403)
@override_settings(RATE_LIMITING=True)
def test_serve_file_unauthed(self) -> None:
self.login("hamlet")
fp = StringIO("zulip!")
fp.name = "zulip_web_public.txt"
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
uri = self.assert_json_success(result)["uri"]
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default.
2021-11-02 15:42:58 +01:00
add_ratelimit_rule(86400, 1000, domain="spectator_attachment_access_by_file")
Correctly hyphenate “non-”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-28 05:15:11 +02:00
# Deny file access for non-web-public stream
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default.
2021-11-02 15:42:58 +01:00
self.subscribe(self.example_user("hamlet"), "Denmark")
host = self.example_user("hamlet").realm.host
body = f"First message ...[zulip.txt](http://{host}" + uri + ")"
self.send_stream_message(self.example_user("hamlet"), "Denmark", body, "test")
self.logout()
response = self.client_get(uri)
self.assertEqual(response.status_code, 403)
Correctly hyphenate “web-public”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-28 05:05:04 +02:00
# Allow file access for web-public stream
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default.
2021-11-02 15:42:58 +01:00
self.login("hamlet")
self.make_stream("web-public-stream", is_web_public=True)
self.subscribe(self.example_user("hamlet"), "web-public-stream")
body = f"First message ...[zulip.txt](http://{host}" + uri + ")"
self.send_stream_message(self.example_user("hamlet"), "web-public-stream", body, "test")
self.logout()
response = self.client_get(uri)
self.assertEqual(response.status_code, 200)
remove_ratelimit_rule(86400, 1000, domain="spectator_attachment_access_by_file")
# Deny file access since rate limited
add_ratelimit_rule(86400, 0, domain="spectator_attachment_access_by_file")
response = self.client_get(uri)
self.assertEqual(response.status_code, 403)
remove_ratelimit_rule(86400, 0, domain="spectator_attachment_access_by_file")
# Deny random file access
response = self.client_get(
"/user_uploads/2/71/QYB7LA-ULMYEad-QfLMxmI2e/zulip-non-existent.txt"
)
self.assertEqual(response.status_code, 404)
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
def test_serve_local_file_unauthed_invalid_token(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_get("/user_uploads/temporary/badtoken/file.png")
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
self.assert_json_error(result, "Invalid token")
upload: Include filename at the end of temporary access URLs.
2020-04-18 16:11:13 +02:00
def test_serve_local_file_unauthed_altered_filename(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
upload: Include filename at the end of temporary access URLs.
2020-04-18 16:11:13 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
url = "/json" + response_dict["uri"]
upload: Include filename at the end of temporary access URLs.
2020-04-18 16:11:13 +02:00
result = self.client_get(url)
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
data = self.assert_json_success(result)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
url_only_url = data["url"]
upload: Include filename at the end of temporary access URLs.
2020-04-18 16:11:13 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assertTrue(url_only_url.endswith("zulip.txt"))
url_only_url_changed_filename = url_only_url.split("zulip.txt")[0] + "differentname.exe"
upload: Include filename at the end of temporary access URLs.
2020-04-18 16:11:13 +02:00
result = self.client_get(url_only_url_changed_filename)
self.assert_json_error(result, "Invalid filename")
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
def test_serve_local_file_unauthed_token_expires(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
url = "/json" + response_dict["uri"]
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
start_time = time.time()
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with mock.patch("django.core.signing.time.time", return_value=start_time):
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
result = self.client_get(url)
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
data = self.assert_json_success(result)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
url_only_url = data["url"]
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
self.logout()
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(self.client_get(url_only_url), b"zulip!")
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
# After over 60 seconds, the token should become invalid:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with mock.patch("django.core.signing.time.time", return_value=start_time + 61):
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
result = self.client_get(url_only_url)
self.assert_json_error(result, "Invalid token")
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_download_unauthed(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
uri = response_dict["uri"]
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
tests: Add wrapper for client.logout in ZulipTestCase. In this commit we add a logout wrapper so as to enable developers to just do self.logout instead of doing a post request at API endpoint for logout. This is achieved by adding a wrapper function for the Django's client.logout contained in TestCase. We add this by extending ZulipTestCase to have a logout function.
2017-04-18 03:23:32 +02:00
self.logout()
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
response = self.client_get(uri)
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default.
2021-11-02 15:42:58 +01:00
self.assertEqual(response.status_code, 403)
self.assert_in_response("<p>You are not authorized to view this file.</p>", response)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_removed_file_download(self) -> None:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
"""
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
Trying to download deleted files should return 404 error
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
destroy_uploads()
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response = self.client_get(response_dict["uri"])
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
self.assertEqual(response.status_code, 404)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_non_existing_file_download(self) -> None:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
"""
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
Trying to download a file that was never uploaded will return a json_error
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
"""
test_upload: Prepare for moving system bots to zulipinternal.
2019-07-24 07:34:48 +02:00
hamlet = self.example_user("hamlet")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(hamlet)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
response = self.client_get(
test_upload: Fix some URLs to uploaded files. Using http://localhost:9991 is incorrect - e.g. messages sent with file urls constructed trigger do_claim_attachments to be called with empty list in potential_path_ids. realm.host should be used in all these places, like in the other tests in the file.
2022-05-18 21:31:18 +02:00
f"http://{hamlet.realm.host}/user_uploads/{hamlet.realm_id}/ff/gg/abc.py"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
self.assertEqual(response.status_code, 404)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assert_in_response("File not found.", response)
Revert "Add authorization check before serving files." This reverts commit e985b57259f86dcdbddb115fc5009e2db04496ff. This commit will break production when we next do a release, because we haven't done a migration to create Attachment objects for previously uploaded files.
2016-06-27 21:09:56 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_delete_old_unclaimed_attachments(self) -> None:
docs: Fix many spelling mistakes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-08 00:13:33 +01:00
# Upload some files and make them older than a week
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
hamlet = self.example_user("hamlet")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
d1 = StringIO("zulip!")
d1.name = "dummy_1.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": d1})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
d1_path_id = re.sub("/user_uploads/", "", response_dict["uri"])
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
d2 = StringIO("zulip!")
d2.name = "dummy_2.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": d2})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
d2_path_id = re.sub("/user_uploads/", "", response_dict["uri"])
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
d3 = StringIO("zulip!")
d3.name = "dummy_3.txt"
result = self.client_post("/json/user_uploads", {"file": d3})
d3_path_id = re.sub("/user_uploads/", "", result.json()["uri"])
Replace timezone.now with timezone_now.
2017-04-15 04:03:56 +02:00
two_week_ago = timezone_now() - datetime.timedelta(weeks=2)
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
# This Attachment will have a message linking to it:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
d1_attachment = Attachment.objects.get(path_id=d1_path_id)
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
d1_attachment.create_time = two_week_ago
d1_attachment.save()
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assertEqual(str(d1_attachment), "<Attachment: dummy_1.txt>")
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
# This Attachment won't have any messages.
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
d2_attachment = Attachment.objects.get(path_id=d2_path_id)
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
d2_attachment.create_time = two_week_ago
d2_attachment.save()
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
# This Attachment will have a message that gets archived. The file
# should not be deleted until the message is deleted from the archive.
d3_attachment = Attachment.objects.get(path_id=d3_path_id)
d3_attachment.create_time = two_week_ago
d3_attachment.save()
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
Fix various typos. The typos and their corrections were found with the aid of https://github.com/lucasdemarchi/codespell.
2017-11-09 16:26:38 +01:00
# Send message referring only dummy_1
test_upload: Fix some URLs to uploaded files. Using http://localhost:9991 is incorrect - e.g. messages sent with file urls constructed trigger do_claim_attachments to be called with empty list in potential_path_ids. realm.host should be used in all these places, like in the other tests in the file.
2022-05-18 21:31:18 +02:00
self.subscribe(hamlet, "Denmark")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
body = (
test_upload: Fix some URLs to uploaded files. Using http://localhost:9991 is incorrect - e.g. messages sent with file urls constructed trigger do_claim_attachments to be called with empty list in potential_path_ids. realm.host should be used in all these places, like in the other tests in the file.
2022-05-18 21:31:18 +02:00
f"Some files here ...[zulip.txt](http://{hamlet.realm.host}/user_uploads/"
+ d1_path_id
+ ")"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
test_upload: Fix some URLs to uploaded files. Using http://localhost:9991 is incorrect - e.g. messages sent with file urls constructed trigger do_claim_attachments to be called with empty list in potential_path_ids. realm.host should be used in all these places, like in the other tests in the file.
2022-05-18 21:31:18 +02:00
self.send_stream_message(hamlet, "Denmark", body, "test")
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
# Send message referecing dummy_3 - it will be archived next.
body = (
f"Some more files here ...[zulip.txt](http://{hamlet.realm.host}/user_uploads/"
+ d3_path_id
+ ")"
)
message_id = self.send_stream_message(hamlet, "Denmark", body, "test")
d3_local_path = get_local_file_path(d3_path_id)
assert d3_local_path is not None
self.assertTrue(os.path.exists(d3_local_path))
do_delete_messages(hamlet.realm, [Message.objects.get(id=message_id)])
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
# dummy_2 should not exist in database or the uploads folder
do_delete_old_unclaimed_attachments(2)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertTrue(not Attachment.objects.filter(path_id=d2_path_id).exists())
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with self.assertLogs(level="WARNING") as warn_log:
test_upload: Use assertLogs in upload tests to verify logs. This will avoid spam in test-backend output.
2020-07-27 03:44:00 +02:00
self.assertTrue(not delete_message_image(d2_path_id))
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
warn_log.output,
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
["WARNING:root:dummy_2.txt does not exist. Its entry in the database will be removed."],
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. This function is oblivious to the existence of ArchivedAttachment, which is incorrect. A file can be removed if and only if it is not referenced by any Messages or ArchivedMessages.
2022-05-18 22:07:15 +02:00
# dummy_3 file should still exist, because the attachment has been moved to the archive.
self.assertTrue(os.path.exists(d3_local_path))
# After the archive gets emptied, do_delete_old_unclaimed_attachments should result
# in deleting the file, since it is now truly no longer referenced.
with self.settings(ARCHIVED_DATA_VACUUMING_DELAY_DAYS=0):
clean_archived_data()
do_delete_old_unclaimed_attachments(2)
self.assertFalse(os.path.exists(d3_local_path))
self.assertTrue(not Attachment.objects.filter(path_id=d3_path_id).exists())
self.assertTrue(not ArchivedAttachment.objects.filter(path_id=d3_path_id).exists())
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_attachment_url_without_upload(self) -> None:
test_upload: Prepare for moving system bots to zulipinternal.
2019-07-24 07:34:48 +02:00
hamlet = self.example_user("hamlet")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(hamlet)
test_upload: Fix some URLs to uploaded files. Using http://localhost:9991 is incorrect - e.g. messages sent with file urls constructed trigger do_claim_attachments to be called with empty list in potential_path_ids. realm.host should be used in all these places, like in the other tests in the file.
2022-05-18 21:31:18 +02:00
with self.assertLogs(level="WARNING") as warn_log:
body = f"Test message ...[zulip.txt](http://{hamlet.realm.host}/user_uploads/{hamlet.realm_id}/64/fake_path_id.txt)"
message_id = self.send_stream_message(
self.example_user("hamlet"), "Denmark", body, "test"
)
self.assertFalse(
Attachment.objects.filter(path_id=f"{hamlet.realm_id}/64/fake_path_id.txt").exists()
)
self.assertEqual(
warn_log.output,
[
f"WARNING:root:User {hamlet.id} tried to share upload {hamlet.realm_id}/64/fake_path_id.txt in message {message_id}, but lacks permission"
],
)
attachment: Clarify and test logic for invalid uploads.
2017-04-14 01:15:46 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_multiple_claim_attachments(self) -> None:
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
"""
This test tries to claim the same attachment twice. The messages field in
the Attachment model should have both the messages in its entry.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
d1 = StringIO("zulip!")
d1.name = "dummy_1.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": d1})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
d1_path_id = re.sub("/user_uploads/", "", response_dict["uri"])
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
tests: Add and use new self.subscribe. This new method cleans up the API for subscribing to something from a test case.
2017-08-25 06:01:29 +02:00
self.subscribe(self.example_user("hamlet"), "Denmark")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
host = self.example_user("hamlet").realm.host
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
body = f"First message ...[zulip.txt](http://{host}/user_uploads/" + d1_path_id + ")"
tests: Use users in send_*_message. This commit mostly makes our tests less noisy, since emails are no longer an important detail of sending messages (they're not even really used in the API). It also sets us up to have more scrutiny on delivery_email/email in the future for things that actually matter. (This is a prep commit for something along those lines, kind of hard to explain the full plan.)
2020-03-07 11:43:05 +01:00
self.send_stream_message(self.example_user("hamlet"), "Denmark", body, "test")
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
body = f"Second message ...[zulip.txt](http://{host}/user_uploads/" + d1_path_id + ")"
tests: Use users in send_*_message. This commit mostly makes our tests less noisy, since emails are no longer an important detail of sending messages (they're not even really used in the API). It also sets us up to have more scrutiny on delivery_email/email in the future for things that actually matter. (This is a prep commit for something along those lines, kind of hard to explain the full plan.)
2020-03-07 11:43:05 +01:00
self.send_stream_message(self.example_user("hamlet"), "Denmark", body, "test")
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
tests: s/assertEquals/assertEqual/ due to deprecation. Fixes #2730.
2016-12-16 02:01:34 +01:00
self.assertEqual(Attachment.objects.get(path_id=d1_path_id).messages.count(), 2)
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_multiple_claim_attachments_different_owners(self) -> None:
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
"""This test tries to claim the same attachment more than once, first
Fix various typos. The typos and their corrections were found with the aid of https://github.com/lucasdemarchi/codespell.
2017-11-09 16:26:38 +01:00
with a private stream and then with different recipients."""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
d1 = StringIO("zulip!")
d1.name = "dummy_1.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": d1})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
d1_path_id = re.sub("/user_uploads/", "", response_dict["uri"])
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
host = self.example_user("hamlet").realm.host
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
self.make_stream("private_stream", invite_only=True)
tests: Add and use new self.subscribe. This new method cleans up the API for subscribing to something from a test case.
2017-08-25 06:01:29 +02:00
self.subscribe(self.example_user("hamlet"), "private_stream")
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
bugdown: Fix logic for extracting attachment path_id. In 3892a8afd89a07645608ae2dc532c4910c28f2d0, we restructured the system for managing uploaded files to a much cleaner model where we just do parsing inside bugdown. That new model had potentially buggy handling of cases around both relative URLs and URLS starting with `realm.host`. We address this by further rewriting the handling of attachments to avoid regular expressions entirely, instead relying on urllib for parsing, and having bugdown output `path_id` values, so that there's no need for any conversions between formats outside bugdowm. The check_attachment_reference_change function for processing message updates is significantly simplified in the process. The new check on the hostname has the side effect of requiring us to fix some previously weird/buggy test data. Co-Author-By: Anders Kaseorg <anders@zulipchat.com> Co-Author-By: Rohitt Vashishtha <aero31aero@gmail.com>
2019-12-13 03:56:59 +01:00
# First, send the message to the new private stream.
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
body = f"First message ...[zulip.txt](http://{host}/user_uploads/" + d1_path_id + ")"
tests: Use users in send_*_message. This commit mostly makes our tests less noisy, since emails are no longer an important detail of sending messages (they're not even really used in the API). It also sets us up to have more scrutiny on delivery_email/email in the future for things that actually matter. (This is a prep commit for something along those lines, kind of hard to explain the full plan.)
2020-03-07 11:43:05 +01:00
self.send_stream_message(self.example_user("hamlet"), "private_stream", body, "test")
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
self.assertFalse(Attachment.objects.get(path_id=d1_path_id).is_realm_public)
self.assertEqual(Attachment.objects.get(path_id=d1_path_id).messages.count(), 1)
# Then, try having a user who didn't receive the message try to publish it, and fail
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
body = f"Illegal message ...[zulip.txt](http://{host}/user_uploads/" + d1_path_id + ")"
test_upload: Fix unnecessarily hard-coded user id.
2021-07-10 09:26:03 +02:00
cordelia = self.example_user("cordelia")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with self.assertLogs(level="WARNING") as warn_log:
tests: Ensure stream senders get a UserMessage row. We now complain if a test author sends a stream message that does not result in the sender getting a UserMessage row for the message. This is basically 100% equivalent to complaining that the author failed to subscribe the sender to the stream as part of the test setup, as far as I can tell, so the AssertionError instructs the author to subscribe the sender to the stream. We exempt bots from this check, although it is plausible we should only exempt the system bots like the notification bot. I considered auto-subscribing the sender to the stream, but that can be a little more expensive than the current check, and we generally want test setup to be explicit. If there is some legitimate way than a subscribed human sender can't get a UserMessage, then we probably want an explicit test for that, or we may want to change the backend to just write a UserMessage row in that hypothetical situation. For most tests, including almost all the ones fixed here, the author just wants their test setup to realistically reflect normal operation, and often devs may not realize that Cordelia is not subscribed to Denmark or not realize that Hamlet is not subscribed to Scotland. Some of us don't remember our Shakespeare from high school, and our stream subscriptions don't even necessarily reflect which countries the Bard placed his characters in. There may also be some legitimate use case where an author wants to simulate sending a message to an unsubscribed stream, but for those edge cases, they can always set allow_unsubscribed_sender to True.
2021-12-10 13:55:48 +01:00
self.send_stream_message(cordelia, "Verona", body, "test")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertTrue(
test_upload: Fix unnecessarily hard-coded user id.
2021-07-10 09:26:03 +02:00
f"WARNING:root:User {cordelia.id} tried to share upload" in warn_log.output[0]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
and "but lacks permission" in warn_log.output[0]
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
self.assertEqual(Attachment.objects.get(path_id=d1_path_id).messages.count(), 1)
self.assertFalse(Attachment.objects.get(path_id=d1_path_id).is_realm_public)
attachments: Add is_web_public field. This commit adds the is_web_public field in the AbstractAttachment class. This is useful when validating user access to the attachment, as otherwise we would have to make a query in the db to check if that attachment was sent in a message in a web-public stream or not.
2020-08-01 03:17:21 +02:00
self.assertFalse(Attachment.objects.get(path_id=d1_path_id).is_web_public)
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
# Then, have the owner PM it to another user, giving that other user access.
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
body = f"Second message ...[zulip.txt](http://{host}/user_uploads/" + d1_path_id + ")"
tests: Use users in send_*_message. This commit mostly makes our tests less noisy, since emails are no longer an important detail of sending messages (they're not even really used in the API). It also sets us up to have more scrutiny on delivery_email/email in the future for things that actually matter. (This is a prep commit for something along those lines, kind of hard to explain the full plan.)
2020-03-07 11:43:05 +01:00
self.send_personal_message(self.example_user("hamlet"), self.example_user("othello"), body)
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
self.assertEqual(Attachment.objects.get(path_id=d1_path_id).messages.count(), 2)
self.assertFalse(Attachment.objects.get(path_id=d1_path_id).is_realm_public)
attachments: Add is_web_public field. This commit adds the is_web_public field in the AbstractAttachment class. This is useful when validating user access to the attachment, as otherwise we would have to make a query in the db to check if that attachment was sent in a message in a web-public stream or not.
2020-08-01 03:17:21 +02:00
self.assertFalse(Attachment.objects.get(path_id=d1_path_id).is_web_public)
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
# Then, have that new recipient user publish it.
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
body = f"Third message ...[zulip.txt](http://{host}/user_uploads/" + d1_path_id + ")"
tests: Ensure stream senders get a UserMessage row. We now complain if a test author sends a stream message that does not result in the sender getting a UserMessage row for the message. This is basically 100% equivalent to complaining that the author failed to subscribe the sender to the stream as part of the test setup, as far as I can tell, so the AssertionError instructs the author to subscribe the sender to the stream. We exempt bots from this check, although it is plausible we should only exempt the system bots like the notification bot. I considered auto-subscribing the sender to the stream, but that can be a little more expensive than the current check, and we generally want test setup to be explicit. If there is some legitimate way than a subscribed human sender can't get a UserMessage, then we probably want an explicit test for that, or we may want to change the backend to just write a UserMessage row in that hypothetical situation. For most tests, including almost all the ones fixed here, the author just wants their test setup to realistically reflect normal operation, and often devs may not realize that Cordelia is not subscribed to Denmark or not realize that Hamlet is not subscribed to Scotland. Some of us don't remember our Shakespeare from high school, and our stream subscriptions don't even necessarily reflect which countries the Bard placed his characters in. There may also be some legitimate use case where an author wants to simulate sending a message to an unsubscribed stream, but for those edge cases, they can always set allow_unsubscribed_sender to True.
2021-12-10 13:55:48 +01:00
self.send_stream_message(self.example_user("othello"), "Verona", body, "test")
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
self.assertEqual(Attachment.objects.get(path_id=d1_path_id).messages.count(), 3)
self.assertTrue(Attachment.objects.get(path_id=d1_path_id).is_realm_public)
attachments: Add is_web_public field. This commit adds the is_web_public field in the AbstractAttachment class. This is useful when validating user access to the attachment, as otherwise we would have to make a query in the db to check if that attachment was sent in a message in a web-public stream or not.
2020-08-01 03:17:21 +02:00
self.assertFalse(Attachment.objects.get(path_id=d1_path_id).is_web_public)
# Finally send to Rome, the web-public stream, and confirm it's now web-public
body = f"Fourth message ...[zulip.txt](http://{host}/user_uploads/" + d1_path_id + ")"
tests: Ensure stream senders get a UserMessage row. We now complain if a test author sends a stream message that does not result in the sender getting a UserMessage row for the message. This is basically 100% equivalent to complaining that the author failed to subscribe the sender to the stream as part of the test setup, as far as I can tell, so the AssertionError instructs the author to subscribe the sender to the stream. We exempt bots from this check, although it is plausible we should only exempt the system bots like the notification bot. I considered auto-subscribing the sender to the stream, but that can be a little more expensive than the current check, and we generally want test setup to be explicit. If there is some legitimate way than a subscribed human sender can't get a UserMessage, then we probably want an explicit test for that, or we may want to change the backend to just write a UserMessage row in that hypothetical situation. For most tests, including almost all the ones fixed here, the author just wants their test setup to realistically reflect normal operation, and often devs may not realize that Cordelia is not subscribed to Denmark or not realize that Hamlet is not subscribed to Scotland. Some of us don't remember our Shakespeare from high school, and our stream subscriptions don't even necessarily reflect which countries the Bard placed his characters in. There may also be some legitimate use case where an author wants to simulate sending a message to an unsubscribed stream, but for those edge cases, they can always set allow_unsubscribed_sender to True.
2021-12-10 13:55:48 +01:00
self.subscribe(self.example_user("othello"), "Rome")
attachments: Add is_web_public field. This commit adds the is_web_public field in the AbstractAttachment class. This is useful when validating user access to the attachment, as otherwise we would have to make a query in the db to check if that attachment was sent in a message in a web-public stream or not.
2020-08-01 03:17:21 +02:00
self.send_stream_message(self.example_user("othello"), "Rome", body, "test")
self.assertEqual(Attachment.objects.get(path_id=d1_path_id).messages.count(), 4)
self.assertTrue(Attachment.objects.get(path_id=d1_path_id).is_realm_public)
self.assertTrue(Attachment.objects.get(path_id=d1_path_id).is_web_public)
attachment: Improve rules for managing attachment ownership. The previous logic was that anyone with a link to a file could send it to other users, but only the owner could make a file realm-public. This had some confusing corner cases. The new logic is much simpler: * Only the file's owner/uploader can include a file in a message for the first time. * Anyone with access to read a file can share it with others by including it in messages they send. * Once a file has been sent to a public stream, any user in the realm can access it.
2017-04-14 00:59:59 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_check_attachment_reference_update(self) -> None:
Update attachment tracking on message update.
2016-07-07 09:47:15 +02:00
f1 = StringIO("file1")
f1.name = "file1.txt"
f2 = StringIO("file2")
f2.name = "file2.txt"
f3 = StringIO("file3")
f3.name = "file3.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
hamlet = self.example_user("hamlet")
bugdown: Fix logic for extracting attachment path_id. In 3892a8afd89a07645608ae2dc532c4910c28f2d0, we restructured the system for managing uploaded files to a much cleaner model where we just do parsing inside bugdown. That new model had potentially buggy handling of cases around both relative URLs and URLS starting with `realm.host`. We address this by further rewriting the handling of attachments to avoid regular expressions entirely, instead relying on urllib for parsing, and having bugdown output `path_id` values, so that there's no need for any conversions between formats outside bugdowm. The check_attachment_reference_change function for processing message updates is significantly simplified in the process. The new check on the hostname has the side effect of requiring us to fix some previously weird/buggy test data. Co-Author-By: Anders Kaseorg <anders@zulipchat.com> Co-Author-By: Rohitt Vashishtha <aero31aero@gmail.com>
2019-12-13 03:56:59 +01:00
host = hamlet.realm.host
Update attachment tracking on message update.
2016-07-07 09:47:15 +02:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(hamlet)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": f1})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
f1_path_id = re.sub("/user_uploads/", "", response_dict["uri"])
Update attachment tracking on message update.
2016-07-07 09:47:15 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": f2})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
f2_path_id = re.sub("/user_uploads/", "", response_dict["uri"])
Update attachment tracking on message update.
2016-07-07 09:47:15 +02:00
bugdown: Fix logic for extracting attachment path_id. In 3892a8afd89a07645608ae2dc532c4910c28f2d0, we restructured the system for managing uploaded files to a much cleaner model where we just do parsing inside bugdown. That new model had potentially buggy handling of cases around both relative URLs and URLS starting with `realm.host`. We address this by further rewriting the handling of attachments to avoid regular expressions entirely, instead relying on urllib for parsing, and having bugdown output `path_id` values, so that there's no need for any conversions between formats outside bugdowm. The check_attachment_reference_change function for processing message updates is significantly simplified in the process. The new check on the hostname has the side effect of requiring us to fix some previously weird/buggy test data. Co-Author-By: Anders Kaseorg <anders@zulipchat.com> Co-Author-By: Rohitt Vashishtha <aero31aero@gmail.com>
2019-12-13 03:56:59 +01:00
self.subscribe(hamlet, "test")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
body = (
f"[f1.txt](http://{host}/user_uploads/" + f1_path_id + ") "
"[f2.txt](http://{}/user_uploads/".format(host) + f2_path_id + ")"
)
tests: Use users in send_*_message. This commit mostly makes our tests less noisy, since emails are no longer an important detail of sending messages (they're not even really used in the API). It also sets us up to have more scrutiny on delivery_email/email in the future for things that actually matter. (This is a prep commit for something along those lines, kind of hard to explain the full plan.)
2020-03-07 11:43:05 +01:00
msg_id = self.send_stream_message(hamlet, "test", body, "test")
Update attachment tracking on message update.
2016-07-07 09:47:15 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": f3})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
f3_path_id = re.sub("/user_uploads/", "", response_dict["uri"])
Update attachment tracking on message update.
2016-07-07 09:47:15 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
new_body = (
f"[f3.txt](http://{host}/user_uploads/" + f3_path_id + ") "
"[f2.txt](http://{}/user_uploads/".format(host) + f2_path_id + ")"
)
result = self.client_patch(
"/json/messages/" + str(msg_id),
{
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"content": new_body,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
},
)
Update attachment tracking on message update.
2016-07-07 09:47:15 +02:00
self.assert_json_success(result)
message = Message.objects.get(id=msg_id)
f1_attachment = Attachment.objects.get(path_id=f1_path_id)
f2_attachment = Attachment.objects.get(path_id=f2_path_id)
upload: Fix single attachments not being claimed on message edit. Fixed an attachments not being claimed if just one new attachment is added (aka the common case).
2016-07-24 22:03:22 +02:00
f3_attachment = Attachment.objects.get(path_id=f3_path_id)
Update attachment tracking on message update.
2016-07-07 09:47:15 +02:00
self.assertTrue(message not in f1_attachment.messages.all())
self.assertTrue(message in f2_attachment.messages.all())
self.assertTrue(message in f3_attachment.messages.all())
Add test for removing an uploaded file via message editing. Fixes #1373.
2016-07-23 07:06:13 +02:00
# Delete all the attachments from the message
new_body = "(deleted)"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
result = self.client_patch(
"/json/messages/" + str(msg_id),
{
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"content": new_body,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
},
)
Add test for removing an uploaded file via message editing. Fixes #1373.
2016-07-23 07:06:13 +02:00
self.assert_json_success(result)
message = Message.objects.get(id=msg_id)
f1_attachment = Attachment.objects.get(path_id=f1_path_id)
f2_attachment = Attachment.objects.get(path_id=f2_path_id)
f3_attachment = Attachment.objects.get(path_id=f3_path_id)
self.assertTrue(message not in f1_attachment.messages.all())
self.assertTrue(message not in f2_attachment.messages.all())
self.assertTrue(message not in f3_attachment.messages.all())
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_name(self) -> None:
Test unicode file name.
2016-09-20 11:02:15 +02:00
"""
Unicode filenames should be processed correctly.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Test unicode file name.
2016-09-20 11:02:15 +02:00
for expected in ["Здравейте.txt", "test"]:
fp = StringIO("bah!")
fp.name = urllib.parse.quote(expected)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"f1": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
assert sanitize_name(expected) in response_dict["uri"]
Test unicode file name.
2016-09-20 11:02:15 +02:00
upload: Enforce per-realm quota.
2018-01-26 16:13:33 +01:00
def test_realm_quota(self) -> None:
"""
Realm quota for uploading should not be exceeded.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
upload: Enforce per-realm quota.
2018-01-26 16:13:33 +01:00
d1 = StringIO("zulip!")
d1.name = "dummy_1.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": d1})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
d1_path_id = re.sub("/user_uploads/", "", response_dict["uri"])
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
d1_attachment = Attachment.objects.get(path_id=d1_path_id)
upload: Enforce per-realm quota.
2018-01-26 16:13:33 +01:00
realm = get_realm("zulip")
realm.upload_quota_gb = 1
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
realm.save(update_fields=["upload_quota_gb"])
upload: Enforce per-realm quota.
2018-01-26 16:13:33 +01:00
# The size of StringIO("zulip!") is 6 bytes. Setting the size of
# d1_attachment to realm.upload_quota_bytes() - 11 should allow
# us to upload only one more attachment.
mypy: Add two mypy-pacifying asserts in upload & bugdown tests.
2018-02-19 06:39:38 +01:00
quota = realm.upload_quota_bytes()
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
assert quota is not None
mypy: Add two mypy-pacifying asserts in upload & bugdown tests.
2018-02-19 06:39:38 +01:00
d1_attachment.size = quota - 11
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
d1_attachment.save(update_fields=["size"])
upload: Enforce per-realm quota.
2018-01-26 16:13:33 +01:00
d2 = StringIO("zulip!")
d2.name = "dummy_2.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": d2})
upload: Enforce per-realm quota.
2018-01-26 16:13:33 +01:00
self.assert_json_success(result)
d3 = StringIO("zulip!")
d3.name = "dummy_3.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": d3})
upload: Enforce per-realm quota.
2018-01-26 16:13:33 +01:00
self.assert_json_error(result, "Upload would exceed your organization's upload quota.")
realm.upload_quota_gb = None
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
realm.save(update_fields=["upload_quota_gb"])
result = self.client_post("/json/user_uploads", {"file": d3})
upload: Enforce per-realm quota.
2018-01-26 16:13:33 +01:00
self.assert_json_success(result)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_cross_realm_file_access(self) -> None:
zerver/tests: Change use of typing.Text to str.
2018-05-11 01:39:38 +02:00
def create_user(email: str, realm_id: str) -> UserProfile:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
password = initial_password(email)
if password is not None:
self.register(email, password, subdomain=realm_id)
tests: Fix some instances of logged in session polluting test state. In these tests, the code ends up with a logged in session when it's undesired - later on these tests make requests to a different subdomain - where a logged in session is not supposed to exist. This leads to an unintended, strange situation where request.user is a user from the old subdomain but the request itself is to a *different* subdomain. This throws off get_realm_from_request, which will return the realm from request.user.realm - which is not what these tests want and can lead to these tests failing when some of the production code being tested switches to using get_realm_from_request instead of get_realm(get_subdomain).
2022-01-23 20:30:46 +01:00
# self.register has the side-effect of ending up with a logged in session
# for the new user. We don't want that in these tests.
self.logout()
tests: Use email/delivery_email more explicitly. We try to use the correct variation of `email` or `delivery_email`, even though in some databases they are the same. (To find the differences, I temporarily hacked populate_db to use different values for email and delivery_email, and reduced email visibility in the zulip realm to admins only.) In places where we want the "normal" realm behavior of showing emails (and having `email` be the same as `delivery_email`), we use the new `reset_emails_in_zulip_realm` helper. A couple random things: - I fixed any error messages that were leaking the wrong email - a test that claimed to rely on the order of emails no longer does (we sort user_ids instead) - we now use user_ids in some place where we used to use emails - for IRC mirrors I just punted and used `reset_emails_in_zulip_realm` in most places - for MIT-related tests, I didn't fix email vs. delivery_email unless it was obvious I also explicitly reset the realm to a "normal" realm for a couple tests that I frankly just didn't have the energy to debug. (Also, we do want some coverage on the normal case, even though it is "easier" for tests to pass if you mix up `email` and `delivery_email`.) In particular, I just reset data for the analytics and corporate tests.
2020-03-12 14:17:25 +01:00
return get_user_by_delivery_email(email, get_realm(realm_id))
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
test_upload: Explicitly declare subdomains.
2017-08-26 01:20:47 +02:00
test_subdomain = "uploadtest.example.com"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user1_email = "user1@uploadtest.example.com"
user2_email = "test-og-bot@zulip.com"
user3_email = "other-user@uploadtest.example.com"
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
tests: Use do_create_realm where possible. Using do_create_realm should be preferred over manual creation where possible, as it creates more realistic data.
2021-03-08 13:22:43 +01:00
r1 = do_create_realm(string_id=test_subdomain, name=test_subdomain)
refactor: Make acting_user a mandatory kwarg for do_set_realm_property.
2021-03-01 11:33:24 +01:00
do_set_realm_property(r1, "invite_required", False, acting_user=None)
test_upload: Explicitly declare subdomains.
2017-08-26 01:20:47 +02:00
RealmDomain.objects.create(realm=r1, domain=test_subdomain)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
user_1 = create_user(user1_email, test_subdomain)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_2 = create_user(user2_email, "zulip")
bugdown: Fix logic for extracting attachment path_id. In 3892a8afd89a07645608ae2dc532c4910c28f2d0, we restructured the system for managing uploaded files to a much cleaner model where we just do parsing inside bugdown. That new model had potentially buggy handling of cases around both relative URLs and URLS starting with `realm.host`. We address this by further rewriting the handling of attachments to avoid regular expressions entirely, instead relying on urllib for parsing, and having bugdown output `path_id` values, so that there's no need for any conversions between formats outside bugdowm. The check_attachment_reference_change function for processing message updates is significantly simplified in the process. The new check on the hostname has the side effect of requiring us to fix some previously weird/buggy test data. Co-Author-By: Anders Kaseorg <anders@zulipchat.com> Co-Author-By: Rohitt Vashishtha <aero31aero@gmail.com>
2019-12-13 03:56:59 +01:00
user_3 = create_user(user3_email, test_subdomain)
host = user_3.realm.host
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
# Send a message from @zulip.com -> @uploadtest.example.com
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user_2)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
uri = self.assert_json_success(result)["uri"]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
fp_path_id = re.sub("/user_uploads/", "", uri)
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
body = f"First message ...[zulip.txt](http://{host}/user_uploads/" + fp_path_id + ")"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
with self.settings(CROSS_REALM_BOT_EMAILS={user_2.email, user_3.email}):
Use sender realm in user_profiles_from_unvalidated_emails. This change is mostly based on a similar commit from hackerkid in a feature branch. It borrows both code and ideas. Some of it's my own stuff, as I was working on a newer branch. We now call get_user_including_cross_realm_email() inside of user_profiles_from_unvalidated_emails(), instead of using get_user_profile_by_email. This requires a few of our callers to pass down sender into us. One consequence of this change is that we change the symptoms for trying to send to emails outside of your realm. In some cases, we simply raise an error that an email is invalid to us instead of getting into the deeper validate_recipient_user_profiles check.
2017-08-18 12:26:43 +02:00
internal_send_private_message(
bots: Pass realm to remaining get_system_bot calls in tests.
2021-03-08 11:54:39 +01:00
sender=get_system_bot(user_2.email, user_2.realm_id),
tests: Use email/delivery_email more explicitly. We try to use the correct variation of `email` or `delivery_email`, even though in some databases they are the same. (To find the differences, I temporarily hacked populate_db to use different values for email and delivery_email, and reduced email visibility in the zulip realm to admins only.) In places where we want the "normal" realm behavior of showing emails (and having `email` be the same as `delivery_email`), we use the new `reset_emails_in_zulip_realm` helper. A couple random things: - I fixed any error messages that were leaking the wrong email - a test that claimed to rely on the order of emails no longer does (we sort user_ids instead) - we now use user_ids in some place where we used to use emails - for IRC mirrors I just punted and used `reset_emails_in_zulip_realm` in most places - for MIT-related tests, I didn't fix email vs. delivery_email unless it was obvious I also explicitly reset the realm to a "normal" realm for a couple tests that I frankly just didn't have the energy to debug. (Also, we do want some coverage on the normal case, even though it is "easier" for tests to pass if you mix up `email` and `delivery_email`.) In particular, I just reset data for the analytics and corporate tests.
2020-03-12 14:17:25 +01:00
recipient_user=user_1,
Use sender realm in user_profiles_from_unvalidated_emails. This change is mostly based on a similar commit from hackerkid in a feature branch. It borrows both code and ideas. Some of it's my own stuff, as I was working on a newer branch. We now call get_user_including_cross_realm_email() inside of user_profiles_from_unvalidated_emails(), instead of using get_user_profile_by_email. This requires a few of our callers to pass down sender into us. One consequence of this change is that we change the symptoms for trying to send to emails outside of your realm. In some cases, we simply raise an error that an email is invalid to us instead of getting into the deeper validate_recipient_user_profiles check.
2017-08-18 12:26:43 +02:00
content=body,
)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user_1)
test_upload: Explicitly declare subdomains.
2017-08-26 01:20:47 +02:00
response = self.client_get(uri, subdomain=test_subdomain)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
self.assertEqual(response.status_code, 200)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
tests: Add wrapper for client.logout in ZulipTestCase. In this commit we add a logout wrapper so as to enable developers to just do self.logout instead of doing a post request at API endpoint for logout. This is achieved by adding a wrapper function for the Django's client.logout contained in TestCase. We add this by extending ZulipTestCase to have a logout function.
2017-04-18 03:23:32 +02:00
self.logout()
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
# Confirm other cross-realm users can't read it.
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user_3)
test_upload: Explicitly declare subdomains.
2017-08-26 01:20:47 +02:00
response = self.client_get(uri, subdomain=test_subdomain)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
self.assertEqual(response.status_code, 403)
self.assert_in_response("You are not authorized to view this file.", response)
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default.
2021-11-02 15:42:58 +01:00
# Verify that cross-realm access to files for spectators is denied.
self.logout()
response = self.client_get(uri, subdomain=test_subdomain)
self.assertEqual(response.status_code, 403)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_download_authorization_invite_only(self) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
hamlet = self.example_user("hamlet")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
cordelia = self.example_user("cordelia")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
realm = hamlet.realm
subscribed_users = [hamlet, cordelia]
test performance: Pass in users to api_* helpers. This reduces query counts in some cases, since we no longer need to look up the user again. In particular, it reduces some noise when we count queries for O(N)-related tests. The query count is usually reduced by 2 per API call. We no longer need to look up Realm and UserProfile. In most cases we are saving these lookups for the whole tests, since we usually already have the `user` objects for other reasons. In a few places we are simply moving where that query happens within the test. In some places I shorten names like `test_user` or `user_profile` to just be `user`.
2020-03-10 11:48:26 +01:00
unsubscribed_users = [self.example_user("othello"), self.example_user("prospero")]
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
stream_name = "test-subscribe"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.make_stream(
stream_name, realm=realm, invite_only=True, history_public_to_subscribers=False
)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
for subscribed_user in subscribed_users:
self.subscribe(subscribed_user, stream_name)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(hamlet)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
uri = self.assert_json_success(result)["uri"]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
fp_path_id = re.sub("/user_uploads/", "", uri)
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
body = f"First message ...[zulip.txt](http://{realm.host}/user_uploads/" + fp_path_id + ")"
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.send_stream_message(hamlet, stream_name, body, "test")
tests: Add wrapper for client.logout in ZulipTestCase. In this commit we add a logout wrapper so as to enable developers to just do self.logout instead of doing a post request at API endpoint for logout. This is achieved by adding a wrapper function for the Django's client.logout contained in TestCase. We add this by extending ZulipTestCase to have a logout function.
2017-04-18 03:23:32 +02:00
self.logout()
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
# Owner user should be able to view file
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(hamlet)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
with queries_captured() as queries:
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
response = self.client_get(uri)
self.assertEqual(response.status_code, 200)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.logout()
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(queries, 5)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
text: Fix some typos (most of them found and fixed by codespell). Signed-off-by: Stefan Weil <sw@weilnetz.de>
2020-03-28 01:25:56 +01:00
# Subscribed user who received the message should be able to view file
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(cordelia)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
with queries_captured() as queries:
response = self.client_get(uri)
self.assertEqual(response.status_code, 200)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.logout()
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(queries, 6)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
test performance: Pass in users to api_* helpers. This reduces query counts in some cases, since we no longer need to look up the user again. In particular, it reduces some noise when we count queries for O(N)-related tests. The query count is usually reduced by 2 per API call. We no longer need to look up Realm and UserProfile. In most cases we are saving these lookups for the whole tests, since we usually already have the `user` objects for other reasons. In a few places we are simply moving where that query happens within the test. In some places I shorten names like `test_user` or `user_profile` to just be `user`.
2020-03-10 11:48:26 +01:00
def assert_cannot_access_file(user: UserProfile) -> None:
response = self.api_get(user, uri)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.assertEqual(response.status_code, 403)
self.assert_in_response("You are not authorized to view this file.", response)
late_subscribed_user = self.example_user("aaron")
self.subscribe(late_subscribed_user, stream_name)
test performance: Pass in users to api_* helpers. This reduces query counts in some cases, since we no longer need to look up the user again. In particular, it reduces some noise when we count queries for O(N)-related tests. The query count is usually reduced by 2 per API call. We no longer need to look up Realm and UserProfile. In most cases we are saving these lookups for the whole tests, since we usually already have the `user` objects for other reasons. In a few places we are simply moving where that query happens within the test. In some places I shorten names like `test_user` or `user_profile` to just be `user`.
2020-03-10 11:48:26 +01:00
assert_cannot_access_file(late_subscribed_user)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
# Unsubscribed user should not be able to view file
test performance: Pass in users to api_* helpers. This reduces query counts in some cases, since we no longer need to look up the user again. In particular, it reduces some noise when we count queries for O(N)-related tests. The query count is usually reduced by 2 per API call. We no longer need to look up Realm and UserProfile. In most cases we are saving these lookups for the whole tests, since we usually already have the `user` objects for other reasons. In a few places we are simply moving where that query happens within the test. In some places I shorten names like `test_user` or `user_profile` to just be `user`.
2020-03-10 11:48:26 +01:00
for unsubscribed_user in unsubscribed_users:
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
assert_cannot_access_file(unsubscribed_user)
def test_file_download_authorization_invite_only_with_shared_history(self) -> None:
user = self.example_user("hamlet")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
polonius = self.example_user("polonius")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
subscribed_users = [user, polonius]
unsubscribed_users = [self.example_user("othello"), self.example_user("prospero")]
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
stream_name = "test-subscribe"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.make_stream(
stream_name, realm=user.realm, invite_only=True, history_public_to_subscribers=True
)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
for subscribed_user in subscribed_users:
self.subscribe(subscribed_user, stream_name)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
uri = self.assert_json_success(result)["uri"]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
fp_path_id = re.sub("/user_uploads/", "", uri)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
body = (
f"First message ...[zulip.txt](http://{user.realm.host}/user_uploads/"
+ fp_path_id
+ ")"
)
tests: Use users in send_*_message. This commit mostly makes our tests less noisy, since emails are no longer an important detail of sending messages (they're not even really used in the API). It also sets us up to have more scrutiny on delivery_email/email in the future for things that actually matter. (This is a prep commit for something along those lines, kind of hard to explain the full plan.)
2020-03-07 11:43:05 +01:00
self.send_stream_message(user, stream_name, body, "test")
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.logout()
# Add aaron as a subscribed after the message was sent
late_subscribed_user = self.example_user("aaron")
self.subscribe(late_subscribed_user, stream_name)
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
subscribed_users.append(late_subscribed_user)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
# Owner user should be able to view file
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
with queries_captured() as queries:
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
response = self.client_get(uri)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.assertEqual(response.status_code, 200)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.logout()
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(queries, 5)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
# Originally subscribed user should be able to view file
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(polonius)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
with queries_captured() as queries:
response = self.client_get(uri)
self.assertEqual(response.status_code, 200)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.logout()
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(queries, 6)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
# Subscribed user who did not receive the message should also be able to view file
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(late_subscribed_user)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
with queries_captured() as queries:
response = self.client_get(uri)
self.assertEqual(response.status_code, 200)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.logout()
# It takes a few extra queries to verify access because of shared history.
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(queries, 9)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
def assert_cannot_access_file(user: UserProfile) -> None:
self.login_user(user)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
with queries_captured() as queries:
response = self.client_get(uri)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
self.assertEqual(response.status_code, 403)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
# It takes a few extra queries to verify lack of access with shared history.
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(queries, 8)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
self.assert_in_response("You are not authorized to view this file.", response)
tests: Add wrapper for client.logout in ZulipTestCase. In this commit we add a logout wrapper so as to enable developers to just do self.logout instead of doing a post request at API endpoint for logout. This is achieved by adding a wrapper function for the Django's client.logout contained in TestCase. We add this by extending ZulipTestCase to have a logout function.
2017-04-18 03:23:32 +02:00
self.logout()
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
# Unsubscribed user should not be able to view file
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
for unsubscribed_user in unsubscribed_users:
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
assert_cannot_access_file(unsubscribed_user)
def test_multiple_message_attachment_file_download(self) -> None:
hamlet = self.example_user("hamlet")
for i in range(0, 5):
python: Convert percent formatting to Python 3.6 f-strings. Generated by pyupgrade --py36-plus. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-10 06:41:04 +02:00
stream_name = f"test-subscribe {i}"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.make_stream(
stream_name,
realm=hamlet.realm,
invite_only=True,
history_public_to_subscribers=True,
)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.subscribe(hamlet, stream_name)
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(hamlet)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
uri = self.assert_json_success(result)["uri"]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
fp_path_id = re.sub("/user_uploads/", "", uri)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
for i in range(20):
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
body = (
f"First message ...[zulip.txt](http://{hamlet.realm.host}/user_uploads/"
+ fp_path_id
+ ")"
)
self.send_stream_message(
self.example_user("hamlet"), f"test-subscribe {i % 5}", body, "test"
)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.logout()
user = self.example_user("aaron")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
with queries_captured() as queries:
response = self.client_get(uri)
self.assertEqual(response.status_code, 403)
self.assert_in_response("You are not authorized to view this file.", response)
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(queries, 8)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.subscribe(user, "test-subscribe 1")
self.subscribe(user, "test-subscribe 2")
with queries_captured() as queries:
response = self.client_get(uri)
self.assertEqual(response.status_code, 200)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
# If we were accidentally one query per message, this would be 20+
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(queries, 9)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
with queries_captured() as queries:
self.assertTrue(validate_attachment_request(user, fp_path_id))
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(queries, 6)
attachment: Fix handling of stream history. This fixes two issues: * Our guest users feature gave guest users access to public stream attachments even if they couldn't access the public stream. * After a user joins a private stream with our new shared history feature, they couldn't see images uploaded before they joined. The tests need to check for a few types of issues: * The actual access control permissions. * How many database queries are used in the various cases for that second model, especially with multiple messages referencing an attachment. This function gets called a lot, and we want to keep it fast. Fixes #9372.
2018-06-05 21:12:28 +02:00
self.logout()
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_download_authorization_public(self) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
subscribed_users = [self.example_user("hamlet"), self.example_user("iago")]
unsubscribed_users = [self.example_user("othello"), self.example_user("prospero")]
tests: Add and use new self.subscribe. This new method cleans up the API for subscribing to something from a test case.
2017-08-25 06:01:29 +02:00
realm = get_realm("zulip")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
for subscribed_user in subscribed_users:
self.subscribe(subscribed_user, "test-subscribe")
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
uri = self.assert_json_success(result)["uri"]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
fp_path_id = re.sub("/user_uploads/", "", uri)
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
body = f"First message ...[zulip.txt](http://{realm.host}/user_uploads/" + fp_path_id + ")"
tests: Use users in send_*_message. This commit mostly makes our tests less noisy, since emails are no longer an important detail of sending messages (they're not even really used in the API). It also sets us up to have more scrutiny on delivery_email/email in the future for things that actually matter. (This is a prep commit for something along those lines, kind of hard to explain the full plan.)
2020-03-07 11:43:05 +01:00
self.send_stream_message(self.example_user("hamlet"), "test-subscribe", body, "test")
tests: Add wrapper for client.logout in ZulipTestCase. In this commit we add a logout wrapper so as to enable developers to just do self.logout instead of doing a post request at API endpoint for logout. This is achieved by adding a wrapper function for the Django's client.logout contained in TestCase. We add this by extending ZulipTestCase to have a logout function.
2017-04-18 03:23:32 +02:00
self.logout()
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
# Now all users should be able to access the files
for user in subscribed_users + unsubscribed_users:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user)
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
response = self.client_get(uri)
test_classes: Extract assert_streaming_content helper. This also fixes a warning from RealmExportTest.test_endpoint_local_uploads: “ResourceWarning: unclosed file <_io.BufferedReader name='/srv/zulip/var/…/test-export.tar.gz'>”. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 05:51:51 +01:00
self.assert_streaming_content(response, b"zulip!")
tests: Add wrapper for client.logout in ZulipTestCase. In this commit we add a logout wrapper so as to enable developers to just do self.logout instead of doing a post request at API endpoint for logout. This is achieved by adding a wrapper function for the Django's client.logout contained in TestCase. We add this by extending ZulipTestCase to have a logout function.
2017-04-18 03:23:32 +02:00
self.logout()
uploads: Add authorization check before serving files. This is a remerge of e985b57259f86dcdbddb115fc5009e2db04496ff (after resolving merge conflicts, updating the tests, adding mypy annotations etc.), which should now be correct, because we've done the necessary database migration. The rebase/remerge work was done by Tim Abbott and Aditya Bansal. This is an important part of #320.
2016-06-17 19:48:17 +02:00
local-uploads: Start running authentication checks on file requests. From here on we start to authenticate uploaded file request before serving this files in production. This involves allowing NGINX to pass on these file requests to Django for authentication and then serve these files by making use on internal redirect requests having x-accel-redirect field. The redirection on requests and loading of x-accel-redirect param is handled by django-sendfile. NOTE: This commit starts to authenticate these requests for Zulip servers running platforms either Ubuntu Xenial (16.04) or above. Fixes: #320 and #291 partially.
2018-02-12 18:18:03 +01:00
def test_serve_local(self) -> None:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
def check_xsend_links(
uploads: Add an endpoint which forces a download. This is most useful for images hosted in S3, which are otherwise always displayed in the browser.
2022-03-22 04:38:18 +01:00
name: str,
name_str_for_test: str,
content_disposition: str = "",
download: bool = False,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with self.settings(SENDFILE_BACKEND="django_sendfile.backends.nginx"):
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-25 02:29:22 +02:00
_get_sendfile.cache_clear() # To clearout cached version of backend from djangosendfile
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
local-uploads: Start running authentication checks on file requests. From here on we start to authenticate uploaded file request before serving this files in production. This involves allowing NGINX to pass on these file requests to Django for authentication and then serve these files by making use on internal redirect requests having x-accel-redirect field. The redirection on requests and loading of x-accel-redirect param is handled by django-sendfile. NOTE: This commit starts to authenticate these requests for Zulip servers running platforms either Ubuntu Xenial (16.04) or above. Fixes: #320 and #291 partially.
2018-02-12 18:18:03 +01:00
fp = StringIO("zulip!")
fp.name = name
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
uri = self.assert_json_success(result)["uri"]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
fp_path_id = re.sub("/user_uploads/", "", uri)
local-uploads: Start running authentication checks on file requests. From here on we start to authenticate uploaded file request before serving this files in production. This involves allowing NGINX to pass on these file requests to Django for authentication and then serve these files by making use on internal redirect requests having x-accel-redirect field. The redirection on requests and loading of x-accel-redirect param is handled by django-sendfile. NOTE: This commit starts to authenticate these requests for Zulip servers running platforms either Ubuntu Xenial (16.04) or above. Fixes: #320 and #291 partially.
2018-02-12 18:18:03 +01:00
fp_path = os.path.split(fp_path_id)[0]
uploads: Add an endpoint which forces a download. This is most useful for images hosted in S3, which are otherwise always displayed in the browser.
2022-03-22 04:38:18 +01:00
if download:
uri = uri.replace("/user_uploads/", "/user_uploads/download/")
local-uploads: Start running authentication checks on file requests. From here on we start to authenticate uploaded file request before serving this files in production. This involves allowing NGINX to pass on these file requests to Django for authentication and then serve these files by making use on internal redirect requests having x-accel-redirect field. The redirection on requests and loading of x-accel-redirect param is handled by django-sendfile. NOTE: This commit starts to authenticate these requests for Zulip servers running platforms either Ubuntu Xenial (16.04) or above. Fixes: #320 and #291 partially.
2018-02-12 18:18:03 +01:00
response = self.client_get(uri)
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-25 02:29:22 +02:00
_get_sendfile.cache_clear()
typing: Improve typing with assertions. This fixes some mypy errors discovered with django-stubs.
2021-08-18 17:54:22 +02:00
assert settings.LOCAL_UPLOADS_DIR is not None
test_upload: Refactor test_upload output to new filepath. We write a function to set the `LOCAL_UPLOADS_DIR` path depending on whether tests are being run in parallel or serial mode.
2019-07-05 21:50:51 +02:00
test_run, worker = os.path.split(os.path.dirname(settings.LOCAL_UPLOADS_DIR))
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
response["X-Accel-Redirect"],
"/serve_uploads/" + fp_path + "/" + name_str_for_test,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
if content_disposition != "":
self.assertIn("attachment;", response["Content-disposition"])
self.assertIn(content_disposition, response["Content-disposition"])
uploads: Make django-sendfile to force downloading attachments. We start to force downloads for the attachment files. We do this for all files except images or pdf's. We would like images or pdf's to open up in browser itself. Tweaked by tabbott for comment clarity and correctness.
2018-03-13 07:08:27 +01:00
else:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assertIn("inline;", response["Content-disposition"])
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
set(response["Cache-Control"].split(", ")), {"private", "immutable"}
)
uploads: Make django-sendfile to force downloading attachments. We start to force downloads for the attachment files. We do this for all files except images or pdf's. We would like images or pdf's to open up in browser itself. Tweaked by tabbott for comment clarity and correctness.
2018-03-13 07:08:27 +01:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
check_xsend_links("zulip.txt", "zulip.txt", 'filename="zulip.txt"')
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
check_xsend_links(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"áéБД.txt",
"%C3%A1%C3%A9%D0%91%D0%94.txt",
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
"filename*=UTF-8''%C3%A1%C3%A9%D0%91%D0%94.txt",
)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
check_xsend_links("zulip.html", "zulip.html", 'filename="zulip.html"')
check_xsend_links("zulip.sh", "zulip.sh", 'filename="zulip.sh"')
check_xsend_links("zulip.jpeg", "zulip.jpeg")
uploads: Add an endpoint which forces a download. This is most useful for images hosted in S3, which are otherwise always displayed in the browser.
2022-03-22 04:38:18 +01:00
check_xsend_links(
"zulip.jpeg", "zulip.jpeg", download=True, content_disposition='filename="zulip.jpeg"'
)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
check_xsend_links("áéБД.pdf", "%C3%A1%C3%A9%D0%91%D0%94.pdf")
check_xsend_links("zulip", "zulip", 'filename="zulip"')
local-uploads: Start running authentication checks on file requests. From here on we start to authenticate uploaded file request before serving this files in production. This involves allowing NGINX to pass on these file requests to Django for authentication and then serve these files by making use on internal redirect requests having x-accel-redirect field. The redirection on requests and loading of x-accel-redirect param is handled by django-sendfile. NOTE: This commit starts to authenticate these requests for Zulip servers running platforms either Ubuntu Xenial (16.04) or above. Fixes: #320 and #291 partially.
2018-02-12 18:18:03 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def tearDown(self) -> None:
Add SetAvatarTest to test_upload.py. Test multiple file uploads for /json/set_avatar. Test no file upload for /json/set_avatar. Add test images for SetAvatarTest.
2016-04-17 23:51:49 +02:00
destroy_uploads()
tests: tearDown overrides should call super().tearDown(). ZulipTestCase subclasses that override tearDown() should call the parent class tearDown() too, as it does some clean up of its own.
2019-10-18 16:11:48 +02:00
super().tearDown()
Add SetAvatarTest to test_upload.py. Test multiple file uploads for /json/set_avatar. Test no file upload for /json/set_avatar. Add test images for SetAvatarTest.
2016-04-17 23:51:49 +02:00
zerver/tests: Test ensure_medium_avatar_url when the file exists.
2018-05-14 23:47:19 +02:00
testing: Serialize test_upload. This commit makes test_upload tests compatible with parallel model.
2017-02-16 10:10:37 +01:00
class AvatarTest(UploadSerializeMixin, ZulipTestCase):
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_get_avatar_field(self) -> None:
Add get_avatar_field() function. This function is designed to replace avatar_url() and avatar_url_from_dict() over time. There are a few things new about it: * We make the parameters more explicit, rather than passing in an opaque dictionary or requiring a UserProfile object. (A lot of our callers want to use `values()` for efficiency sake, since we are often doing bulk user operations.) * We start to support the client_gravatar option.
2017-10-10 03:53:25 +02:00
with self.settings(AVATAR_SALT="salt"):
url = get_avatar_field(
user_id=17,
realm_id=5,
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
email="foo@example.com",
Add get_avatar_field() function. This function is designed to replace avatar_url() and avatar_url_from_dict() over time. There are a few things new about it: * We make the parameters more explicit, rather than passing in an opaque dictionary or requiring a UserProfile object. (A lot of our callers want to use `values()` for efficiency sake, since we are often doing bulk user operations.) * We start to support the client_gravatar option.
2017-10-10 03:53:25 +02:00
avatar_source=UserProfile.AVATAR_FROM_USER,
avatar_version=2,
medium=True,
client_gravatar=False,
)
self.assertEqual(
url,
avatar: Remove ?x=x kludge. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-14 00:50:26 +02:00
"/user_avatars/5/fc2b9f1a81f4508a4df2d95451a2a77e0524ca0e-medium.png?version=2",
Add get_avatar_field() function. This function is designed to replace avatar_url() and avatar_url_from_dict() over time. There are a few things new about it: * We make the parameters more explicit, rather than passing in an opaque dictionary or requiring a UserProfile object. (A lot of our callers want to use `values()` for efficiency sake, since we are often doing bulk user operations.) * We start to support the client_gravatar option.
2017-10-10 03:53:25 +02:00
)
url = get_avatar_field(
user_id=9999,
realm_id=9999,
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
email="foo@example.com",
Add get_avatar_field() function. This function is designed to replace avatar_url() and avatar_url_from_dict() over time. There are a few things new about it: * We make the parameters more explicit, rather than passing in an opaque dictionary or requiring a UserProfile object. (A lot of our callers want to use `values()` for efficiency sake, since we are often doing bulk user operations.) * We start to support the client_gravatar option.
2017-10-10 03:53:25 +02:00
avatar_source=UserProfile.AVATAR_FROM_GRAVATAR,
avatar_version=2,
medium=True,
client_gravatar=False,
)
self.assertEqual(
url,
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"https://secure.gravatar.com/avatar/b48def645758b95537d4424c84d1a9ff?d=identicon&s=500&version=2",
Add get_avatar_field() function. This function is designed to replace avatar_url() and avatar_url_from_dict() over time. There are a few things new about it: * We make the parameters more explicit, rather than passing in an opaque dictionary or requiring a UserProfile object. (A lot of our callers want to use `values()` for efficiency sake, since we are often doing bulk user operations.) * We start to support the client_gravatar option.
2017-10-10 03:53:25 +02:00
)
url = get_avatar_field(
user_id=9999,
realm_id=9999,
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
email="foo@example.com",
Add get_avatar_field() function. This function is designed to replace avatar_url() and avatar_url_from_dict() over time. There are a few things new about it: * We make the parameters more explicit, rather than passing in an opaque dictionary or requiring a UserProfile object. (A lot of our callers want to use `values()` for efficiency sake, since we are often doing bulk user operations.) * We start to support the client_gravatar option.
2017-10-10 03:53:25 +02:00
avatar_source=UserProfile.AVATAR_FROM_GRAVATAR,
avatar_version=2,
medium=True,
client_gravatar=True,
)
self.assertEqual(url, None)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_avatar_url(self) -> None:
avatar: Fix buggy avatar URL scheme with S3 backend. Also adds tests for the avatar URL scheme.
2017-03-21 23:53:54 +01:00
"""Verifies URL schemes for avatars and realm icons."""
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
backend: ZulipUploadBackend = LocalUploadBackend()
subdomains: Extend "static" to include resources hosted on S3. This causes avatars and emoji which are hosted by Zulip in S3 (or compatible) servers to no longer go through camo. Routing these requests through camo does not add any privacy benefit (as the request logs there go to the Zulip admins regardless), and may break emoji imported from Slack before 1bf385e35f04aad8121d685c42e46a3829130508, which have `application/octet-stream` as their stored Content-Type.
2021-06-05 02:38:54 +02:00
self.assertEqual(backend.get_public_upload_root_url(), "/user_avatars/")
avatar: Remove ?x=x kludge. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-14 00:50:26 +02:00
self.assertEqual(backend.get_avatar_url("hash", False), "/user_avatars/hash.png")
self.assertEqual(backend.get_avatar_url("hash", True), "/user_avatars/hash-medium.png")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
backend.get_realm_icon_url(15, 1), "/user_avatars/15/realm/icon.png?version=1"
)
self.assertEqual(
backend.get_realm_logo_url(15, 1, False), "/user_avatars/15/realm/logo.png?version=1"
)
self.assertEqual(
backend.get_realm_logo_url(15, 1, True),
"/user_avatars/15/realm/night_logo.png?version=1",
)
avatar: Fix buggy avatar URL scheme with S3 backend. Also adds tests for the avatar URL scheme.
2017-03-21 23:53:54 +01:00
with self.settings(S3_AVATAR_BUCKET="bucket"):
backend = S3UploadBackend()
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
avatar: Remove ?x=x kludge. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-14 00:50:26 +02:00
backend.get_avatar_url("hash", False), "https://bucket.s3.amazonaws.com/hash"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
self.assertEqual(
backend.get_avatar_url("hash", True),
avatar: Remove ?x=x kludge. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-14 00:50:26 +02:00
"https://bucket.s3.amazonaws.com/hash-medium.png",
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
self.assertEqual(
backend.get_realm_icon_url(15, 1),
"https://bucket.s3.amazonaws.com/15/realm/icon.png?version=1",
)
self.assertEqual(
backend.get_realm_logo_url(15, 1, False),
"https://bucket.s3.amazonaws.com/15/realm/logo.png?version=1",
)
self.assertEqual(
backend.get_realm_logo_url(15, 1, True),
"https://bucket.s3.amazonaws.com/15/realm/night_logo.png?version=1",
)
avatar: Fix buggy avatar URL scheme with S3 backend. Also adds tests for the avatar URL scheme.
2017-03-21 23:53:54 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_multiple_upload_failure(self) -> None:
Add SetAvatarTest to test_upload.py. Test multiple file uploads for /json/set_avatar. Test no file upload for /json/set_avatar. Add test images for SetAvatarTest.
2016-04-17 23:51:49 +02:00
"""
Attempting to upload two files should fail.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
with get_test_image_file("img.png") as fp1, get_test_image_file("img.png") as fp2:
result = self.client_post("/json/users/me/avatar", {"f1": fp1, "f2": fp2})
Add SetAvatarTest to test_upload.py. Test multiple file uploads for /json/set_avatar. Test no file upload for /json/set_avatar. Add test images for SetAvatarTest.
2016-04-17 23:51:49 +02:00
self.assert_json_error(result, "You must upload exactly one avatar.")
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_no_file_upload_failure(self) -> None:
Add SetAvatarTest to test_upload.py. Test multiple file uploads for /json/set_avatar. Test no file upload for /json/set_avatar. Add test images for SetAvatarTest.
2016-04-17 23:51:49 +02:00
"""
Calling this endpoint with no files should fail.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Add SetAvatarTest to test_upload.py. Test multiple file uploads for /json/set_avatar. Test no file upload for /json/set_avatar. Add test images for SetAvatarTest.
2016-04-17 23:51:49 +02:00
urls: Use POST for zerver.views.user_settings.set_avatar_backend. The set_avatar_backend is changed from PUT to POST becuase this is not idempotent.
2017-07-05 19:15:15 +02:00
result = self.client_post("/json/users/me/avatar")
Add SetAvatarTest to test_upload.py. Test multiple file uploads for /json/set_avatar. Test no file upload for /json/set_avatar. Add test images for SetAvatarTest.
2016-04-17 23:51:49 +02:00
self.assert_json_error(result, "You must upload exactly one avatar.")
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
def test_avatar_changes_disabled_failure(self) -> None:
"""
Attempting to upload avatar on a realm with avatar changes disabled should fail.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("cordelia")
refactor: Make acting_user a mandatory kwarg for do_set_realm_property.
2021-03-01 11:33:24 +01:00
do_set_realm_property(
self.example_user("cordelia").realm,
"avatar_changes_disabled",
True,
acting_user=None,
)
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with get_test_image_file("img.png") as fp1:
result = self.client_post("/json/users/me/avatar", {"f1": fp1})
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
self.assert_json_error(result, "Avatar changes are disabled in this organization.")
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
correct_files = [
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
("img.png", "png_resized.png"),
("img.jpg", None), # jpeg resizing is platform-dependent
("img.gif", "gif_resized.png"),
("img.tif", "tif_resized.png"),
("cmyk.jpg", None),
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
corrupt_files = ["text.txt", "corrupt.png", "corrupt.gif"]
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_get_gravatar_avatar(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
cordelia = self.example_user("cordelia")
tests: Use email/delivery_email more explicitly. We try to use the correct variation of `email` or `delivery_email`, even though in some databases they are the same. (To find the differences, I temporarily hacked populate_db to use different values for email and delivery_email, and reduced email visibility in the zulip realm to admins only.) In places where we want the "normal" realm behavior of showing emails (and having `email` be the same as `delivery_email`), we use the new `reset_emails_in_zulip_realm` helper. A couple random things: - I fixed any error messages that were leaking the wrong email - a test that claimed to rely on the order of emails no longer does (we sort user_ids instead) - we now use user_ids in some place where we used to use emails - for IRC mirrors I just punted and used `reset_emails_in_zulip_realm` in most places - for MIT-related tests, I didn't fix email vs. delivery_email unless it was obvious I also explicitly reset the realm to a "normal" realm for a couple tests that I frankly just didn't have the energy to debug. (Also, we do want some coverage on the normal case, even though it is "easier" for tests to pass if you mix up `email` and `delivery_email`.) In particular, I just reset data for the analytics and corporate tests.
2020-03-12 14:17:25 +01:00
cordelia.email = cordelia.delivery_email
cordelia.save()
Add test coverage for /avatar/<email>
2016-07-13 01:56:59 +02:00
cordelia.avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
cordelia.save()
with self.settings(ENABLE_GRAVATAR=True):
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/avatar/cordelia@zulip.com", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
self.assertEqual(redirect_url, str(avatar_url(cordelia)) + "&foo=bar")
Add test coverage for /avatar/<email>
2016-07-13 01:56:59 +02:00
with self.settings(ENABLE_GRAVATAR=False):
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/avatar/cordelia@zulip.com", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cordelia)) + "&foo=bar"))
Add test coverage for /avatar/<email>
2016-07-13 01:56:59 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_get_user_avatar(self) -> None:
test performance: Pass in users to api_* helpers. This reduces query counts in some cases, since we no longer need to look up the user again. In particular, it reduces some noise when we count queries for O(N)-related tests. The query count is usually reduced by 2 per API call. We no longer need to look up Realm and UserProfile. In most cases we are saving these lookups for the whole tests, since we usually already have the `user` objects for other reasons. In a few places we are simply moving where that query happens within the test. In some places I shorten names like `test_user` or `user_profile` to just be `user`.
2020-03-10 11:48:26 +01:00
hamlet = self.example_user("hamlet")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(hamlet)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
cordelia = self.example_user("cordelia")
tests: Use email/delivery_email more explicitly. We try to use the correct variation of `email` or `delivery_email`, even though in some databases they are the same. (To find the differences, I temporarily hacked populate_db to use different values for email and delivery_email, and reduced email visibility in the zulip realm to admins only.) In places where we want the "normal" realm behavior of showing emails (and having `email` be the same as `delivery_email`), we use the new `reset_emails_in_zulip_realm` helper. A couple random things: - I fixed any error messages that were leaking the wrong email - a test that claimed to rely on the order of emails no longer does (we sort user_ids instead) - we now use user_ids in some place where we used to use emails - for IRC mirrors I just punted and used `reset_emails_in_zulip_realm` in most places - for MIT-related tests, I didn't fix email vs. delivery_email unless it was obvious I also explicitly reset the realm to a "normal" realm for a couple tests that I frankly just didn't have the energy to debug. (Also, we do want some coverage on the normal case, even though it is "easier" for tests to pass if you mix up `email` and `delivery_email`.) In particular, I just reset data for the analytics and corporate tests.
2020-03-12 14:17:25 +01:00
cordelia.email = cordelia.delivery_email
cordelia.save()
bots: Pass realm to remaining get_system_bot calls in tests.
2021-03-08 11:54:39 +01:00
internal_realm = get_realm(settings.SYSTEM_BOT_REALM)
cross_realm_bot = get_system_bot(settings.WELCOME_BOT, internal_realm.id)
Add test coverage for /avatar/<email>
2016-07-13 01:56:59 +02:00
cordelia.avatar_source = UserProfile.AVATAR_FROM_USER
cordelia.save()
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/avatar/cordelia@zulip.com", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cordelia)) + "&foo=bar"))
Add test coverage for /avatar/<email>
2016-07-13 01:56:59 +02:00
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get(f"/avatar/{cordelia.id}", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cordelia)) + "&foo=bar"))
Support email changes for !avatar syntax. Significantly modified by tabbott to avoid calling get_user_profile_by_email in bugdown, and have 100% test coverage of the views code. Fixes #2041.
2016-10-24 16:42:43 +02:00
avatars: Fix 500 with the /avatar/ URL to be a 404. Apparently, we had a somewhat sloppy regular expression for the URL for this endpoint.
2018-04-18 21:40:54 +02:00
response = self.client_get("/avatar/")
self.assertEqual(response.status_code, 404)
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
self.logout()
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
with self.settings(WEB_PUBLIC_STREAMS_ENABLED=False):
# Test /avatar/<email_or_id> endpoint with HTTP basic auth.
response = self.api_get(hamlet, "/avatar/cordelia@zulip.com", {"foo": "bar"})
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cordelia)) + "&foo=bar"))
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
response = self.api_get(hamlet, f"/avatar/{cordelia.id}", {"foo": "bar"})
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cordelia)) + "&foo=bar"))
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
# Test cross_realm_bot avatar access using email.
response = self.api_get(hamlet, "/avatar/welcome-bot@zulip.com", {"foo": "bar"})
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cross_realm_bot)) + "&foo=bar"))
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
# Test cross_realm_bot avatar access using id.
response = self.api_get(hamlet, f"/avatar/{cross_realm_bot.id}", {"foo": "bar"})
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cross_realm_bot)) + "&foo=bar"))
# Without spectators enabled, no unauthenticated access.
response = self.client_get("/avatar/cordelia@zulip.com", {"foo": "bar"})
self.assert_json_error(
response,
"Not logged in: API authentication or user session required",
status_code=401,
)
# Allow unauthenticated/spectator requests by ID.
response = self.client_get(f"/avatar/{cordelia.id}", {"foo": "bar"})
self.assertEqual(302, response.status_code)
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
# Disallow unauthenticated/spectator requests by email.
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/avatar/cordelia@zulip.com", {"foo": "bar"})
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assert_json_error(
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
response,
"Not logged in: API authentication or user session required",
status_code=401,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_get_user_avatar_medium(self) -> None:
test performance: Pass in users to api_* helpers. This reduces query counts in some cases, since we no longer need to look up the user again. In particular, it reduces some noise when we count queries for O(N)-related tests. The query count is usually reduced by 2 per API call. We no longer need to look up Realm and UserProfile. In most cases we are saving these lookups for the whole tests, since we usually already have the `user` objects for other reasons. In a few places we are simply moving where that query happens within the test. In some places I shorten names like `test_user` or `user_profile` to just be `user`.
2020-03-10 11:48:26 +01:00
hamlet = self.example_user("hamlet")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(hamlet)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
cordelia = self.example_user("cordelia")
tests: Use email/delivery_email more explicitly. We try to use the correct variation of `email` or `delivery_email`, even though in some databases they are the same. (To find the differences, I temporarily hacked populate_db to use different values for email and delivery_email, and reduced email visibility in the zulip realm to admins only.) In places where we want the "normal" realm behavior of showing emails (and having `email` be the same as `delivery_email`), we use the new `reset_emails_in_zulip_realm` helper. A couple random things: - I fixed any error messages that were leaking the wrong email - a test that claimed to rely on the order of emails no longer does (we sort user_ids instead) - we now use user_ids in some place where we used to use emails - for IRC mirrors I just punted and used `reset_emails_in_zulip_realm` in most places - for MIT-related tests, I didn't fix email vs. delivery_email unless it was obvious I also explicitly reset the realm to a "normal" realm for a couple tests that I frankly just didn't have the energy to debug. (Also, we do want some coverage on the normal case, even though it is "easier" for tests to pass if you mix up `email` and `delivery_email`.) In particular, I just reset data for the analytics and corporate tests.
2020-03-12 14:17:25 +01:00
cordelia.email = cordelia.delivery_email
cordelia.save()
Add support for getting medium size profile images.
2017-02-23 20:13:56 +01:00
cordelia.avatar_source = UserProfile.AVATAR_FROM_USER
cordelia.save()
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/avatar/cordelia@zulip.com/medium", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cordelia, True)) + "&foo=bar"))
Add support for getting medium size profile images.
2017-02-23 20:13:56 +01:00
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get(f"/avatar/{cordelia.id}/medium", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cordelia, True)) + "&foo=bar"))
Add support for getting medium size profile images.
2017-02-23 20:13:56 +01:00
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
self.logout()
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
with self.settings(WEB_PUBLIC_STREAMS_ENABLED=False):
# Test /avatar/<email_or_id>/medium endpoint with HTTP basic auth.
response = self.api_get(hamlet, "/avatar/cordelia@zulip.com/medium", {"foo": "bar"})
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cordelia, True)) + "&foo=bar"))
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
response = self.api_get(hamlet, f"/avatar/{cordelia.id}/medium", {"foo": "bar"})
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(str(avatar_url(cordelia, True)) + "&foo=bar"))
# Without spectators enabled, no unauthenticated access.
response = self.client_get("/avatar/cordelia@zulip.com/medium", {"foo": "bar"})
self.assert_json_error(
response,
"Not logged in: API authentication or user session required",
status_code=401,
)
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
# Allow unauthenticated/spectator requests by ID.
response = self.client_get(f"/avatar/{cordelia.id}/medium", {"foo": "bar"})
self.assertEqual(302, response.status_code)
# Disallow unauthenticated/spectator requests by email.
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/avatar/cordelia@zulip.com/medium", {"foo": "bar"})
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assert_json_error(
users: Allow spectators to view user avatars. If realm is web_public, spectators can now view avatar of other users. There is a special exception we had to introduce in rest model to allow `/avatar` type of urls for `anonymous` access, because they don't have the /api/v1 prefix. Fixes #19838.
2021-11-01 12:21:17 +01:00
response,
"Not logged in: API authentication or user session required",
status_code=401,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
avatar: Allow API authentication for /avatar/ routes. This makes it feasibly for the mobile apps to correctly render user avatars generated by the `!avatar()` syntax.
2018-08-13 19:09:09 +02:00
avatar: Add rate limit similar to attachments on medium avatars. Followup on #20136
2022-03-28 09:42:58 +02:00
with self.settings(RATE_LIMITING=True):
# Allow unauthenticated/spectator requests by ID for a reasonable number of requests.
add_ratelimit_rule(86400, 1000, domain="spectator_attachment_access_by_file")
response = self.client_get(f"/avatar/{cordelia.id}/medium", {"foo": "bar"})
self.assertEqual(302, response.status_code)
remove_ratelimit_rule(86400, 1000, domain="spectator_attachment_access_by_file")
# Deny file access since rate limited
add_ratelimit_rule(86400, 0, domain="spectator_attachment_access_by_file")
response = self.client_get(f"/avatar/{cordelia.id}/medium", {"foo": "bar"})
self.assertEqual(429, response.status_code)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_non_valid_user_avatar(self) -> None:
Add test coverage for /avatar/<email>
2016-07-13 01:56:59 +02:00
# It's debatable whether we should generate avatars for non-users,
# but this test just validates the current code's behavior.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Add test coverage for /avatar/<email>
2016-07-13 01:56:59 +02:00
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/avatar/nonexistent_user@zulip.com", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
actual_url = "https://secure.gravatar.com/avatar/444258b521f152129eb0c162996e572d?d=identicon&version=1&foo=bar"
Add test coverage for /avatar/<email>
2016-07-13 01:56:59 +02:00
self.assertEqual(redirect_url, actual_url)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_valid_avatars(self) -> None:
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
"""
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
A PUT request to /json/users/me/avatar with a valid file should return a URL and actually create an avatar.
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
"""
Bump user_profile.avatar_version when we change avatars. We have a field called user_profile.avatar_version that will track avatar versions and be used tactically in avatar urls to get browsers to refresh their caches (in future commits). This commit bumps the avatar version when we update avatars. We do this in do_change_avatar_fields(), which was do_change_avatar_source() before this change. Adarsh did the initial work here, and Steve Howell (showell) also made changes.
2017-01-28 19:05:20 +01:00
version = 2
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
for fname, rfname in self.correct_files:
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
with self.subTest(fname=fname):
self.login("hamlet")
with get_test_image_file(fname) as fp:
result = self.client_post("/json/users/me/avatar", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
self.assertIn("avatar_url", response_dict)
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
base = "/user_avatars/"
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
url = self.assert_json_success(result)["avatar_url"]
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
self.assertEqual(base, url[: len(base)])
if rfname is not None:
response = self.client_get(url)
assert isinstance(response, StreamingHttpResponse)
data = b"".join(response.streaming_content)
self.assertEqual(Image.open(io.BytesIO(data)).size, (100, 100))
# Verify that the medium-size avatar was created
user_profile = self.example_user("hamlet")
medium_avatar_disk_path = avatar_disk_path(user_profile, medium=True)
self.assertTrue(os.path.exists(medium_avatar_disk_path))
# Verify that ensure_medium_avatar_url does not overwrite this file if it exists
with mock.patch("zerver.lib.upload.write_local_file") as mock_write_local_file:
zerver.lib.upload.upload_backend.ensure_avatar_image(
user_profile, is_medium=True
)
self.assertFalse(mock_write_local_file.called)
# Confirm that ensure_medium_avatar_url works to recreate
# medium size avatars from the original if needed
os.remove(medium_avatar_disk_path)
self.assertFalse(os.path.exists(medium_avatar_disk_path))
upload: Refactor and add tests for ensure_avatar_image in upload.py. `ensure_basic_avatar_image` and `ensure_medium_avatar_image` are essentially the same thing, except a size parameter. So, refactor them into a single function. This doesn't introduce any functional changes.
2021-03-17 17:54:23 +01:00
zerver.lib.upload.upload_backend.ensure_avatar_image(user_profile, is_medium=True)
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
self.assertTrue(os.path.exists(medium_avatar_disk_path))
Add medium size avatars for use on the user's own settings page. This adds a medium (500px) size avatar thumbnail, that can be referenced as `{name}-medium.png`. It is intended to be used on the user's own settings page, though we may come up with other use cases for high-resolution avatars in the future. This will automatically generate and upload the medium avatar images when a new avatar original is uploaded, and contains a migration (contributed by Kirill Kanakhin) to ensure all pre-existing avatar images have a medium avatar. Note that this implementation does not provide an endpoint for fetching the medium-size avatar for another user. [substantially modified by tabbott]
2016-09-20 21:48:48 +02:00
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
# Verify whether the avatar_version gets incremented with every new upload
self.assertEqual(user_profile.avatar_version, version)
version += 1
Bump user_profile.avatar_version when we change avatars. We have a field called user_profile.avatar_version that will track avatar versions and be used tactically in avatar urls to get browsers to refresh their caches (in future commits). This commit bumps the avatar version when we update avatars. We do this in do_change_avatar_fields(), which was do_change_avatar_source() before this change. Adarsh did the initial work here, and Steve Howell (showell) also made changes.
2017-01-28 19:05:20 +01:00
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
def test_copy_avatar_image(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
with get_test_image_file("img.png") as image_file:
self.client_post("/json/users/me/avatar", {"file": image_file})
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
source_user_profile = self.example_user("hamlet")
target_user_profile = self.example_user("iago")
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
create_user: Initialize settings according to realm-level defaults. This commit modifies the copy_user_settings code such that instead of source user profile, we can have two types of sources - a user profile and RealmUserDefault table of realm and then set the settings from RealmUserDefault only is there is no user profile as a source. We also rename copy_user_settings to copy_default_settings for clarity.
2021-06-29 18:08:42 +02:00
copy_default_settings(source_user_profile, target_user_profile)
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
source_path_id = avatar_disk_path(source_user_profile)
target_path_id = avatar_disk_path(target_user_profile)
self.assertNotEqual(source_path_id, target_path_id)
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-24 09:33:54 +02:00
with open(source_path_id, "rb") as source, open(target_path_id, "rb") as target:
self.assertEqual(source.read(), target.read())
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
source_original_path_id = avatar_disk_path(source_user_profile, original=True)
target_original_path_id = avatar_disk_path(target_user_profile, original=True)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
with open(source_original_path_id, "rb") as source, open(
target_original_path_id, "rb"
) as target:
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-24 09:33:54 +02:00
self.assertEqual(source.read(), target.read())
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
source_medium_path_id = avatar_disk_path(source_user_profile, medium=True)
target_medium_path_id = avatar_disk_path(target_user_profile, medium=True)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
with open(source_medium_path_id, "rb") as source, open(
target_medium_path_id, "rb"
) as target:
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-24 09:33:54 +02:00
self.assertEqual(source.read(), target.read())
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
def test_delete_avatar_image(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
with get_test_image_file("img.png") as image_file:
self.client_post("/json/users/me/avatar", {"file": image_file})
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user = self.example_user("hamlet")
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
avatar_path_id = avatar_disk_path(user)
avatar_original_path_id = avatar_disk_path(user, original=True)
avatar_medium_path_id = avatar_disk_path(user, medium=True)
self.assertEqual(user.avatar_source, UserProfile.AVATAR_FROM_USER)
self.assertTrue(os.path.isfile(avatar_path_id))
self.assertTrue(os.path.isfile(avatar_original_path_id))
self.assertTrue(os.path.isfile(avatar_medium_path_id))
actions: Split out zerver.actions.user_settings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:49:26 +02:00
do_delete_avatar_image(user, acting_user=user)
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
self.assertEqual(user.avatar_source, UserProfile.AVATAR_FROM_GRAVATAR)
self.assertFalse(os.path.isfile(avatar_path_id))
self.assertFalse(os.path.isfile(avatar_original_path_id))
self.assertFalse(os.path.isfile(avatar_medium_path_id))
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_invalid_avatars(self) -> None:
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
"""
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
A PUT request to /json/users/me/avatar with an invalid file should fail.
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
"""
for fname in self.corrupt_files:
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
with self.subTest(fname=fname):
self.login("hamlet")
with get_test_image_file(fname) as fp:
result = self.client_post("/json/users/me/avatar", {"file": fp})
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
self.assert_json_error(
result, "Could not decode image; did you upload an image file?"
)
user_profile = self.example_user("hamlet")
self.assertEqual(user_profile.avatar_version, 1)
Add tests for checking image validity in SetAvatarTest.
2016-04-17 23:57:03 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_delete_avatar(self) -> None:
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
"""
settings: Rename "user avatar" to "profile picture" This renames references to user avatars, bot avatars, or organization icons to profile pictures. The string in the UI are updated, in addition to the help files, comments, and documentation. Actual variable/function names, changelog entries, routes, and s3 buckets are left as-is in order to avoid introducing bugs. Fixes #11824.
2019-03-09 17:43:48 +01:00
A DELETE request to /json/users/me/avatar should delete the profile picture and return gravatar URL
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("cordelia")
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
cordelia = self.example_user("cordelia")
cordelia.avatar_source = UserProfile.AVATAR_FROM_USER
cordelia.save()
refactor: Make acting_user a mandatory kwarg for do_set_realm_property.
2021-03-01 11:33:24 +01:00
do_set_realm_property(cordelia.realm, "avatar_changes_disabled", True, acting_user=None)
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
result = self.client_delete("/json/users/me/avatar")
self.assert_json_error(result, "Avatar changes are disabled in this organization.", 400)
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
refactor: Make acting_user a mandatory kwarg for do_set_realm_property.
2021-03-01 11:33:24 +01:00
do_set_realm_property(cordelia.realm, "avatar_changes_disabled", False, acting_user=None)
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
result = self.client_delete("/json/users/me/avatar")
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
user_profile = self.example_user("cordelia")
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
self.assertIn("avatar_url", response_dict)
self.assertEqual(response_dict["avatar_url"], avatar_url(user_profile))
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
self.assertEqual(user_profile.avatar_source, UserProfile.AVATAR_FROM_GRAVATAR)
Bump user_profile.avatar_version when we change avatars. We have a field called user_profile.avatar_version that will track avatar versions and be used tactically in avatar urls to get browsers to refresh their caches (in future commits). This commit bumps the avatar version when we update avatars. We do this in do_change_avatar_fields(), which was do_change_avatar_source() before this change. Adarsh did the initial work here, and Steve Howell (showell) also made changes.
2017-01-28 19:05:20 +01:00
self.assertEqual(user_profile.avatar_version, 2)
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_avatar_upload_file_size_error(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Add size limit for uploading user avatars and realm icons. - Add settings parameter for max realm icon size. - Add settings parameter for max user avatar size. - Add checking file size to avatar and icon uploading views. - Transfer file size limit parameter to frontend. - Add tests.
2017-03-06 06:22:28 +01:00
with get_test_image_file(self.correct_files[0][0]) as fp:
settings: Rename MAX_AVATAR_FILE_SIZE. Rename MAX_AVATAR_FILE_SIZE to MAX_AVATAR_FILE_SIZE_MIB reflecting size in mebibytes.
2021-05-29 08:51:07 +02:00
with self.settings(MAX_AVATAR_FILE_SIZE_MIB=0):
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/users/me/avatar", {"file": fp})
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
self.assert_json_error(result, "Uploaded file is larger than the allowed limit of 0 MiB")
Add size limit for uploading user avatars and realm icons. - Add settings parameter for max realm icon size. - Add settings parameter for max user avatar size. - Add checking file size to avatar and icon uploading views. - Transfer file size limit parameter to frontend. - Add tests.
2017-03-06 06:22:28 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def tearDown(self) -> None:
Add SetAvatarTest to test_upload.py. Test multiple file uploads for /json/set_avatar. Test no file upload for /json/set_avatar. Add test images for SetAvatarTest.
2016-04-17 23:51:49 +02:00
destroy_uploads()
tests: tearDown overrides should call super().tearDown(). ZulipTestCase subclasses that override tearDown() should call the parent class tearDown() too, as it does some clean up of its own.
2019-10-18 16:11:48 +02:00
super().tearDown()
Add a test for local file uploads.
2016-04-14 23:44:39 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
test_upload: Add tests for `resize_emoji`.
2018-04-15 13:20:36 +02:00
class EmojiTest(UploadSerializeMixin, ZulipTestCase):
emoji: Add support for animated GIF images. This commit adds 'resize_gif()' function which extracts each frame, resize it and coalesces them again to form the resized GIF while preserving the duration of the GIF. I read some stackoverflow answers all of which were referring to BiggleZX's script (https://gist.github.com/BigglesZX/4016539) for working with animated GIF. I modified the script to fit to our usecase and did some manual testing but the function was failing for some specific GIFs and was not preserving the duration of animation. So I went ahead and read about GIF format itself as well as PIL's `GifImagePlugin` code and came up with this simple function which gets the worked done in a much cleaner way. I tested this function on a number of GIF images from giphy.com and it resized all of them correctly. Fixes: #9945.
2018-07-17 20:27:09 +02:00
# While testing GIF resizing, we can't test if the final GIF has the same
# number of frames as the original one because PIL drops duplicate frames
# with a corresponding increase in the duration of the previous frame.
test_upload: Add tests for `resize_emoji`.
2018-04-15 13:20:36 +02:00
def test_resize_emoji(self) -> None:
# Test unequal width and height of animated GIF image
tests: Use read_test_image_file. Fixes a ResourceWarning from the unclosed file at test_upload.py:1954. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 23:24:16 +01:00
animated_unequal_img_data = read_test_image_file("animated_unequal_img.gif")
emoji: Add backend changes to support still image for animated emojis. Now, when we add a custom animated emoji to the realm we also save a still image of it (1st frame of the gif). So we can avoid showing an animated emoji every time.
2021-08-12 10:19:53 +02:00
resized_img_data, is_animated, still_img_data = resize_emoji(
animated_unequal_img_data, size=50
)
emoji: Add support for animated GIF images. This commit adds 'resize_gif()' function which extracts each frame, resize it and coalesces them again to form the resized GIF while preserving the duration of the GIF. I read some stackoverflow answers all of which were referring to BiggleZX's script (https://gist.github.com/BigglesZX/4016539) for working with animated GIF. I modified the script to fit to our usecase and did some manual testing but the function was failing for some specific GIFs and was not preserving the duration of animation. So I went ahead and read about GIF format itself as well as PIL's `GifImagePlugin` code and came up with this simple function which gets the worked done in a much cleaner way. I tested this function on a number of GIF images from giphy.com and it resized all of them correctly. Fixes: #9945.
2018-07-17 20:27:09 +02:00
im = Image.open(io.BytesIO(resized_img_data))
self.assertEqual((50, 50), im.size)
emoji: Add backend changes to support still image for animated emojis. Now, when we add a custom animated emoji to the realm we also save a still image of it (1st frame of the gif). So we can avoid showing an animated emoji every time.
2021-08-12 10:19:53 +02:00
self.assertTrue(is_animated)
assert still_img_data is not None
still_image = Image.open(io.BytesIO(still_img_data))
self.assertEqual((50, 50), still_image.size)
test_upload: Add tests for `resize_emoji`.
2018-04-15 13:20:36 +02:00
# Test corrupt image exception
tests: Use read_test_image_file. Fixes a ResourceWarning from the unclosed file at test_upload.py:1954. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 23:24:16 +01:00
corrupted_img_data = read_test_image_file("corrupt.gif")
test_upload: Add tests for `resize_emoji`.
2018-04-15 13:20:36 +02:00
with self.assertRaises(BadImageError):
resize_emoji(corrupted_img_data)
emoji: Support animated PNGs.
2022-02-17 01:07:58 +01:00
for img_format in ("gif", "png"):
animated_large_img_data = read_test_image_file(f"animated_large_img.{img_format}")
tests: Refactor tests of resizing animated images.
2022-02-17 01:04:51 +01:00
emoji: Support animated PNGs.
2022-02-17 01:07:58 +01:00
def test_resize(size: int = 50) -> None:
resized_img_data, is_animated, still_img_data = resize_emoji(
animated_large_img_data, size=50
)
im = Image.open(io.BytesIO(resized_img_data))
self.assertEqual((size, size), im.size)
self.assertTrue(is_animated)
assert still_img_data
still_image = Image.open(io.BytesIO(still_img_data))
self.assertEqual((50, 50), still_image.size)
# Test an image larger than max is resized
with patch("zerver.lib.upload.MAX_EMOJI_GIF_SIZE", 128):
test_resize()
# Test an image file larger than max is resized
with patch("zerver.lib.upload.MAX_EMOJI_GIF_FILE_SIZE_BYTES", 3 * 1024 * 1024):
test_resize()
# Test an image smaller than max and smaller than file size max is not resized
with patch("zerver.lib.upload.MAX_EMOJI_GIF_SIZE", 512):
test_resize(size=256)
# Test a non-animated GIF image which does need to be resized
upload: Fix resizing non-animated images. 5dab6e9d31be began honoring the list of disposals for every frame. Unfortunately, passing a list of disposals for a non-animated image raises an exception: ``` File "zerver/lib/upload.py", line 212, in resize_emoji image_data = resize_gif(im, size) File "zerver/lib/upload.py", line 165, in resize_gif frames[0].save( File "[...]/PIL/Image.py", line 2212, in save save_handler(self, fp, filename) File "[...]/PIL/GifImagePlugin.py", line 605, in _save _write_single_frame(im, fp, palette) File "[...]/PIL/GifImagePlugin.py", line 506, in _write_single_frame _write_local_header(fp, im, (0, 0), flags) File "[...]/PIL/GifImagePlugin.py", line 647, in _write_local_header disposal = int(im.encoderinfo.get("disposal", 0)) TypeError: int() argument must be a string, a bytes-like object or a number, not 'list' ``` `check_add_realm_emoji` calls this as: ``` try: is_animated = upload_emoji_image(image_file, emoji_file_name, a uthor) emoji_uploaded_successfully = True finally: if not emoji_uploaded_successfully: realm_emoji.delete() return None # ... ``` This is equivalent to dropping _all_ exceptions silently. As such, Zulip has silently rejected all non-animated images larger than 64x64 since 5dab6e9d31be. Adjust to only pass a single disposal if there are no additional frames. Add a test for non-animated images, which requires also fixing the incidental bug that all GIF images were being recorded as animated, regardless of if they had more than 1 frame or not.
2022-02-16 23:26:31 +01:00
still_large_img_data = read_test_image_file("still_large_img.gif")
resized_img_data, is_animated, no_still_data = resize_emoji(still_large_img_data, size=50)
emoji: Support animated PNGs.
2022-02-17 01:07:58 +01:00
im = Image.open(io.BytesIO(resized_img_data))
self.assertEqual((50, 50), im.size)
self.assertFalse(is_animated)
assert no_still_data is None
# Test a non-animated and non-animatable image format which needs to be resized
still_large_img_data = read_test_image_file("img.jpg")
resized_img_data, is_animated, no_still_data = resize_emoji(still_large_img_data, size=50)
upload: Fix resizing non-animated images. 5dab6e9d31be began honoring the list of disposals for every frame. Unfortunately, passing a list of disposals for a non-animated image raises an exception: ``` File "zerver/lib/upload.py", line 212, in resize_emoji image_data = resize_gif(im, size) File "zerver/lib/upload.py", line 165, in resize_gif frames[0].save( File "[...]/PIL/Image.py", line 2212, in save save_handler(self, fp, filename) File "[...]/PIL/GifImagePlugin.py", line 605, in _save _write_single_frame(im, fp, palette) File "[...]/PIL/GifImagePlugin.py", line 506, in _write_single_frame _write_local_header(fp, im, (0, 0), flags) File "[...]/PIL/GifImagePlugin.py", line 647, in _write_local_header disposal = int(im.encoderinfo.get("disposal", 0)) TypeError: int() argument must be a string, a bytes-like object or a number, not 'list' ``` `check_add_realm_emoji` calls this as: ``` try: is_animated = upload_emoji_image(image_file, emoji_file_name, a uthor) emoji_uploaded_successfully = True finally: if not emoji_uploaded_successfully: realm_emoji.delete() return None # ... ``` This is equivalent to dropping _all_ exceptions silently. As such, Zulip has silently rejected all non-animated images larger than 64x64 since 5dab6e9d31be. Adjust to only pass a single disposal if there are no additional frames. Add a test for non-animated images, which requires also fixing the incidental bug that all GIF images were being recorded as animated, regardless of if they had more than 1 frame or not.
2022-02-16 23:26:31 +01:00
im = Image.open(io.BytesIO(resized_img_data))
self.assertEqual((50, 50), im.size)
self.assertFalse(is_animated)
assert no_still_data is None
test_upload: Add tests for `resize_emoji`.
2018-04-15 13:20:36 +02:00
def tearDown(self) -> None:
destroy_uploads()
tests: tearDown overrides should call super().tearDown(). ZulipTestCase subclasses that override tearDown() should call the parent class tearDown() too, as it does some clean up of its own.
2019-10-18 16:11:48 +02:00
super().tearDown()
test_upload: Add tests for `resize_emoji`.
2018-04-15 13:20:36 +02:00
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
class RealmIconTest(UploadSerializeMixin, ZulipTestCase):
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_multiple_upload_failure(self) -> None:
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
"""
Attempting to upload two files should fail.
"""
# Log in as admin
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
with get_test_image_file("img.png") as fp1, get_test_image_file("img.png") as fp2:
result = self.client_post("/json/realm/icon", {"f1": fp1, "f2": fp2})
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
self.assert_json_error(result, "You must upload exactly one icon.")
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_no_file_upload_failure(self) -> None:
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
"""
Calling this endpoint with no files should fail.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
urls: Use POST for zerver.views.realm_icon.upload_icon. This upload_icon endpoint is changed from PUT to POST becuase this endpoint is not idempotent.
2017-07-05 19:02:54 +02:00
result = self.client_post("/json/realm/icon")
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
self.assert_json_error(result, "You must upload exactly one icon.")
correct_files = [
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
("img.png", "png_resized.png"),
("img.jpg", None), # jpeg resizing is platform-dependent
("img.gif", "gif_resized.png"),
("img.tif", "tif_resized.png"),
("cmyk.jpg", None),
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
corrupt_files = ["text.txt", "corrupt.png", "corrupt.gif"]
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_no_admin_user_upload(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
with get_test_image_file(self.correct_files[0][0]) as fp:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/realm/icon", {"file": fp})
self.assert_json_error(result, "Must be an organization administrator")
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_get_gravatar_icon(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
realm = get_realm("zulip")
refactor: Make acting_user a mandatory kwarg for do_change_icon_source.
2021-04-08 10:42:55 +02:00
do_change_icon_source(realm, Realm.ICON_FROM_GRAVATAR, acting_user=None)
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
with self.settings(ENABLE_GRAVATAR=True):
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/json/realm/icon", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
self.assertEqual(redirect_url, realm_icon_url(realm) + "&foo=bar")
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
with self.settings(ENABLE_GRAVATAR=False):
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/json/realm/icon", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(realm_icon_url(realm) + "&foo=bar"))
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_get_realm_icon(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
realm = get_realm("zulip")
refactor: Make acting_user a mandatory kwarg for do_change_icon_source.
2021-04-08 10:42:55 +02:00
do_change_icon_source(realm, Realm.ICON_UPLOADED, acting_user=None)
python: Pass query parameters as a dict when making GET requests. This provides automatic URL-encoding. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 00:11:30 +02:00
response = self.client_get("/json/realm/icon", {"foo": "bar"})
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
self.assertTrue(redirect_url.endswith(realm_icon_url(realm) + "&foo=bar"))
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_valid_icons(self) -> None:
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
"""
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
A PUT request to /json/realm/icon with a valid file should return a URL
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
and actually create an realm icon.
"""
for fname, rfname in self.correct_files:
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
with self.subTest(fname=fname):
self.login("iago")
with get_test_image_file(fname) as fp:
result = self.client_post("/json/realm/icon", {"file": fp})
realm = get_realm("zulip")
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
self.assertIn("icon_url", response_dict)
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
base = f"/user_avatars/{realm.id}/realm/icon.png"
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
url = response_dict["icon_url"]
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
self.assertEqual(base, url[: len(base)])
if rfname is not None:
response = self.client_get(url)
assert isinstance(response, StreamingHttpResponse)
data = b"".join(response.streaming_content)
self.assertEqual(Image.open(io.BytesIO(data)).size, (100, 100))
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_invalid_icons(self) -> None:
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
"""
A PUT request to /json/realm/icon with an invalid file should fail.
"""
for fname in self.corrupt_files:
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
with self.subTest(fname=fname):
self.login("iago")
with get_test_image_file(fname) as fp:
result = self.client_post("/json/realm/icon", {"file": fp})
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
self.assert_json_error(
result, "Could not decode image; did you upload an image file?"
)
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_delete_icon(self) -> None:
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
"""
A DELETE request to /json/realm/icon should delete the realm icon and return gravatar URL
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
realm = get_realm("zulip")
refactor: Make acting_user a mandatory kwarg for do_change_icon_source.
2021-04-08 10:42:55 +02:00
do_change_icon_source(realm, Realm.ICON_UPLOADED, acting_user=None)
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
result = self.client_delete("/json/realm/icon")
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
self.assertIn("icon_url", response_dict)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
realm = get_realm("zulip")
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
self.assertEqual(response_dict["icon_url"], realm_icon_url(realm))
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
self.assertEqual(realm.icon_source, Realm.ICON_FROM_GRAVATAR)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_realm_icon_version(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
realm = get_realm("zulip")
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
icon_version = realm.icon_version
self.assertEqual(icon_version, 1)
with get_test_image_file(self.correct_files[0][0]) as fp:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.client_post("/json/realm/icon", {"file": fp})
realm = get_realm("zulip")
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
self.assertEqual(realm.icon_version, icon_version + 1)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_realm_icon_upload_file_size_error(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
Add size limit for uploading user avatars and realm icons. - Add settings parameter for max realm icon size. - Add settings parameter for max user avatar size. - Add checking file size to avatar and icon uploading views. - Transfer file size limit parameter to frontend. - Add tests.
2017-03-06 06:22:28 +01:00
with get_test_image_file(self.correct_files[0][0]) as fp:
settings: Rename MAX_ICON_FILE_SIZE. Rename MAX_ICON_FILE_SIZE to MAX_ICON_FILE_SIZE_MIB reflecting size in mebibytes.
2021-05-29 08:55:34 +02:00
with self.settings(MAX_ICON_FILE_SIZE_MIB=0):
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/realm/icon", {"file": fp})
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
self.assert_json_error(result, "Uploaded file is larger than the allowed limit of 0 MiB")
Add size limit for uploading user avatars and realm icons. - Add settings parameter for max realm icon size. - Add settings parameter for max user avatar size. - Add checking file size to avatar and icon uploading views. - Transfer file size limit parameter to frontend. - Add tests.
2017-03-06 06:22:28 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def tearDown(self) -> None:
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
destroy_uploads()
tests: tearDown overrides should call super().tearDown(). ZulipTestCase subclasses that override tearDown() should call the parent class tearDown() too, as it does some clean up of its own.
2019-10-18 16:11:48 +02:00
super().tearDown()
realm-icon: Add realm icon feature. - Add realm icon fields to realm model. - Add migration for new realm model's field. - Add views for icon uploading and deleting. - Add routes for realm icons views. - Add JS widget for realm icon upload setting. - Add realm icon upload to administration organization setting. - Add tests for realm icons. Fixes #3660.
2017-02-21 03:41:20 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
class RealmLogoTest(UploadSerializeMixin, ZulipTestCase):
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
night = False
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
def test_multiple_upload_failure(self) -> None:
"""
Attempting to upload two files should fail.
"""
# Log in as admin
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
with get_test_image_file("img.png") as fp1, get_test_image_file("img.png") as fp2:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
result = self.client_post(
"/json/realm/logo",
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
{"f1": fp1, "f2": fp2, "night": orjson.dumps(self.night).decode()},
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
self.assert_json_error(result, "You must upload exactly one logo.")
def test_no_file_upload_failure(self) -> None:
"""
Calling this endpoint with no files should fail.
"""
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/realm/logo", {"night": orjson.dumps(self.night).decode()})
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
self.assert_json_error(result, "You must upload exactly one logo.")
correct_files = [
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
("img.png", "png_resized.png"),
("img.jpg", None), # jpeg resizing is platform-dependent
("img.gif", "gif_resized.png"),
("img.tif", "tif_resized.png"),
("cmyk.jpg", None),
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
corrupt_files = ["text.txt", "corrupt.png", "corrupt.gif"]
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
def test_no_admin_user_upload(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
with get_test_image_file(self.correct_files[0][0]) as fp:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
result = self.client_post(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"/json/realm/logo", {"file": fp, "night": orjson.dumps(self.night).decode()}
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assert_json_error(result, "Must be an organization administrator")
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
def test_upload_limited_plan_type(self) -> None:
user_profile = self.example_user("iago")
actions: Rename do_change_plan_type -> do change_realm_plan_type. We will soon be adding an equivalent function for RemoteZulipServer, so it makes sense to rename this function to be more descriptive.
2021-12-01 02:10:40 +01:00
do_change_realm_plan_type(user_profile.realm, Realm.PLAN_TYPE_LIMITED, acting_user=None)
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user_profile)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
with get_test_image_file(self.correct_files[0][0]) as fp:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
result = self.client_post(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"/json/realm/logo", {"file": fp, "night": orjson.dumps(self.night).decode()}
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
pricing: Replace "Zulip Standard" with "Zulip Cloud Standard". Case sensitive replace.
2022-02-05 08:29:54 +01:00
self.assert_json_error(result, "Available on Zulip Cloud Standard. Upgrade to access.")
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
def test_get_default_logo(self) -> None:
audit_log: Log acting_user in do_change_logo_source.
2020-06-29 12:35:58 +02:00
user_profile = self.example_user("hamlet")
self.login_user(user_profile)
realm = user_profile.realm
do_change_logo_source(realm, Realm.LOGO_DEFAULT, self.night, acting_user=user_profile)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
response = self.client_get("/json/realm/logo", {"night": orjson.dumps(self.night).decode()})
redirect_url = response["Location"]
realm_logo: Return default logo for realms on LIMITED plan. This completes our effort to avoid destroying realm logo state while providing a path to dowgrade from paid plans to LIMITED.
2020-06-08 11:53:24 +02:00
is_night_str = str(self.night).lower()
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
redirect_url, f"/static/images/logo/zulip-org-logo.svg?version=0&night={is_night_str}"
)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
audit_log: Log acting_user in do_change_logo_source.
2020-06-29 12:35:58 +02:00
def test_get_realm_logo(self) -> None:
user_profile = self.example_user("hamlet")
self.login_user(user_profile)
realm = user_profile.realm
do_change_logo_source(realm, Realm.LOGO_UPLOADED, self.night, acting_user=user_profile)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
response = self.client_get("/json/realm/logo", {"night": orjson.dumps(self.night).decode()})
redirect_url = response["Location"]
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertTrue(
redirect_url.endswith(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
get_realm_logo_url(realm, self.night) + f"&night={str(self.night).lower()}"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
realm_logo: Return default logo for realms on LIMITED plan. This completes our effort to avoid destroying realm logo state while providing a path to dowgrade from paid plans to LIMITED.
2020-06-08 11:53:24 +02:00
is_night_str = str(self.night).lower()
if self.night:
file_name = "night_logo.png"
else:
file_name = "logo.png"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
redirect_url,
f"/user_avatars/{realm.id}/realm/{file_name}?version=2&night={is_night_str}",
)
realm_logo: Return default logo for realms on LIMITED plan. This completes our effort to avoid destroying realm logo state while providing a path to dowgrade from paid plans to LIMITED.
2020-06-08 11:53:24 +02:00
actions: Rename do_change_plan_type -> do change_realm_plan_type. We will soon be adding an equivalent function for RemoteZulipServer, so it makes sense to rename this function to be more descriptive.
2021-12-01 02:10:40 +01:00
do_change_realm_plan_type(realm, Realm.PLAN_TYPE_LIMITED, acting_user=user_profile)
realm_logo: Return default logo for realms on LIMITED plan. This completes our effort to avoid destroying realm logo state while providing a path to dowgrade from paid plans to LIMITED.
2020-06-08 11:53:24 +02:00
if self.night:
self.assertEqual(realm.night_logo_source, Realm.LOGO_UPLOADED)
else:
self.assertEqual(realm.logo_source, Realm.LOGO_UPLOADED)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
response = self.client_get("/json/realm/logo", {"night": orjson.dumps(self.night).decode()})
redirect_url = response["Location"]
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
redirect_url, f"/static/images/logo/zulip-org-logo.svg?version=0&night={is_night_str}"
)
realm_logo: Return default logo for realms on LIMITED plan. This completes our effort to avoid destroying realm logo state while providing a path to dowgrade from paid plans to LIMITED.
2020-06-08 11:53:24 +02:00
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
def test_valid_logos(self) -> None:
"""
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
A PUT request to /json/realm/logo with a valid file should return a URL
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
and actually create an realm logo.
"""
for fname, rfname in self.correct_files:
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
with self.subTest(fname=fname):
self.login("iago")
with get_test_image_file(fname) as fp:
result = self.client_post(
"/json/realm/logo", {"file": fp, "night": orjson.dumps(self.night).decode()}
)
realm = get_realm("zulip")
self.assert_json_success(result)
logo_url = get_realm_logo_url(realm, self.night)
if rfname is not None:
response = self.client_get(logo_url)
assert isinstance(response, StreamingHttpResponse)
data = b"".join(response.streaming_content)
# size should be 100 x 100 because thumbnail keeps aspect ratio
# while trying to fit in a 800 x 100 box without losing part of the image
self.assertEqual(Image.open(io.BytesIO(data)).size, (100, 100))
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
def test_invalid_logo_upload(self) -> None:
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
"""
A PUT request to /json/realm/logo with an invalid file should fail.
"""
for fname in self.corrupt_files:
test_upload: Uncomment subTest contexts. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-22 03:04:54 +01:00
with self.subTest(fname=fname):
self.login("iago")
with get_test_image_file(fname) as fp:
result = self.client_post(
"/json/realm/logo", {"file": fp, "night": orjson.dumps(self.night).decode()}
)
self.assert_json_error(
result, "Could not decode image; did you upload an image file?"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
def test_delete_logo(self) -> None:
"""
A DELETE request to /json/realm/logo should delete the realm logo and return gravatar URL
"""
audit_log: Log acting_user in do_change_logo_source.
2020-06-29 12:35:58 +02:00
user_profile = self.example_user("iago")
self.login_user(user_profile)
realm = user_profile.realm
do_change_logo_source(realm, Realm.LOGO_UPLOADED, self.night, acting_user=user_profile)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
result = self.client_delete(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"/json/realm/logo", {"night": orjson.dumps(self.night).decode()}
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
self.assert_json_success(result)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
realm = get_realm("zulip")
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
if self.night:
self.assertEqual(realm.night_logo_source, Realm.LOGO_DEFAULT)
else:
self.assertEqual(realm.logo_source, Realm.LOGO_DEFAULT)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
def test_logo_version(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
realm = get_realm("zulip")
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
if self.night:
version = realm.night_logo_version
else:
version = realm.logo_version
self.assertEqual(version, 1)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
with get_test_image_file(self.correct_files[0][0]) as fp:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.client_post(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"/json/realm/logo", {"file": fp, "night": orjson.dumps(self.night).decode()}
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
realm = get_realm("zulip")
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
if self.night:
self.assertEqual(realm.night_logo_version, version + 1)
else:
self.assertEqual(realm.logo_version, version + 1)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
def test_logo_upload_file_size_error(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
with get_test_image_file(self.correct_files[0][0]) as fp:
settings: Rename MAX_LOGO_FILE_SIZE. Rename MAX_LOGO_FILE_SIZE to MAX_LOGO_FILE_SIZE_MIB reflecting the size in mebibytes.
2021-05-29 08:59:21 +02:00
with self.settings(MAX_LOGO_FILE_SIZE_MIB=0):
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
result = self.client_post(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"/json/realm/logo", {"file": fp, "night": orjson.dumps(self.night).decode()}
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
self.assert_json_error(result, "Uploaded file is larger than the allowed limit of 0 MiB")
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
def tearDown(self) -> None:
destroy_uploads()
tests: tearDown overrides should call super().tearDown(). ZulipTestCase subclasses that override tearDown() should call the parent class tearDown() too, as it does some clean up of its own.
2019-10-18 16:11:48 +02:00
super().tearDown()
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
class RealmNightLogoTest(RealmLogoTest):
misc: Replace "night mode" with "dark theme" in comments.
2021-11-26 08:32:40 +01:00
# Run the same tests as for RealmLogoTest, just with dark theme enabled
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
night = True
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
class LocalStorageTest(UploadSerializeMixin, ZulipTestCase):
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_upload_local(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
uri = upload_message_file(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"dummy.txt", len(b"zulip!"), "text/plain", b"zulip!", user_profile
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
Add test for managing files in Local Storage.
2016-04-20 21:50:56 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
base = "/user_uploads/"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(base, uri[: len(base)])
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
path_id = re.sub("/user_uploads/", "", uri)
typing: Add appropriate none-checks for LOCAL_UPLOADS_DIR. This is a part of django-stubs refactorings. Signed-off-by: Zixuan James Li <359101898@qq.com>
2022-05-31 00:59:29 +02:00
assert settings.LOCAL_UPLOADS_DIR is not None
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
file_path = os.path.join(settings.LOCAL_UPLOADS_DIR, "files", path_id)
Add test for managing files in Local Storage.
2016-04-20 21:50:56 +02:00
self.assertTrue(os.path.isfile(file_path))
attachment: Add 'size' field tracking size of uploaded files. This tracking will make it possible in the future to limit the total size of uploads on a per-user or per-organization basis. Fixes #3774.
2017-02-26 11:03:45 +01:00
uploaded_file = Attachment.objects.get(owner=user_profile, path_id=path_id)
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(b"zulip!", uploaded_file.size)
attachment: Add 'size' field tracking size of uploaded files. This tracking will make it possible in the future to limit the total size of uploads on a per-user or per-organization basis. Fixes #3774.
2017-02-26 11:03:45 +01:00
upload: Pass the target realm to create_attachment. The target realm was not being passed to create_attachment in upload_message_file implementations. This was a bug in the edge-case of cross-realm messages - in particular, causing a bug in the email gateway: When an email with an attachment is sent, the message is mirrored to Zulip with Email Gateway Bot as the message sender and uploader of the attachment. Due to the realm not being passed to create_attachment, the Attachment would get created with .realm being the system bot realm, making the attachment inaccessible under some conditions due to failing the following condition check (that's expected to pass, provided that the .realm is set correctly): ``` if ( attachment.is_realm_public and attachment.realm == user_profile.realm and user_profile.can_access_public_streams() ): # Any user in the realm can access realm-public files return True ```
2022-01-26 20:17:12 +01:00
def test_file_upload_local_cross_realm_path(self) -> None:
"""
Verifies that the path of a file uploaded by a cross-realm bot to another
realm is correct.
"""
internal_realm = get_realm(settings.SYSTEM_BOT_REALM)
zulip_realm = get_realm("zulip")
user_profile = get_system_bot(settings.EMAIL_GATEWAY_BOT, internal_realm.id)
self.assertEqual(user_profile.realm, internal_realm)
uri = upload_message_file(
"dummy.txt", len(b"zulip!"), "text/plain", b"zulip!", user_profile, zulip_realm
)
# Ensure the correct realm id of the target realm is used instead of the bot's realm.
self.assertTrue(uri.startswith(f"/user_uploads/{zulip_realm.id}/"))
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_delete_message_image_local(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Add test for managing files in Local Storage.
2016-04-20 21:50:56 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
Add test for managing files in Local Storage.
2016-04-20 21:50:56 +02:00
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
path_id = re.sub("/user_uploads/", "", response_dict["uri"])
upload: Use classes to define S3/Local upload backends. This has no functional changes; we just replace the old hacky assignment of functions with assignment of the upload backend to a variable. I'm not totally happy with this, because we end up having to copy the type annotations of the three methods 4 times each, but this should make it a lot easier to test the (non-default-in-tests) S3 backend using end-to-end tests, which would have caught 13bac1cc2ac9762b92af1286c8bf38294f0fe89a. I expect we'll iterate on the interface over time; ideally, I'd like all the code that checks LOCAL_UPLOADS_DIR to be inside upload.py, and primarily in these classes.
2016-06-09 07:53:35 +02:00
self.assertTrue(delete_message_image(path_id))
Add test for managing files in Local Storage.
2016-04-20 21:50:56 +02:00
upload: Refactor and add tests for ensure_avatar_image in upload.py. `ensure_basic_avatar_image` and `ensure_medium_avatar_image` are essentially the same thing, except a size parameter. So, refactor them into a single function. This doesn't introduce any functional changes.
2021-03-17 17:54:23 +01:00
def test_ensure_avatar_image_local(self) -> None:
user_profile = self.example_user("hamlet")
file_path = user_avatar_path(user_profile)
tests: Use read_test_image_file. Fixes a ResourceWarning from the unclosed file at test_upload.py:1954. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 23:24:16 +01:00
write_local_file("avatars", file_path + ".original", read_test_image_file("img.png"))
upload: Refactor and add tests for ensure_avatar_image in upload.py. `ensure_basic_avatar_image` and `ensure_medium_avatar_image` are essentially the same thing, except a size parameter. So, refactor them into a single function. This doesn't introduce any functional changes.
2021-03-17 17:54:23 +01:00
typing: Add appropriate none-checks for LOCAL_UPLOADS_DIR. This is a part of django-stubs refactorings. Signed-off-by: Zixuan James Li <359101898@qq.com>
2022-05-31 00:59:29 +02:00
assert settings.LOCAL_UPLOADS_DIR is not None
upload: Refactor and add tests for ensure_avatar_image in upload.py. `ensure_basic_avatar_image` and `ensure_medium_avatar_image` are essentially the same thing, except a size parameter. So, refactor them into a single function. This doesn't introduce any functional changes.
2021-03-17 17:54:23 +01:00
image_path = os.path.join(settings.LOCAL_UPLOADS_DIR, "avatars", file_path + ".original")
with open(image_path, "rb") as f:
image_data = f.read()
resized_avatar = resize_avatar(image_data)
zerver.lib.upload.upload_backend.ensure_avatar_image(user_profile)
output_path = os.path.join(settings.LOCAL_UPLOADS_DIR, "avatars", file_path + ".png")
with open(output_path, "rb") as original_file:
self.assertEqual(resized_avatar, original_file.read())
resized_avatar = resize_avatar(image_data, MEDIUM_AVATAR_SIZE)
zerver.lib.upload.upload_backend.ensure_avatar_image(user_profile, is_medium=True)
output_path = os.path.join(settings.LOCAL_UPLOADS_DIR, "avatars", file_path + "-medium.png")
with open(output_path, "rb") as original_file:
self.assertEqual(resized_avatar, original_file.read())
zerver/tests: Test emoji upload for local storage backend.
2018-05-15 00:10:30 +02:00
def test_emoji_upload_local(self) -> None:
user_profile = self.example_user("hamlet")
file_name = "emoji.png"
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-24 09:33:54 +02:00
with get_test_image_file("img.png") as image_file:
upload_emoji_image(image_file, file_name, user_profile)
zerver/tests: Test emoji upload for local storage backend.
2018-05-15 00:10:30 +02:00
emoji_path = RealmEmoji.PATH_ID_TEMPLATE.format(
realm_id=user_profile.realm_id,
emoji_file_name=file_name,
)
typing: Improve typing with assertions. This fixes some mypy errors discovered with django-stubs.
2021-08-18 17:54:22 +02:00
assert settings.LOCAL_UPLOADS_DIR is not None
zerver/tests: Test emoji upload for local storage backend.
2018-05-15 00:10:30 +02:00
file_path = os.path.join(settings.LOCAL_UPLOADS_DIR, "avatars", emoji_path)
tests: Use read_test_image_file. Fixes a ResourceWarning from the unclosed file at test_upload.py:1954. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 23:24:16 +01:00
with open(file_path + ".original", "rb") as original_file:
self.assertEqual(read_test_image_file("img.png"), original_file.read())
zerver/tests: Test emoji upload for local storage backend.
2018-05-15 00:10:30 +02:00
expected_size = (DEFAULT_EMOJI_SIZE, DEFAULT_EMOJI_SIZE)
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-24 09:33:54 +02:00
with Image.open(file_path) as resized_image:
self.assertEqual(expected_size, resized_image.size)
zerver/tests: Test emoji upload for local storage backend.
2018-05-15 00:10:30 +02:00
zerver/tests: Add test for get_emoji_url for local upload backend.
2018-05-15 00:25:06 +02:00
def test_get_emoji_url_local(self) -> None:
user_profile = self.example_user("hamlet")
file_name = "emoji.png"
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-24 09:33:54 +02:00
with get_test_image_file("img.png") as image_file:
upload_emoji_image(image_file, file_name, user_profile)
zerver/tests: Add test for get_emoji_url for local upload backend.
2018-05-15 00:25:06 +02:00
url = zerver.lib.upload.upload_backend.get_emoji_url(file_name, user_profile.realm_id)
emoji: Add backend changes to support still image for animated emojis. Now, when we add a custom animated emoji to the realm we also save a still image of it (1st frame of the gif). So we can avoid showing an animated emoji every time.
2021-08-12 10:19:53 +02:00
emoji_path = RealmEmoji.PATH_ID_TEMPLATE.format(
realm_id=user_profile.realm_id,
emoji_file_name=file_name,
)
expected_url = f"/user_avatars/{emoji_path}"
self.assertEqual(expected_url, url)
file_name = "emoji.gif"
with get_test_image_file("animated_img.gif") as image_file:
upload_emoji_image(image_file, file_name, user_profile)
url = zerver.lib.upload.upload_backend.get_emoji_url(file_name, user_profile.realm_id)
still_url = zerver.lib.upload.upload_backend.get_emoji_url(
file_name, user_profile.realm_id, still=True
)
zerver/tests: Add test for get_emoji_url for local upload backend.
2018-05-15 00:25:06 +02:00
emoji_path = RealmEmoji.PATH_ID_TEMPLATE.format(
realm_id=user_profile.realm_id,
emoji_file_name=file_name,
)
emoji: Add backend changes to support still image for animated emojis. Now, when we add a custom animated emoji to the realm we also save a still image of it (1st frame of the gif). So we can avoid showing an animated emoji every time.
2021-08-12 10:19:53 +02:00
still_emoji_path = RealmEmoji.STILL_PATH_ID_TEMPLATE.format(
realm_id=user_profile.realm_id,
emoji_filename_without_extension=os.path.splitext(file_name)[0],
)
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
expected_url = f"/user_avatars/{emoji_path}"
zerver/tests: Add test for get_emoji_url for local upload backend.
2018-05-15 00:25:06 +02:00
self.assertEqual(expected_url, url)
emoji: Add backend changes to support still image for animated emojis. Now, when we add a custom animated emoji to the realm we also save a still image of it (1st frame of the gif). So we can avoid showing an animated emoji every time.
2021-08-12 10:19:53 +02:00
expected_still_url = f"/user_avatars/{still_emoji_path}"
self.assertEqual(expected_still_url, still_url)
zerver/tests: Add test for get_emoji_url for local upload backend.
2018-05-15 00:25:06 +02:00
public_export: Add logic for deleting the export tarball. The path to the uploaded tarball is reconstructed via the relative url and removed with the canonical methods in `upload.py`.
2019-06-27 20:41:47 +02:00
def test_tarball_upload_and_deletion_local(self) -> None:
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
user_profile = self.example_user("iago")
self.assertTrue(user_profile.is_realm_admin)
typing: Add appropriate none-checks for LOCAL_UPLOADS_DIR. This is a part of django-stubs refactorings. Signed-off-by: Zixuan James Li <359101898@qq.com>
2022-05-31 00:59:29 +02:00
assert settings.TEST_WORKER_DIR is not None
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
tarball_path = os.path.join(settings.TEST_WORKER_DIR, "tarball.tar.gz")
with open(tarball_path, "w") as f:
f.write("dummy")
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
typing: Add appropriate none-checks for LOCAL_UPLOADS_DIR. This is a part of django-stubs refactorings. Signed-off-by: Zixuan James Li <359101898@qq.com>
2022-05-31 00:59:29 +02:00
assert settings.LOCAL_UPLOADS_DIR is not None
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
uri = upload_export_tarball(user_profile.realm, tarball_path)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertTrue(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
os.path.isfile(os.path.join(settings.LOCAL_UPLOADS_DIR, "avatars", tarball_path))
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
result = re.search(re.compile(r"([A-Za-z0-9\-_]{24})"), uri)
if result is not None:
random_name = result.group(1)
python: Convert more "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, with more restrictions patched out. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-10 06:40:53 +02:00
expected_url = f"http://zulip.testserver/user_avatars/exports/{user_profile.realm_id}/{random_name}/tarball.tar.gz"
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
self.assertEqual(expected_url, uri)
public_export: Add logic for deleting the export tarball. The path to the uploaded tarball is reconstructed via the relative url and removed with the canonical methods in `upload.py`.
2019-06-27 20:41:47 +02:00
# Delete the tarball.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with self.assertLogs(level="WARNING") as warn_log:
self.assertIsNone(delete_export_tarball("/not_a_file"))
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
warn_log.output,
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
["WARNING:root:not_a_file does not exist. Its entry in the database will be removed."],
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
public_export: Add logic for deleting the export tarball. The path to the uploaded tarball is reconstructed via the relative url and removed with the canonical methods in `upload.py`.
2019-06-27 20:41:47 +02:00
path_id = urllib.parse.urlparse(uri).path
self.assertEqual(delete_export_tarball(path_id), path_id)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def tearDown(self) -> None:
Add test for managing files in Local Storage.
2016-04-20 21:50:56 +02:00
destroy_uploads()
tests: tearDown overrides should call super().tearDown(). ZulipTestCase subclasses that override tearDown() should call the parent class tearDown() too, as it does some clean up of its own.
2019-10-18 16:11:48 +02:00
super().tearDown()
Add Attachment model to keep track of uploads. This commit adds the capability to keep track and remove uploaded files. Unclaimed attachments are files that have been uploaded to the server but are not referred in any messages. A management command to remove old unclaimed files after a week is also included. Tests for getting the file referred in messages are also included.
2016-03-24 20:24:01 +01:00
zerver/tests: Test emoji upload for local storage backend.
2018-05-15 00:10:30 +02:00
tests: Renamed AuthedTestCase to ZulipTestCase.
2016-08-23 02:08:42 +02:00
class S3Test(ZulipTestCase):
upload: Use classes to define S3/Local upload backends. This has no functional changes; we just replace the old hacky assignment of functions with assignment of the upload backend to a variable. I'm not totally happy with this, because we end up having to copy the type annotations of the three methods 4 times each, but this should make it a lot easier to test the (non-default-in-tests) S3 backend using end-to-end tests, which would have caught 13bac1cc2ac9762b92af1286c8bf38294f0fe89a. I expect we'll iterate on the interface over time; ideally, I'd like all the code that checks LOCAL_UPLOADS_DIR to be inside upload.py, and primarily in these classes.
2016-06-09 07:53:35 +02:00
@use_s3_backend
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_upload_s3(self) -> None:
refactor: Add a helper function to create s3 buckets. This refactor makes upgrading boto to boto3 easier. Based on https://github.com/zulip/zulip/pull/10370/commits/43d2f6286c8d479eafa4b086348e1b17996f8c68
2018-12-07 18:15:51 +01:00
bucket = create_s3_buckets(settings.S3_AUTH_UPLOADS_BUCKET)[0]
Add tests for managing uploads in S3.
2016-04-20 21:51:21 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
uri = upload_message_file(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"dummy.txt", len(b"zulip!"), "text/plain", b"zulip!", user_profile
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
Add tests for managing uploads in S3.
2016-04-20 21:51:21 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
base = "/user_uploads/"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(base, uri[: len(base)])
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
path_id = re.sub("/user_uploads/", "", uri)
content = bucket.Object(path_id).get()["Body"].read()
attachment: Add 'size' field tracking size of uploaded files. This tracking will make it possible in the future to limit the total size of uploads on a per-user or per-organization basis. Fixes #3774.
2017-02-26 11:03:45 +01:00
self.assertEqual(b"zulip!", content)
uploaded_file = Attachment.objects.get(owner=user_profile, path_id=path_id)
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(b"zulip!", uploaded_file.size)
Add tests for managing uploads in S3.
2016-04-20 21:51:21 +02:00
tests: Add and use new self.subscribe. This new method cleans up the API for subscribing to something from a test case.
2017-08-25 06:01:29 +02:00
self.subscribe(self.example_user("hamlet"), "Denmark")
test_upload: Fix some URLs to uploaded files. Using http://localhost:9991 is incorrect - e.g. messages sent with file urls constructed trigger do_claim_attachments to be called with empty list in potential_path_ids. realm.host should be used in all these places, like in the other tests in the file.
2022-05-18 21:31:18 +02:00
body = f"First message ...[zulip.txt](http://{user_profile.realm.host}{uri})"
tests: Use users in send_*_message. This commit mostly makes our tests less noisy, since emails are no longer an important detail of sending messages (they're not even really used in the API). It also sets us up to have more scrutiny on delivery_email/email in the future for things that actually matter. (This is a prep commit for something along those lines, kind of hard to explain the full plan.)
2020-03-07 11:43:05 +01:00
self.send_stream_message(self.example_user("hamlet"), "Denmark", body, "test")
Add tests for upload title functionality.
2016-06-14 04:38:30 +02:00
zerver/tests: Test S3 file upload with undefined content type.
2018-05-14 20:46:59 +02:00
@use_s3_backend
upload: Pass the target realm to create_attachment. The target realm was not being passed to create_attachment in upload_message_file implementations. This was a bug in the edge-case of cross-realm messages - in particular, causing a bug in the email gateway: When an email with an attachment is sent, the message is mirrored to Zulip with Email Gateway Bot as the message sender and uploader of the attachment. Due to the realm not being passed to create_attachment, the Attachment would get created with .realm being the system bot realm, making the attachment inaccessible under some conditions due to failing the following condition check (that's expected to pass, provided that the .realm is set correctly): ``` if ( attachment.is_realm_public and attachment.realm == user_profile.realm and user_profile.can_access_public_streams() ): # Any user in the realm can access realm-public files return True ```
2022-01-26 20:17:12 +01:00
def test_file_upload_s3_cross_realm_path(self) -> None:
"""
Verifies that the path of a file uploaded by a cross-realm bot to another
realm is correct.
"""
create_s3_buckets(settings.S3_AUTH_UPLOADS_BUCKET)
internal_realm = get_realm(settings.SYSTEM_BOT_REALM)
zulip_realm = get_realm("zulip")
user_profile = get_system_bot(settings.EMAIL_GATEWAY_BOT, internal_realm.id)
self.assertEqual(user_profile.realm, internal_realm)
uri = upload_message_file(
"dummy.txt", len(b"zulip!"), "text/plain", b"zulip!", user_profile, zulip_realm
)
# Ensure the correct realm id of the target realm is used instead of the bot's realm.
self.assertTrue(uri.startswith(f"/user_uploads/{zulip_realm.id}/"))
@use_s3_backend
zerver/tests: Test S3 file upload with undefined content type.
2018-05-14 20:46:59 +02:00
def test_file_upload_s3_with_undefined_content_type(self) -> None:
refactor: Add a helper function to create s3 buckets. This refactor makes upgrading boto to boto3 easier. Based on https://github.com/zulip/zulip/pull/10370/commits/43d2f6286c8d479eafa4b086348e1b17996f8c68
2018-12-07 18:15:51 +01:00
bucket = create_s3_buckets(settings.S3_AUTH_UPLOADS_BUCKET)[0]
zerver/tests: Test S3 file upload with undefined content type.
2018-05-14 20:46:59 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
uri = upload_message_file("dummy.txt", len(b"zulip!"), None, b"zulip!", user_profile)
zerver/tests: Test S3 file upload with undefined content type.
2018-05-14 20:46:59 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
path_id = re.sub("/user_uploads/", "", uri)
self.assertEqual(b"zulip!", bucket.Object(path_id).get()["Body"].read())
zerver/tests: Test S3 file upload with undefined content type.
2018-05-14 20:46:59 +02:00
uploaded_file = Attachment.objects.get(owner=user_profile, path_id=path_id)
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(b"zulip!", uploaded_file.size)
zerver/tests: Test S3 file upload with undefined content type.
2018-05-14 20:46:59 +02:00
upload: Use classes to define S3/Local upload backends. This has no functional changes; we just replace the old hacky assignment of functions with assignment of the upload backend to a variable. I'm not totally happy with this, because we end up having to copy the type annotations of the three methods 4 times each, but this should make it a lot easier to test the (non-default-in-tests) S3 backend using end-to-end tests, which would have caught 13bac1cc2ac9762b92af1286c8bf38294f0fe89a. I expect we'll iterate on the interface over time; ideally, I'd like all the code that checks LOCAL_UPLOADS_DIR to be inside upload.py, and primarily in these classes.
2016-06-09 07:53:35 +02:00
@use_s3_backend
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_message_image_delete_s3(self) -> None:
refactor: Add a helper function to create s3 buckets. This refactor makes upgrading boto to boto3 easier. Based on https://github.com/zulip/zulip/pull/10370/commits/43d2f6286c8d479eafa4b086348e1b17996f8c68
2018-12-07 18:15:51 +01:00
create_s3_buckets(settings.S3_AUTH_UPLOADS_BUCKET)
Add tests for managing uploads in S3.
2016-04-20 21:51:21 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
uri = upload_message_file(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"dummy.txt", len(b"zulip!"), "text/plain", b"zulip!", user_profile
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
Add tests for managing uploads in S3.
2016-04-20 21:51:21 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
path_id = re.sub("/user_uploads/", "", uri)
upload: Use classes to define S3/Local upload backends. This has no functional changes; we just replace the old hacky assignment of functions with assignment of the upload backend to a variable. I'm not totally happy with this, because we end up having to copy the type annotations of the three methods 4 times each, but this should make it a lot easier to test the (non-default-in-tests) S3 backend using end-to-end tests, which would have caught 13bac1cc2ac9762b92af1286c8bf38294f0fe89a. I expect we'll iterate on the interface over time; ideally, I'd like all the code that checks LOCAL_UPLOADS_DIR to be inside upload.py, and primarily in these classes.
2016-06-09 07:53:35 +02:00
self.assertTrue(delete_message_image(path_id))
Add tests for managing uploads in S3.
2016-04-20 21:51:21 +02:00
zerver/tests: Test delete message image from S3 when file is missing.
2018-05-14 21:56:49 +02:00
@use_s3_backend
def test_message_image_delete_when_file_doesnt_exist(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with self.assertLogs(level="WARNING") as warn_log:
docs: Fix many spelling mistakes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-08 00:13:33 +01:00
self.assertEqual(False, delete_message_image("non-existent-file"))
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
warn_log.output,
[
docs: Fix many spelling mistakes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-08 00:13:33 +01:00
"WARNING:root:non-existent-file does not exist. Its entry in the database will be removed."
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
],
)
zerver/tests: Test delete message image from S3 when file is missing.
2018-05-14 21:56:49 +02:00
Fix and re-enable test_file_upload_authed. Now that we have a working S3 mock and an effective way to toggle the upload backend that Zulip is using, we can re-enable this important end-to-end test of the Zulip S3 upload backend.
2016-06-09 07:53:35 +02:00
@use_s3_backend
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_upload_authed(self) -> None:
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
"""
uploads: Remove legacy /json/upload_file endpoint. This migrates Zulip to use the equivalent API endpoint that has been present for a while.
2017-07-31 20:52:17 +02:00
A call to /json/user_uploads should return a uri and actually create an object.
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
"""
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
bucket = create_s3_buckets(settings.S3_AUTH_UPLOADS_BUCKET)[0]
Fix and re-enable test_file_upload_authed. Now that we have a working S3 mock and an effective way to toggle the upload backend that Zulip is using, we can re-enable this important end-to-end test of the Zulip S3 upload backend.
2016-06-09 07:53:35 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
fp = StringIO("zulip!")
fp.name = "zulip.txt"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post("/json/user_uploads", {"file": fp})
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
self.assertIn("uri", response_dict)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
base = "/user_uploads/"
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
uri = response_dict["uri"]
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(base, uri[: len(base)])
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
Add client_get() test helper.
2016-07-28 00:38:45 +02:00
response = self.client_get(uri)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
redirect_url = response["Location"]
upload: Strip leading slash from deleted S3 export paths. Previously, S3UploadBackend.delete_export_tarball failed to strip the leading ‘/’ from the export path. This mistake is now caught by Moto 1.3.15. I expect it caused deletion failures in the real S3, although I haven’t verified this. We store export_path in the audit log with a leading ‘/’, but the actual S3 keys do not have a leading ‘/’. Changing either system would require a migration. So the new convention is that the variables named ‘export_path’ have a leading ‘/’, while variables named ‘path_id’ or ‘key’ do not. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 05:41:39 +02:00
path = urllib.parse.urlparse(redirect_url).path
assert path.startswith("/")
key = path[1:]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assertEqual(b"zulip!", bucket.Object(key).get()["Body"].read())
Move upload-related tests to test_upload.py. Move S3Test, FileUploadTest and SanitizeNameTests from test_external.py to test_upload.py.
2016-04-14 16:26:01 +02:00
uploads: Add an endpoint which forces a download. This is most useful for images hosted in S3, which are otherwise always displayed in the browser.
2022-03-22 04:38:18 +01:00
# Check the download endpoint
download_uri = uri.replace("/user_uploads/", "/user_uploads/download/")
response = self.client_get(download_uri)
redirect_url = response["Location"]
path = urllib.parse.urlparse(redirect_url).path
assert path.startswith("/")
key = path[1:]
self.assertEqual(b"zulip!", bucket.Object(key).get()["Body"].read())
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
# Now try the endpoint that's supposed to return a temporary URL for access
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
# to the file.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_get("/json" + uri)
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
data = self.assert_json_success(result)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
url_only_url = data["url"]
upload: Strip leading slash from deleted S3 export paths. Previously, S3UploadBackend.delete_export_tarball failed to strip the leading ‘/’ from the export path. This mistake is now caught by Moto 1.3.15. I expect it caused deletion failures in the real S3, although I haven’t verified this. We store export_path in the audit log with a leading ‘/’, but the actual S3 keys do not have a leading ‘/’. Changing either system would require a migration. So the new convention is that the variables named ‘export_path’ have a leading ‘/’, while variables named ‘path_id’ or ‘key’ do not. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-13 05:41:39 +02:00
path = urllib.parse.urlparse(url_only_url).path
assert path.startswith("/")
key = path[1:]
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assertEqual(b"zulip!", bucket.Object(key).get()["Body"].read())
test_upload: Remove an erroneous nondeterministically correct check. See the comment added, but basically this test would fail if the two URLs were computed in different seconds.
2020-04-22 02:57:24 +02:00
# Note: Depending on whether the calls happened in the same
# second (resulting in the same timestamp+signature),
# url_only_url may or may not equal redirect_url.
upload: Support requesting a temporary unauthenticated URL. This is be useful for the mobile and desktop apps to hand an uploaded file off to the system browser so that it can render PDFs (Etc.). The S3 backend implementation is simple; for the local upload backend, we use Django's signing feature to simulate the same sort of 60-second lifetime token. Co-Author-By: Mateusz Mandera <mateusz.mandera@protonmail.com>
2020-04-08 00:27:24 +02:00
test_upload: Fix some URLs to uploaded files. Using http://localhost:9991 is incorrect - e.g. messages sent with file urls constructed trigger do_claim_attachments to be called with empty list in potential_path_ids. realm.host should be used in all these places, like in the other tests in the file.
2022-05-18 21:31:18 +02:00
hamlet = self.example_user("hamlet")
self.subscribe(hamlet, "Denmark")
body = f"First message ...[zulip.txt](http://{hamlet.realm.host}" + uri + ")"
self.send_stream_message(hamlet, "Denmark", body, "test")
Add tests for upload title functionality.
2016-06-14 04:38:30 +02:00
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
@use_s3_backend
def test_upload_avatar_image(self) -> None:
refactor: Add a helper function to create s3 buckets. This refactor makes upgrading boto to boto3 easier. Based on https://github.com/zulip/zulip/pull/10370/commits/43d2f6286c8d479eafa4b086348e1b17996f8c68
2018-12-07 18:15:51 +01:00
bucket = create_s3_buckets(settings.S3_AVATAR_BUCKET)[0]
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
path_id = user_avatar_path(user_profile)
original_image_path_id = path_id + ".original"
medium_path_id = path_id + "-medium.png"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with get_test_image_file("img.png") as image_file:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
zerver.lib.upload.upload_backend.upload_avatar_image(
image_file, user_profile, user_profile
)
tests: Use read_test_image_file. Fixes a ResourceWarning from the unclosed file at test_upload.py:1954. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 23:24:16 +01:00
test_image_data = read_test_image_file("img.png")
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
test_medium_image_data = resize_avatar(test_image_data, MEDIUM_AVATAR_SIZE)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
original_image_key = bucket.Object(original_image_path_id)
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
self.assertEqual(original_image_key.key, original_image_path_id)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
image_data = original_image_key.get()["Body"].read()
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
self.assertEqual(image_data, test_image_data)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
medium_image_key = bucket.Object(medium_path_id)
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
self.assertEqual(medium_image_key.key, medium_path_id)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
medium_image_data = medium_image_key.get()["Body"].read()
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
self.assertEqual(medium_image_data, test_medium_image_data)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
bucket.Object(medium_image_key.key).delete()
upload: Refactor and add tests for ensure_avatar_image in upload.py. `ensure_basic_avatar_image` and `ensure_medium_avatar_image` are essentially the same thing, except a size parameter. So, refactor them into a single function. This doesn't introduce any functional changes.
2021-03-17 17:54:23 +01:00
zerver.lib.upload.upload_backend.ensure_avatar_image(user_profile, is_medium=True)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
medium_image_key = bucket.Object(medium_path_id)
tests: Add test coverage for uploading avatars to S3UploadBackend. Add test coverage for the function upload_avatar_image and ensure_medium_avatar_image in S3UploadBackend.
2017-12-21 09:37:59 +01:00
self.assertEqual(medium_image_key.key, medium_path_id)
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
@use_s3_backend
def test_copy_avatar_image(self) -> None:
refactor: Add a helper function to create s3 buckets. This refactor makes upgrading boto to boto3 easier. Based on https://github.com/zulip/zulip/pull/10370/commits/43d2f6286c8d479eafa4b086348e1b17996f8c68
2018-12-07 18:15:51 +01:00
bucket = create_s3_buckets(settings.S3_AVATAR_BUCKET)[0]
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
with get_test_image_file("img.png") as image_file:
self.client_post("/json/users/me/avatar", {"file": image_file})
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
source_user_profile = self.example_user("hamlet")
target_user_profile = self.example_user("othello")
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
create_user: Initialize settings according to realm-level defaults. This commit modifies the copy_user_settings code such that instead of source user profile, we can have two types of sources - a user profile and RealmUserDefault table of realm and then set the settings from RealmUserDefault only is there is no user profile as a source. We also rename copy_user_settings to copy_default_settings for clarity.
2021-06-29 18:08:42 +02:00
copy_default_settings(source_user_profile, target_user_profile)
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
source_path_id = user_avatar_path(source_user_profile)
target_path_id = user_avatar_path(target_user_profile)
self.assertNotEqual(source_path_id, target_path_id)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
source_image_key = bucket.Object(source_path_id)
target_image_key = bucket.Object(target_path_id)
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
self.assertEqual(target_image_key.key, target_path_id)
self.assertEqual(source_image_key.content_type, target_image_key.content_type)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
source_image_data = source_image_key.get()["Body"].read()
target_image_data = target_image_key.get()["Body"].read()
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
source_original_image_path_id = source_path_id + ".original"
target_original_image_path_id = target_path_id + ".original"
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
target_original_image_key = bucket.Object(target_original_image_path_id)
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
self.assertEqual(target_original_image_key.key, target_original_image_path_id)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
source_original_image_key = bucket.Object(source_original_image_path_id)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
source_original_image_key.content_type, target_original_image_key.content_type
)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
source_image_data = source_original_image_key.get()["Body"].read()
target_image_data = target_original_image_key.get()["Body"].read()
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
self.assertEqual(source_image_data, target_image_data)
target_medium_path_id = target_path_id + "-medium.png"
source_medium_path_id = source_path_id + "-medium.png"
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
source_medium_image_key = bucket.Object(source_medium_path_id)
target_medium_image_key = bucket.Object(target_medium_path_id)
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
self.assertEqual(target_medium_image_key.key, target_medium_path_id)
self.assertEqual(source_medium_image_key.content_type, target_medium_image_key.content_type)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
source_medium_image_data = source_medium_image_key.get()["Body"].read()
target_medium_image_data = target_medium_image_key.get()["Body"].read()
registration: Allow users to import profile picture.
2018-06-06 14:30:26 +02:00
self.assertEqual(source_medium_image_data, target_medium_image_data)
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
@use_s3_backend
def test_delete_avatar_image(self) -> None:
refactor: Add a helper function to create s3 buckets. This refactor makes upgrading boto to boto3 easier. Based on https://github.com/zulip/zulip/pull/10370/commits/43d2f6286c8d479eafa4b086348e1b17996f8c68
2018-12-07 18:15:51 +01:00
bucket = create_s3_buckets(settings.S3_AVATAR_BUCKET)[0]
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
with get_test_image_file("img.png") as image_file:
self.client_post("/json/users/me/avatar", {"file": image_file})
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user = self.example_user("hamlet")
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
avatar_path_id = user_avatar_path(user)
avatar_original_image_path_id = avatar_path_id + ".original"
avatar_medium_path_id = avatar_path_id + "-medium.png"
self.assertEqual(user.avatar_source, UserProfile.AVATAR_FROM_USER)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
self.assertIsNotNone(bucket.Object(avatar_path_id))
self.assertIsNotNone(bucket.Object(avatar_original_image_path_id))
self.assertIsNotNone(bucket.Object(avatar_medium_path_id))
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
actions: Split out zerver.actions.user_settings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:49:26 +02:00
do_delete_avatar_image(user, acting_user=user)
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
self.assertEqual(user.avatar_source, UserProfile.AVATAR_FROM_GRAVATAR)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
# Confirm that the avatar files no longer exist in S3.
with self.assertRaises(botocore.exceptions.ClientError):
bucket.Object(avatar_path_id).load()
with self.assertRaises(botocore.exceptions.ClientError):
bucket.Object(avatar_original_image_path_id).load()
with self.assertRaises(botocore.exceptions.ClientError):
bucket.Object(avatar_medium_path_id).load()
upload: Create function to delete avatar image.
2018-09-07 17:44:40 +02:00
zerver/tests: Test upload realm icon for S3.
2018-05-14 22:55:03 +02:00
@use_s3_backend
def test_upload_realm_icon_image(self) -> None:
refactor: Add a helper function to create s3 buckets. This refactor makes upgrading boto to boto3 easier. Based on https://github.com/zulip/zulip/pull/10370/commits/43d2f6286c8d479eafa4b086348e1b17996f8c68
2018-12-07 18:15:51 +01:00
bucket = create_s3_buckets(settings.S3_AVATAR_BUCKET)[0]
zerver/tests: Test upload realm icon for S3.
2018-05-14 22:55:03 +02:00
user_profile = self.example_user("hamlet")
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-24 09:33:54 +02:00
with get_test_image_file("img.png") as image_file:
zerver.lib.upload.upload_backend.upload_realm_icon_image(image_file, user_profile)
zerver/tests: Test upload realm icon for S3.
2018-05-14 22:55:03 +02:00
original_path_id = os.path.join(str(user_profile.realm.id), "realm", "icon.original")
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
original_key = bucket.Object(original_path_id)
tests: Use read_test_image_file. Fixes a ResourceWarning from the unclosed file at test_upload.py:1954. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 23:24:16 +01:00
self.assertEqual(read_test_image_file("img.png"), original_key.get()["Body"].read())
zerver/tests: Test upload realm icon for S3.
2018-05-14 22:55:03 +02:00
resized_path_id = os.path.join(str(user_profile.realm.id), "realm", "icon.png")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
resized_data = bucket.Object(resized_path_id).get()["Body"].read()
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
# while trying to fit in a 800 x 100 box without losing part of the image
resized_image = Image.open(io.BytesIO(resized_data)).size
self.assertEqual(resized_image, (DEFAULT_AVATAR_SIZE, DEFAULT_AVATAR_SIZE))
@use_s3_backend
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
def _test_upload_logo_image(self, night: bool, file_name: str) -> None:
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
bucket = create_s3_buckets(settings.S3_AVATAR_BUCKET)[0]
user_profile = self.example_user("hamlet")
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-24 09:33:54 +02:00
with get_test_image_file("img.png") as image_file:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
zerver.lib.upload.upload_backend.upload_realm_logo_image(
image_file, user_profile, night
)
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
original_path_id = os.path.join(
str(user_profile.realm.id), "realm", f"{file_name}.original"
)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
original_key = bucket.Object(original_path_id)
tests: Use read_test_image_file. Fixes a ResourceWarning from the unclosed file at test_upload.py:1954. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 23:24:16 +01:00
self.assertEqual(read_test_image_file("img.png"), original_key.get()["Body"].read())
settings: Add support for customizing the top-left logo. This adds a new realm_logo field, which is a horizontal-format logo to be displayed in the top-left corner of the webapp, and any other places where we might want a wide-format branding of the organization. Tweaked significantly by tabbott to rebase, fix styling, etc. Fixing the styling of this feature's loading indicator caused me to notice the loading indicator for the realm_icon feature was also ugly, so I fixed that too. Fixes #7995.
2018-08-16 01:26:55 +02:00
python: Convert percent formatting to Python 3.6 f-strings. Generated by pyupgrade --py36-plus. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-10 06:41:04 +02:00
resized_path_id = os.path.join(str(user_profile.realm.id), "realm", f"{file_name}.png")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
resized_data = bucket.Object(resized_path_id).get()["Body"].read()
zerver/tests: Test upload emoji to S3.
2018-05-14 23:23:32 +02:00
resized_image = Image.open(io.BytesIO(resized_data)).size
self.assertEqual(resized_image, (DEFAULT_AVATAR_SIZE, DEFAULT_AVATAR_SIZE))
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
def test_upload_realm_logo_image(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self._test_upload_logo_image(night=False, file_name="logo")
self._test_upload_logo_image(night=True, file_name="night_logo")
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
zerver/tests: Test upload emoji to S3.
2018-05-14 23:23:32 +02:00
@use_s3_backend
def test_upload_emoji_image(self) -> None:
refactor: Add a helper function to create s3 buckets. This refactor makes upgrading boto to boto3 easier. Based on https://github.com/zulip/zulip/pull/10370/commits/43d2f6286c8d479eafa4b086348e1b17996f8c68
2018-12-07 18:15:51 +01:00
bucket = create_s3_buckets(settings.S3_AVATAR_BUCKET)[0]
zerver/tests: Test upload emoji to S3.
2018-05-14 23:23:32 +02:00
user_profile = self.example_user("hamlet")
emoji_name = "emoji.png"
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-24 09:33:54 +02:00
with get_test_image_file("img.png") as image_file:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
zerver.lib.upload.upload_backend.upload_emoji_image(
image_file, emoji_name, user_profile
)
zerver/tests: Test upload emoji to S3.
2018-05-14 23:23:32 +02:00
emoji_path = RealmEmoji.PATH_ID_TEMPLATE.format(
realm_id=user_profile.realm_id,
emoji_file_name=emoji_name,
)
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
original_key = bucket.Object(emoji_path + ".original")
tests: Use read_test_image_file. Fixes a ResourceWarning from the unclosed file at test_upload.py:1954. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 23:24:16 +01:00
self.assertEqual(read_test_image_file("img.png"), original_key.get()["Body"].read())
zerver/tests: Test upload emoji to S3.
2018-05-14 23:23:32 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
resized_data = bucket.Object(emoji_path).get()["Body"].read()
zerver/tests: Test upload emoji to S3.
2018-05-14 23:23:32 +02:00
resized_image = Image.open(io.BytesIO(resized_data))
self.assertEqual(resized_image.size, (DEFAULT_EMOJI_SIZE, DEFAULT_EMOJI_SIZE))
zerver/tests: Test upload realm icon for S3.
2018-05-14 22:55:03 +02:00
upload: Refactor and add tests for ensure_avatar_image in upload.py. `ensure_basic_avatar_image` and `ensure_medium_avatar_image` are essentially the same thing, except a size parameter. So, refactor them into a single function. This doesn't introduce any functional changes.
2021-03-17 17:54:23 +01:00
@use_s3_backend
def test_ensure_avatar_image(self) -> None:
bucket = create_s3_buckets(settings.S3_AVATAR_BUCKET)[0]
user_profile = self.example_user("hamlet")
base_file_path = user_avatar_path(user_profile)
# Bug: This should have + ".png", but the implementation is wrong.
file_path = base_file_path
original_file_path = base_file_path + ".original"
medium_file_path = base_file_path + "-medium.png"
with get_test_image_file("img.png") as image_file:
zerver.lib.upload.upload_backend.upload_avatar_image(
image_file, user_profile, user_profile
)
key = bucket.Object(original_file_path)
image_data = key.get()["Body"].read()
zerver.lib.upload.upload_backend.ensure_avatar_image(user_profile)
resized_avatar = resize_avatar(image_data)
key = bucket.Object(file_path)
self.assertEqual(resized_avatar, key.get()["Body"].read())
zerver.lib.upload.upload_backend.ensure_avatar_image(user_profile, is_medium=True)
resized_avatar = resize_avatar(image_data, MEDIUM_AVATAR_SIZE)
key = bucket.Object(medium_file_path)
self.assertEqual(resized_avatar, key.get()["Body"].read())
zerver/tests: Test get_emoji_url for S3.
2018-05-14 23:37:02 +02:00
@use_s3_backend
def test_get_emoji_url(self) -> None:
emoji_name = "emoji.png"
realm_id = 1
bucket = settings.S3_AVATAR_BUCKET
path = RealmEmoji.PATH_ID_TEMPLATE.format(realm_id=realm_id, emoji_file_name=emoji_name)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
url = zerver.lib.upload.upload_backend.get_emoji_url("emoji.png", realm_id)
zerver/tests: Test get_emoji_url for S3.
2018-05-14 23:37:02 +02:00
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
expected_url = f"https://{bucket}.s3.amazonaws.com/{path}"
zerver/tests: Test get_emoji_url for S3.
2018-05-14 23:37:02 +02:00
self.assertEqual(expected_url, url)
emoji: Add backend changes to support still image for animated emojis. Now, when we add a custom animated emoji to the realm we also save a still image of it (1st frame of the gif). So we can avoid showing an animated emoji every time.
2021-08-12 10:19:53 +02:00
emoji_name = "animated_image.gif"
path = RealmEmoji.PATH_ID_TEMPLATE.format(realm_id=realm_id, emoji_file_name=emoji_name)
still_path = RealmEmoji.STILL_PATH_ID_TEMPLATE.format(
realm_id=realm_id, emoji_filename_without_extension=os.path.splitext(emoji_name)[0]
)
url = zerver.lib.upload.upload_backend.get_emoji_url("animated_image.gif", realm_id)
still_url = zerver.lib.upload.upload_backend.get_emoji_url(
"animated_image.gif", realm_id, still=True
)
expected_url = f"https://{bucket}.s3.amazonaws.com/{path}"
self.assertEqual(expected_url, url)
expected_still_url = f"https://{bucket}.s3.amazonaws.com/{still_path}"
self.assertEqual(expected_still_url, still_url)
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
@use_s3_backend
public_export: Add logic for deleting the export tarball. The path to the uploaded tarball is reconstructed via the relative url and removed with the canonical methods in `upload.py`.
2019-06-27 20:41:47 +02:00
def test_tarball_upload_and_deletion(self) -> None:
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
bucket = create_s3_buckets(settings.S3_AVATAR_BUCKET)[0]
user_profile = self.example_user("iago")
self.assertTrue(user_profile.is_realm_admin)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
tarball_path = os.path.join(settings.TEST_WORKER_DIR, "tarball.tar.gz")
with open(tarball_path, "w") as f:
f.write("dummy")
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
export: Only print .s with percent_callback to console. The S3 data export tool's upload code path uses this nice boto callback feature for showing a progress bar, which is nice for the management command. It's spammy/broken in production and the backend tests, so we change percent_callback to be a parameter passed in so that it can only be used in the contexts where it makes sense.
2020-07-30 22:10:15 +02:00
total_bytes_transferred = 0
def percent_callback(bytes_transferred: int) -> None:
nonlocal total_bytes_transferred
total_bytes_transferred += bytes_transferred
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
uri = upload_export_tarball(
user_profile.realm, tarball_path, percent_callback=percent_callback
)
export: Only print .s with percent_callback to console. The S3 data export tool's upload code path uses this nice boto callback feature for showing a progress bar, which is nice for the management command. It's spammy/broken in production and the backend tests, so we change percent_callback to be a parameter passed in so that it can only be used in the contexts where it makes sense.
2020-07-30 22:10:15 +02:00
# Verify the percent_callback API works
self.assertEqual(total_bytes_transferred, 5)
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
result = re.search(re.compile(r"([0-9a-fA-F]{32})"), uri)
if result is not None:
hex_value = result.group(1)
python: Convert more "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, with more restrictions patched out. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-10 06:40:53 +02:00
expected_url = f"https://{bucket.name}.s3.amazonaws.com/exports/{hex_value}/{os.path.basename(tarball_path)}"
export/upload: Refactor tarball upload logic to upload_backend. The conditional block containing the tarball upload logic for both S3 and local uploads was deconstructed and moved to the more appropriate location within `zerver/lib/upload.py`.
2019-06-21 22:46:04 +02:00
self.assertEqual(uri, expected_url)
public_export: Add logic for deleting the export tarball. The path to the uploaded tarball is reconstructed via the relative url and removed with the canonical methods in `upload.py`.
2019-06-27 20:41:47 +02:00
# Delete the tarball.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
with self.assertLogs(level="WARNING") as warn_log:
self.assertIsNone(delete_export_tarball("/not_a_file"))
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
warn_log.output,
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
["WARNING:root:not_a_file does not exist. Its entry in the database will be removed."],
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
public_export: Add logic for deleting the export tarball. The path to the uploaded tarball is reconstructed via the relative url and removed with the canonical methods in `upload.py`.
2019-06-27 20:41:47 +02:00
path_id = urllib.parse.urlparse(uri).path
self.assertEqual(delete_export_tarball(path_id), path_id)
zerver/tests: Test get_realm_for_filename when filename doesn't exist.
2018-05-14 19:53:26 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
tests: Make all tests inherit ZulipTestCase. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-01 04:19:54 +02:00
class SanitizeNameTests(ZulipTestCase):
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_file_name(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assertEqual(sanitize_name("test.txt"), "test.txt")
self.assertEqual(sanitize_name(".hidden"), ".hidden")
self.assertEqual(sanitize_name(".hidden.txt"), ".hidden.txt")
self.assertEqual(sanitize_name("tarball.tar.gz"), "tarball.tar.gz")
self.assertEqual(sanitize_name(".hidden_tarball.tar.gz"), ".hidden_tarball.tar.gz")
self.assertEqual(sanitize_name("Testing{}*&*#().ta&&%$##&&r.gz"), "Testing.tar.gz")
self.assertEqual(sanitize_name("*testingfile?*.txt"), "testingfile.txt")
self.assertEqual(sanitize_name("snowman☃.txt"), "snowman.txt")
self.assertEqual(sanitize_name("테스트.txt"), "테스트.txt")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
sanitize_name('~/."\\`\\?*"u0`000ssh/test.t**{}ar.gz'), ".u0000sshtest.tar.gz"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
zerver/tests: Test currently_used_upload_space function.
2018-05-14 21:33:51 +02:00
class UploadSpaceTests(UploadSerializeMixin, ZulipTestCase):
def setUp(self) -> None:
tests: setUp overrides should call super().setUp(). MigrationsTestCase is intentionally omitted from this, since migrations tests are different in their nature and so whatever setUp() ZulipTestCase may do in the future, MigrationsTestCase may not necessarily want to replicate.
2019-10-19 20:47:00 +02:00
super().setUp()
zerver/tests: Test currently_used_upload_space function.
2018-05-14 21:33:51 +02:00
self.realm = get_realm("zulip")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.user_profile = self.example_user("hamlet")
zerver/tests: Test currently_used_upload_space function.
2018-05-14 21:33:51 +02:00
def test_currently_used_upload_space(self) -> None:
models: Cache currently_used_upload_space_bytes function.
2019-01-14 07:46:31 +01:00
self.assertEqual(None, cache_get(get_realm_used_upload_space_cache_key(self.realm)))
models: Move currently_used_upload_space function to Realm model.
2019-01-11 13:41:52 +01:00
self.assertEqual(0, self.realm.currently_used_upload_space_bytes())
models: Cache currently_used_upload_space_bytes function.
2019-01-14 07:46:31 +01:00
self.assertEqual(0, cache_get(get_realm_used_upload_space_cache_key(self.realm))[0])
zerver/tests: Test currently_used_upload_space function.
2018-05-14 21:33:51 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
data = b"zulip!"
upload_message_file("dummy.txt", len(data), "text/plain", data, self.user_profile)
uploads: Show used upload space in attachments UI.
2019-01-17 12:05:09 +01:00
# notify_attachment_update function calls currently_used_upload_space_bytes which
# updates the cache.
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(data, cache_get(get_realm_used_upload_space_cache_key(self.realm))[0])
self.assert_length(data, self.realm.currently_used_upload_space_bytes())
zerver/tests: Test currently_used_upload_space function.
2018-05-14 21:33:51 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
data2 = b"more-data!"
upload_message_file("dummy2.txt", len(data2), "text/plain", data2, self.user_profile)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
len(data) + len(data2), cache_get(get_realm_used_upload_space_cache_key(self.realm))[0]
)
uploads: Show used upload space in attachments UI.
2019-01-17 12:05:09 +01:00
self.assertEqual(len(data) + len(data2), self.realm.currently_used_upload_space_bytes())
models: Cache currently_used_upload_space_bytes function.
2019-01-14 07:46:31 +01:00
attachment = Attachment.objects.get(file_name="dummy.txt")
attachment.file_name = "dummy1.txt"
attachment.save(update_fields=["file_name"])
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assertEqual(
len(data) + len(data2), cache_get(get_realm_used_upload_space_cache_key(self.realm))[0]
)
models: Cache currently_used_upload_space_bytes function.
2019-01-14 07:46:31 +01:00
self.assertEqual(len(data) + len(data2), self.realm.currently_used_upload_space_bytes())
attachment.delete()
self.assertEqual(None, cache_get(get_realm_used_upload_space_cache_key(self.realm)))
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(data2, self.realm.currently_used_upload_space_bytes())
api: Add endpoint for fetching used upload space info.
2019-01-17 12:04:54 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
uploads: Return a HTTP 400 error for a decompression bomb attack. Fixes: #11215.
2019-01-13 07:27:30 +01:00
class DecompressionBombTests(ZulipTestCase):
def setUp(self) -> None:
tests: setUp overrides should call super().setUp(). MigrationsTestCase is intentionally omitted from this, since migrations tests are different in their nature and so whatever setUp() ZulipTestCase may do in the future, MigrationsTestCase may not necessarily want to replicate.
2019-10-19 20:47:00 +02:00
super().setUp()
realm_emoji: Stop swallowing all exceptions from upload_emoji_image. Putting all of the logic in a `finally` block is equivalent to a bare `except` block, which silently consumes all exceptions. Move only the most-necessary parts into the except; this lets `BadImageError` exceptions from `zerver/lib/upload.py` to escape, allowing better the generic "Image file upload failed" to be replaced with a more specific message. It also allows unexpected exceptions, as the previous commit resolved, to escape and 500. This lets them be detected and resolved, rather than give users a silently bad experience.
2022-02-17 00:01:27 +01:00
self.test_urls = [
"/json/users/me/avatar",
"/json/realm/logo",
"/json/realm/icon",
"/json/realm/emoji/bomb_emoji",
]
uploads: Return a HTTP 400 error for a decompression bomb attack. Fixes: #11215.
2019-01-13 07:27:30 +01:00
def test_decompression_bomb(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("iago")
uploads: Return a HTTP 400 error for a decompression bomb attack. Fixes: #11215.
2019-01-13 07:27:30 +01:00
with get_test_image_file("bomb.png") as fp:
realm_emoji: Stop swallowing all exceptions from upload_emoji_image. Putting all of the logic in a `finally` block is equivalent to a bare `except` block, which silently consumes all exceptions. Move only the most-necessary parts into the except; this lets `BadImageError` exceptions from `zerver/lib/upload.py` to escape, allowing better the generic "Image file upload failed" to be replaced with a more specific message. It also allows unexpected exceptions, as the previous commit resolved, to escape and 500. This lets them be detected and resolved, rather than give users a silently bad experience.
2022-02-17 00:01:27 +01:00
for url in self.test_urls:
uploads: Return a HTTP 400 error for a decompression bomb attack. Fixes: #11215.
2019-01-13 07:27:30 +01:00
fp.seek(0, 0)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
if url == "/json/realm/logo":
result = self.client_post(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
url, {"f1": fp, "night": orjson.dumps(False).decode()}
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
settings: Add support for uploading logo for night mode. This adds a new field named realm_night_logo which is used for displaying the organization logo when the user is in night mode. Fixes #11176.
2019-01-27 08:25:10 +01:00
else:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
result = self.client_post(url, {"f1": fp})
realm_emoji: Stop swallowing all exceptions from upload_emoji_image. Putting all of the logic in a `finally` block is equivalent to a bare `except` block, which silently consumes all exceptions. Move only the most-necessary parts into the except; this lets `BadImageError` exceptions from `zerver/lib/upload.py` to escape, allowing better the generic "Image file upload failed" to be replaced with a more specific message. It also allows unexpected exceptions, as the previous commit resolved, to escape and 500. This lets them be detected and resolved, rather than give users a silently bad experience.
2022-02-17 00:01:27 +01:00
self.assert_json_error(result, "Image size exceeds limit.")