studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(backend) add missing test on media-auth and collaboration-auth

Browse Source 
These methods were involved in a bug that was fixed without first
evidencing the error in a test:
https://github.com/suitenumerique/docs/pull/556

Fixes https://github.com/suitenumerique/docs/issues/567
This commit is contained in:
Samuel Paccoud - DINUM
2025-01-17 18:59:24 +01:00
committed by Manuel Raynaud
parent 3e9b530985
commit 621393165f
4 changed files with 60 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/core/api/viewsets.py
View File

@@ -2,7 +2,6 @@
# pylint: disable=too-many-lines # pylint: disable=too-many-lines
import logging import logging
import re
import uuid import uuid
from urllib.parse import unquote, urlparse from urllib.parse import unquote, urlparse
@@ -35,6 +34,7 @@ from .filters import DocumentFilter, ListDocumentFilter
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
<<<<<<< HEAD
ATTACHMENTS_FOLDER = "attachments" ATTACHMENTS_FOLDER = "attachments"
UUID_REGEX = ( UUID_REGEX = (
r"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}" r"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}"
@@ -45,6 +45,8 @@ MEDIA_STORAGE_URL_PATTERN = re.compile(
f"(?P<key>{ATTACHMENTS_FOLDER:s}/{UUID_REGEX:s}(?:-unsafe)?{FILE_EXT_REGEX:s})$" f"(?P<key>{ATTACHMENTS_FOLDER:s}/{UUID_REGEX:s}(?:-unsafe)?{FILE_EXT_REGEX:s})$"
) )
COLLABORATION_WS_URL_PATTERN = re.compile(rf"(?:^|&)room=(?P<pk>{UUID_REGEX})(?:&|$)") COLLABORATION_WS_URL_PATTERN = re.compile(rf"(?:^|&)room=(?P<pk>{UUID_REGEX})(?:&|$)")
=======
>>>>>>> 8076486a ((backend) add missing test on media-auth and collaboration-auth)
# pylint: disable=too-many-ancestors # pylint: disable=too-many-ancestors

16
src/backend/core/enums.py
View File

@@ -2,10 +2,24 @@
Core application enums declaration Core application enums declaration
""" """
from django.conf import global_settings import re
from django.conf import global_settings, settings
from django.db import models from django.db import models
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
ATTACHMENTS_FOLDER = "attachments"
UUID_REGEX = (
r"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}"
)
FILE_EXT_REGEX = r"\.[a-zA-Z]{3,4}"
MEDIA_STORAGE_URL_PATTERN = re.compile(
f"{settings.MEDIA_URL:s}(?P<pk>{UUID_REGEX:s})/"
f"(?P<key>{ATTACHMENTS_FOLDER:s}/{UUID_REGEX:s}{FILE_EXT_REGEX:s})$"
)
COLLABORATION_WS_URL_PATTERN = re.compile(rf"(?:^|&)room=(?P<pk>{UUID_REGEX})(?:&|$)")
# In Django's code base, `LANGUAGES` is set by default with all supported languages. # In Django's code base, `LANGUAGES` is set by default with all supported languages.
# We can use it for the choice of languages which should not be limited to the few languages # We can use it for the choice of languages which should not be limited to the few languages
# active in the app. # active in the app.

21
src/backend/core/tests/documents/test_api_documents_collaboration_auth.py
View File

@@ -2,6 +2,8 @@
Test collaboration websocket access API endpoint for users in impress's core app. Test collaboration websocket access API endpoint for users in impress's core app.
""" """
from uuid import uuid4
from django.test import override_settings from django.test import override_settings
import pytest import pytest
@@ -13,6 +15,21 @@ from core.tests.conftest import TEAM, USER, VIA
pytestmark = pytest.mark.django_db pytestmark = pytest.mark.django_db
def test_api_documents_collaboration_auth_unkown_document():
"""
Trying to connect to the collaboration server on a document ID that does not exist
should not have the side effect to create it (no regression test).
"""
original_url = f"http://localhost/collaboration/ws/?room={uuid4()!s}"
response = APIClient().get(
"/api/v1.0/documents/collaboration-auth/", HTTP_X_ORIGINAL_URL=original_url
)
assert response.status_code == 403
assert models.Document.objects.exists() is False
def test_api_documents_collaboration_auth_original_url_not_matching(): def test_api_documents_collaboration_auth_original_url_not_matching():
""" """
Trying to authenticate on the collaboration server with an invalid Trying to authenticate on the collaboration server with an invalid
@@ -31,11 +48,13 @@ def test_api_documents_collaboration_auth_original_url_not_matching():
assert "X-User-Id" not in response assert "X-User-Id" not in response
def test_api_documents_collaboration_auth_secret_not_defined(): def test_api_documents_collaboration_auth_secret_not_defined(settings):
""" """
Trying to authenticate on the collaboration server when the secret is not defined Trying to authenticate on the collaboration server when the secret is not defined
should return a 403. should return a 403.
""" """
settings.COLLABORATION_SERVER_SECRET = None
document = factories.DocumentFactory(link_reach="public") document = factories.DocumentFactory(link_reach="public")
response = APIClient().get( response = APIClient().get(

29
src/backend/core/tests/documents/test_api_documents_media_auth.py
View File

@@ -2,9 +2,9 @@
Test file uploads API endpoint for users in impress's core app. Test file uploads API endpoint for users in impress's core app.
""" """
import uuid
from io import BytesIO from io import BytesIO
from urllib.parse import urlparse from urllib.parse import urlparse
from uuid import uuid4
from django.conf import settings from django.conf import settings
from django.core.files.storage import default_storage from django.core.files.storage import default_storage
@@ -14,17 +14,32 @@ import pytest
import requests import requests
from rest_framework.test import APIClient from rest_framework.test import APIClient
from core import factories from core import factories, models
from core.tests.conftest import TEAM, USER, VIA from core.tests.conftest import TEAM, USER, VIA
pytestmark = pytest.mark.django_db pytestmark = pytest.mark.django_db
def test_api_documents_media_auth_unkown_document():
"""
Trying to download a media related to a document ID that does not exist
should not have the side effect to create it (no regression test).
"""
original_url = f"http://localhost/media/{uuid4()!s}/attachments/{uuid4()!s}.jpg"
response = APIClient().get(
"/api/v1.0/documents/media-auth/", HTTP_X_ORIGINAL_URL=original_url
)
assert response.status_code == 403
assert models.Document.objects.exists() is False
def test_api_documents_media_auth_anonymous_public(): def test_api_documents_media_auth_anonymous_public():
"""Anonymous users should be able to retrieve attachments linked to a public document""" """Anonymous users should be able to retrieve attachments linked to a public document"""
document = factories.DocumentFactory(link_reach="public") document = factories.DocumentFactory(link_reach="public")
filename = f"{uuid.uuid4()!s}.jpg" filename = f"{uuid4()!s}.jpg"
key = f"{document.pk!s}/attachments/{filename:s}" key = f"{document.pk!s}/attachments/{filename:s}"
default_storage.connection.meta.client.put_object( default_storage.connection.meta.client.put_object(
@@ -96,7 +111,7 @@ def test_api_documents_media_auth_anonymous_authenticated_or_restricted(reach):
""" """
document = factories.DocumentFactory(link_reach=reach) document = factories.DocumentFactory(link_reach=reach)
filename = f"{uuid.uuid4()!s}.jpg" filename = f"{uuid4()!s}.jpg"
media_url = f"http://localhost/media/{document.pk!s}/attachments/{filename:s}" media_url = f"http://localhost/media/{document.pk!s}/attachments/{filename:s}"
response = APIClient().get( response = APIClient().get(
@@ -119,7 +134,7 @@ def test_api_documents_media_auth_authenticated_public_or_authenticated(reach):
client = APIClient() client = APIClient()
client.force_login(user) client.force_login(user)
filename = f"{uuid.uuid4()!s}.jpg" filename = f"{uuid4()!s}.jpg"
key = f"{document.pk!s}/attachments/{filename:s}" key = f"{document.pk!s}/attachments/{filename:s}"
default_storage.connection.meta.client.put_object( default_storage.connection.meta.client.put_object(
@@ -170,7 +185,7 @@ def test_api_documents_media_auth_authenticated_restricted():
client = APIClient() client = APIClient()
client.force_login(user) client.force_login(user)
filename = f"{uuid.uuid4()!s}.jpg" filename = f"{uuid4()!s}.jpg"
media_url = f"http://localhost/media/{document.pk!s}/attachments/{filename:s}" media_url = f"http://localhost/media/{document.pk!s}/attachments/{filename:s}"
response = client.get( response = client.get(
@@ -198,7 +213,7 @@ def test_api_documents_media_auth_related(via, mock_user_teams):
mock_user_teams.return_value = ["lasuite", "unknown"] mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamDocumentAccessFactory(document=document, team="lasuite") factories.TeamDocumentAccessFactory(document=document, team="lasuite")
filename = f"{uuid.uuid4()!s}.jpg" filename = f"{uuid4()!s}.jpg"
key = f"{document.pk!s}/attachments/{filename:s}" key = f"{document.pk!s}/attachments/{filename:s}"
default_storage.connection.meta.client.put_object( default_storage.connection.meta.client.put_object(