bug #278 - allow "internal hosts" to browse site2014.07

Allow IP's in INTERNAL_HOSTS to be able to browse the site still.

Change-Id: I51f7b67730b618767891d925e4bf17f81c8106e9

2 files changed, 27 insertions, 14 deletions

diff --git a/license_protected_downloads/tests/test_views.py b/license_protected_downloads/tests/test_views.py
index 1ca48a1..4bf6ff1 100644
--- a/license_protected_downloads/tests/test_views.py
+++ b/license_protected_downloads/tests/test_views.py
@@ -1,8 +1,5 @@
 __author__ = 'dooferlad'
 
-from django.conf import settings
-from django.test import Client, TestCase
-from django.http import HttpResponse
 import hashlib
 import os
 import tempfile
@@ -12,7 +9,12 @@ import urlparse
 import json
 import random
 import shutil
-from mock import Mock
+
+import mock
+
+from django.conf import settings
+from django.test import Client, TestCase
+from django.http import HttpResponse
 
 from license_protected_downloads.buildinfo import BuildInfo
 from license_protected_downloads.config import INTERNAL_HOSTS
@@ -372,8 +374,22 @@ class ViewTests(BaseServeViewTest):
         # Test that we use the "samsung" theme. This contains exynos.png
         self.assertContains(response, "exynos.png")
 
-    # test_internal_host_* are integration, not unit tests and will be
-    # located in another file...
+    @mock.patch('license_protected_downloads.views.config')
+    def test_protected_internal_file(self, config):
+        '''ensure a protected file can be downloaded by an internal host'''
+        config.INTERNAL_HOSTS = ('127.0.0.1',)
+        target_file = "~linaro-android/staging-origen/test.txt"
+        url = urlparse.urljoin("http://testserver/", target_file)
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+        self.assertIn('X-Sendfile', response)
+
+    @mock.patch('license_protected_downloads.views.config')
+    def test_protected_internal_listing(self, config):
+        '''ensure directory listings are browseable for internal hosts'''
+        config.INTERNAL_HOSTS = ('127.0.0.1',)
+        response = self.client.get('http://testserver/')
+        self.assertIn('linaro-license-protection.git/commit', response.content)
 
     def test_per_file_license_samsung(self):
         # Get BuildInfo for target file
@@ -1124,7 +1140,7 @@ class FileViewTests(BaseServeViewTest):
 class ViewHelpersTests(BaseServeViewTest):
     def test_auth_group_error(self):
         groups = ["linaro", "batman", "catwoman", "joker"]
-        request = Mock()
+        request = mock.Mock()
         request.path = "mock_path"
         response = views.group_auth_failed_response(request, groups)
         self.assertIsNotNone(response)
diff --git a/license_protected_downloads/views.py b/license_protected_downloads/views.py
index 1f52496..abdd4ab 100644
--- a/license_protected_downloads/views.py
+++ b/license_protected_downloads/views.py
@@ -480,6 +480,7 @@ def file_server_get(request, path):
 
     url = path
     result = test_path(path, request)
+    internal = get_client_ip(request) in config.INTERNAL_HOSTS
 
     if not result:
         raise Http404
@@ -487,11 +488,7 @@ def file_server_get(request, path):
     target_type = result[0]
     path = result[1]
 
-    if get_client_ip(request) in config.INTERNAL_HOSTS:
-        # For internal trusted hosts, short-circuit any further checks
-        return send_file(path)
-
-    if BuildInfo.build_info_exists(path):
+    if not internal and BuildInfo.build_info_exists(path):
         try:
             build_info = BuildInfo(path)
         except IncorrectDataFormatException:
@@ -559,9 +556,9 @@ def file_server_get(request, path):
     if not file_listed(path, url):
         raise Http404
 
-    if (get_client_ip(request) in config.INTERNAL_HOSTS or
+    if (internal or
         is_whitelisted(os.path.join('/', url)) or
-        "key" in request.GET): # If user has a key, default to open
+        "key" in request.GET):  # If user has a key, default to open
         digests = 'OPEN'
     else:
         digests = is_protected(path)