diff options
author | Andy Doan <doanac@beadoan.com> | 2014-07-29 19:36:18 +0000 |
---|---|---|
committer | Andy Doan <doanac@beadoan.com> | 2014-07-29 19:36:18 +0000 |
commit | ac2c301995451f202243b313c1f994bc6ba0e899 (patch) | |
tree | 311491ec5125e21cdfd678f97feba5f2b6ca5458 | |
parent | 0b8ff0af688a88ddc9774ab462c50be3b5a139c0 (diff) |
bug #278 - allow "internal hosts" to browse site2014.07
Allow IP's in INTERNAL_HOSTS to be able to browse the site still.
Change-Id: I51f7b67730b618767891d925e4bf17f81c8106e9
-rw-r--r-- | license_protected_downloads/tests/test_views.py | 30 | ||||
-rw-r--r-- | license_protected_downloads/views.py | 11 |
2 files changed, 27 insertions, 14 deletions
diff --git a/license_protected_downloads/tests/test_views.py b/license_protected_downloads/tests/test_views.py index 1ca48a1..4bf6ff1 100644 --- a/license_protected_downloads/tests/test_views.py +++ b/license_protected_downloads/tests/test_views.py @@ -1,8 +1,5 @@ __author__ = 'dooferlad' -from django.conf import settings -from django.test import Client, TestCase -from django.http import HttpResponse import hashlib import os import tempfile @@ -12,7 +9,12 @@ import urlparse import json import random import shutil -from mock import Mock + +import mock + +from django.conf import settings +from django.test import Client, TestCase +from django.http import HttpResponse from license_protected_downloads.buildinfo import BuildInfo from license_protected_downloads.config import INTERNAL_HOSTS @@ -372,8 +374,22 @@ class ViewTests(BaseServeViewTest): # Test that we use the "samsung" theme. This contains exynos.png self.assertContains(response, "exynos.png") - # test_internal_host_* are integration, not unit tests and will be - # located in another file... + @mock.patch('license_protected_downloads.views.config') + def test_protected_internal_file(self, config): + '''ensure a protected file can be downloaded by an internal host''' + config.INTERNAL_HOSTS = ('127.0.0.1',) + target_file = "~linaro-android/staging-origen/test.txt" + url = urlparse.urljoin("http://testserver/", target_file) + response = self.client.get(url) + self.assertEqual(response.status_code, 200) + self.assertIn('X-Sendfile', response) + + @mock.patch('license_protected_downloads.views.config') + def test_protected_internal_listing(self, config): + '''ensure directory listings are browseable for internal hosts''' + config.INTERNAL_HOSTS = ('127.0.0.1',) + response = self.client.get('http://testserver/') + self.assertIn('linaro-license-protection.git/commit', response.content) def test_per_file_license_samsung(self): # Get BuildInfo for target file @@ -1124,7 +1140,7 @@ class FileViewTests(BaseServeViewTest): class ViewHelpersTests(BaseServeViewTest): def test_auth_group_error(self): groups = ["linaro", "batman", "catwoman", "joker"] - request = Mock() + request = mock.Mock() request.path = "mock_path" response = views.group_auth_failed_response(request, groups) self.assertIsNotNone(response) diff --git a/license_protected_downloads/views.py b/license_protected_downloads/views.py index 1f52496..abdd4ab 100644 --- a/license_protected_downloads/views.py +++ b/license_protected_downloads/views.py @@ -480,6 +480,7 @@ def file_server_get(request, path): url = path result = test_path(path, request) + internal = get_client_ip(request) in config.INTERNAL_HOSTS if not result: raise Http404 @@ -487,11 +488,7 @@ def file_server_get(request, path): target_type = result[0] path = result[1] - if get_client_ip(request) in config.INTERNAL_HOSTS: - # For internal trusted hosts, short-circuit any further checks - return send_file(path) - - if BuildInfo.build_info_exists(path): + if not internal and BuildInfo.build_info_exists(path): try: build_info = BuildInfo(path) except IncorrectDataFormatException: @@ -559,9 +556,9 @@ def file_server_get(request, path): if not file_listed(path, url): raise Http404 - if (get_client_ip(request) in config.INTERNAL_HOSTS or + if (internal or is_whitelisted(os.path.join('/', url)) or - "key" in request.GET): # If user has a key, default to open + "key" in request.GET): # If user has a key, default to open digests = 'OPEN' else: digests = is_protected(path) |