##// END OF EJS Templates
deps: bumped urllib3==1.26.20
deps: bumped urllib3==1.26.20

File last commit:

r1327:278da2b3 default
r1335:cd3f3da3 default
Show More
test_lfs_app.py
310 lines | 11.8 KiB | text/x-python | PythonLexer
git-lfs: added vcsserver handling of git-lfs objects....
r180 # RhodeCode VCSServer provides access to different vcs backends via network.
core: updated copyrights to 2024
r1327 # Copyright (C) 2014-2024 RhodeCode GmbH
git-lfs: added vcsserver handling of git-lfs objects....
r180 #
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
import os
import pytest
from webtest.app import TestApp as WebObTestApp
chore(refactor): renamed rc_json to ext_json for ce compat
r1243 from vcsserver.lib.ext_json import json
core: moved str_utils and type_utils to lib so it's consistent with ce, and easier to sync up codebases
r1249 from vcsserver.lib.str_utils import safe_bytes
git-lfs: added vcsserver handling of git-lfs objects....
r180 from vcsserver.git_lfs.app import create_app
fix(LFS): fixed LFSOidStorage, enbled LFS fetching on repo fetch, fixed tests and python3 transition related leftovers. Fixes: RCCE-8
r1194 from vcsserver.git_lfs.lib import LFSOidStore
git-lfs: added vcsserver handling of git-lfs objects....
r180
@pytest.fixture(scope='function')
def git_lfs_app(tmpdir):
custom_app = WebObTestApp(create_app(
dan
git-lfs: fixed bug #5399 git-lfs application failed to generate HTTPS urls properly.
r700 git_lfs_enabled=True, git_lfs_store_path=str(tmpdir),
git_lfs_http_scheme='http'))
custom_app._store = str(tmpdir)
return custom_app
@pytest.fixture(scope='function')
def git_lfs_https_app(tmpdir):
custom_app = WebObTestApp(create_app(
git_lfs_enabled=True, git_lfs_store_path=str(tmpdir),
git_lfs_http_scheme='https'))
git-lfs: added vcsserver handling of git-lfs objects....
r180 custom_app._store = str(tmpdir)
return custom_app
@pytest.fixture()
def http_auth():
return {'HTTP_AUTHORIZATION': "Basic XXXXX"}
lint: auto-fixes
r1152 class TestLFSApplication:
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_wrong_path(self, git_lfs_app):
git_lfs_app.get('/repo/info/lfs/xxx', status=404)
def test_app_deprecated_endpoint(self, git_lfs_app):
response = git_lfs_app.post('/repo/info/lfs/objects', status=501)
assert response.status_code == 501
py3: 2to3 run
r1044 assert json.loads(response.text) == {'message': 'LFS: v1 api not supported'}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_lock_verify_api_not_available(self, git_lfs_app):
response = git_lfs_app.post('/repo/info/lfs/locks/verify', status=501)
assert response.status_code == 501
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
py3: 2to3 run
r1044 'message': 'GIT LFS locking api not supported'}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_lock_api_not_available(self, git_lfs_app):
response = git_lfs_app.post('/repo/info/lfs/locks', status=501)
assert response.status_code == 501
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
py3: 2to3 run
r1044 'message': 'GIT LFS locking api not supported'}
git-lfs: added vcsserver handling of git-lfs objects....
r180
dan
git-lfs: fixed bug #5399 git-lfs application failed to generate HTTPS urls properly.
r700 def test_app_batch_api_missing_auth(self, git_lfs_app):
git-lfs: added vcsserver handling of git-lfs objects....
r180 git_lfs_app.post_json(
'/repo/info/lfs/objects/batch', params={}, status=403)
def test_app_batch_api_unsupported_operation(self, git_lfs_app, http_auth):
response = git_lfs_app.post_json(
'/repo/info/lfs/objects/batch', params={}, status=400,
extra_environ=http_auth)
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
py3: 2to3 run
r1044 'message': 'unsupported operation mode: `None`'}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_batch_api_missing_objects(self, git_lfs_app, http_auth):
response = git_lfs_app.post_json(
'/repo/info/lfs/objects/batch', params={'operation': 'download'},
status=400, extra_environ=http_auth)
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
py3: 2to3 run
r1044 'message': 'missing objects data'}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_batch_api_unsupported_data_in_objects(
self, git_lfs_app, http_auth):
params = {'operation': 'download',
'objects': [{}]}
response = git_lfs_app.post_json(
'/repo/info/lfs/objects/batch', params=params, status=400,
extra_environ=http_auth)
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
py3: 2to3 run
r1044 'message': 'unsupported data in objects'}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_batch_api_download_missing_object(
self, git_lfs_app, http_auth):
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 params = {
'operation': 'download',
'objects': [{'oid': '123', 'size': '1024'}]
}
git-lfs: added vcsserver handling of git-lfs objects....
r180 response = git_lfs_app.post_json(
'/repo/info/lfs/objects/batch', params=params,
extra_environ=http_auth)
expected_objects = [
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 {
'oid': '123',
'size': '1024',
'authenticated': True,
'errors': {'error': {'code': 404, 'message': 'object: 123 does not exist in store'}},
}
git-lfs: added vcsserver handling of git-lfs objects....
r180 ]
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 'objects': expected_objects,
'transfer': 'basic'
}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_batch_api_download(self, git_lfs_app, http_auth):
oid = '456'
fix(LFS): fixed LFSOidStorage, enbled LFS fetching on repo fetch, fixed tests and python3 transition related leftovers. Fixes: RCCE-8
r1194 oid_path = LFSOidStore(oid=oid, repo=None, store_location=git_lfs_app._store).oid_path
git-lfs: don't store oid under repo-path....
r181 if not os.path.isdir(os.path.dirname(oid_path)):
os.makedirs(os.path.dirname(oid_path))
git-lfs: added vcsserver handling of git-lfs objects....
r180 with open(oid_path, 'wb') as f:
python3: code change for py3 support...
r1048 f.write(safe_bytes('OID_CONTENT'))
git-lfs: added vcsserver handling of git-lfs objects....
r180
params = {'operation': 'download',
'objects': [{'oid': oid, 'size': '1024'}]}
response = git_lfs_app.post_json(
'/repo/info/lfs/objects/batch', params=params,
extra_environ=http_auth)
expected_objects = [
py3: 2to3 run
r1044 {'authenticated': True,
'actions': {
'download': {
'header': {'Authorization': 'Basic XXXXX'},
'href': 'http://localhost/repo/info/lfs/objects/456'},
git-lfs: added vcsserver handling of git-lfs objects....
r180 },
py3: 2to3 run
r1044 'oid': '456',
'size': '1024'}
git-lfs: added vcsserver handling of git-lfs objects....
r180 ]
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 'objects': expected_objects,
'transfer': 'basic'
}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_batch_api_upload(self, git_lfs_app, http_auth):
params = {'operation': 'upload',
'objects': [{'oid': '123', 'size': '1024'}]}
response = git_lfs_app.post_json(
'/repo/info/lfs/objects/batch', params=params,
extra_environ=http_auth)
expected_objects = [
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 {
'authenticated': True,
'actions': {
'upload': {
'header': {
'Authorization': 'Basic XXXXX',
'Transfer-Encoding': 'chunked'
},
'href': 'http://localhost/repo/info/lfs/objects/123'
},
'verify': {
'header': {
'Authorization': 'Basic XXXXX'
},
'href': 'http://localhost/repo/info/lfs/verify'
}
},
'oid': '123',
'size': '1024'
}
git-lfs: added vcsserver handling of git-lfs objects....
r180 ]
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 'objects': expected_objects,
'transfer': 'basic'
}
git-lfs: added vcsserver handling of git-lfs objects....
r180
dan
git-lfs: fixed bug #5399 git-lfs application failed to generate HTTPS urls properly.
r700 def test_app_batch_api_upload_for_https(self, git_lfs_https_app, http_auth):
params = {'operation': 'upload',
'objects': [{'oid': '123', 'size': '1024'}]}
response = git_lfs_https_app.post_json(
'/repo/info/lfs/objects/batch', params=params,
extra_environ=http_auth)
expected_objects = [
py3: 2to3 run
r1044 {'authenticated': True,
'actions': {
'upload': {
'header': {'Authorization': 'Basic XXXXX',
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 'Transfer-Encoding': 'chunked'},
py3: 2to3 run
r1044 'href': 'https://localhost/repo/info/lfs/objects/123'},
'verify': {
'header': {'Authorization': 'Basic XXXXX'},
'href': 'https://localhost/repo/info/lfs/verify'}
dan
git-lfs: fixed bug #5399 git-lfs application failed to generate HTTPS urls properly.
r700 },
py3: 2to3 run
r1044 'oid': '123',
'size': '1024'}
dan
git-lfs: fixed bug #5399 git-lfs application failed to generate HTTPS urls properly.
r700 ]
assert json.loads(response.text) == {
'objects': expected_objects, 'transfer': 'basic'}
git-lfs: added vcsserver handling of git-lfs objects....
r180 def test_app_verify_api_missing_data(self, git_lfs_app):
dan
git-lfs: fixed bug #5399 git-lfs application failed to generate HTTPS urls properly.
r700 params = {'oid': 'missing'}
git-lfs: added vcsserver handling of git-lfs objects....
r180 response = git_lfs_app.post_json(
'/repo/info/lfs/verify', params=params,
status=400)
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
py3: 2to3 run
r1044 'message': 'missing oid and size in request data'}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_verify_api_missing_obj(self, git_lfs_app):
params = {'oid': 'missing', 'size': '1024'}
response = git_lfs_app.post_json(
'/repo/info/lfs/verify', params=params,
status=404)
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 'message': 'oid `missing` does not exists in store'
}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_verify_api_size_mismatch(self, git_lfs_app):
oid = 'existing'
fix(LFS): fixed LFSOidStorage, enbled LFS fetching on repo fetch, fixed tests and python3 transition related leftovers. Fixes: RCCE-8
r1194 oid_path = LFSOidStore(oid=oid, repo=None, store_location=git_lfs_app._store).oid_path
git-lfs: don't store oid under repo-path....
r181 if not os.path.isdir(os.path.dirname(oid_path)):
os.makedirs(os.path.dirname(oid_path))
git-lfs: added vcsserver handling of git-lfs objects....
r180 with open(oid_path, 'wb') as f:
python3: code change for py3 support...
r1048 f.write(safe_bytes('OID_CONTENT'))
git-lfs: added vcsserver handling of git-lfs objects....
r180
params = {'oid': oid, 'size': '1024'}
response = git_lfs_app.post_json(
'/repo/info/lfs/verify', params=params, status=422)
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 'message': 'requested file size mismatch store size:11 requested:1024'
}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_verify_api(self, git_lfs_app):
oid = 'existing'
fix(LFS): fixed LFSOidStorage, enbled LFS fetching on repo fetch, fixed tests and python3 transition related leftovers. Fixes: RCCE-8
r1194 oid_path = LFSOidStore(oid=oid, repo=None, store_location=git_lfs_app._store).oid_path
git-lfs: don't store oid under repo-path....
r181 if not os.path.isdir(os.path.dirname(oid_path)):
os.makedirs(os.path.dirname(oid_path))
git-lfs: added vcsserver handling of git-lfs objects....
r180 with open(oid_path, 'wb') as f:
python3: code change for py3 support...
r1048 f.write(safe_bytes('OID_CONTENT'))
git-lfs: added vcsserver handling of git-lfs objects....
r180
params = {'oid': oid, 'size': 11}
response = git_lfs_app.post_json(
'/repo/info/lfs/verify', params=params)
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 'message': {'size': 11, 'oid': oid}
}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_download_api_oid_not_existing(self, git_lfs_app):
oid = 'missing'
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 response = git_lfs_app.get(f'/repo/info/lfs/objects/{oid}', status=404)
git-lfs: added vcsserver handling of git-lfs objects....
r180
git-lfs: report returned data as 'application/vnd.git-lfs+json' instead of plain json
r198 assert json.loads(response.text) == {
py3: 2to3 run
r1044 'message': 'requested file with oid `missing` not found in store'}
git-lfs: added vcsserver handling of git-lfs objects....
r180
def test_app_download_api(self, git_lfs_app):
oid = 'existing'
fix(LFS): fixed LFSOidStorage, enbled LFS fetching on repo fetch, fixed tests and python3 transition related leftovers. Fixes: RCCE-8
r1194 oid_path = LFSOidStore(oid=oid, repo=None, store_location=git_lfs_app._store).oid_path
git-lfs: don't store oid under repo-path....
r181 if not os.path.isdir(os.path.dirname(oid_path)):
os.makedirs(os.path.dirname(oid_path))
git-lfs: added vcsserver handling of git-lfs objects....
r180 with open(oid_path, 'wb') as f:
python3: code change for py3 support...
r1048 f.write(safe_bytes('OID_CONTENT'))
git-lfs: added vcsserver handling of git-lfs objects....
r180
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 response = git_lfs_app.get(f'/repo/info/lfs/objects/{oid}')
git-lfs: added vcsserver handling of git-lfs objects....
r180 assert response
def test_app_upload(self, git_lfs_app):
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 oid = '65f23e22a9bfedda96929b3cfcb8b6d2fdd34a2e877ddb81f45d79ab05710e12'
git-lfs: added vcsserver handling of git-lfs objects....
r180
response = git_lfs_app.put(
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 f'/repo/info/lfs/objects/{oid}', params='CONTENT')
git-lfs: added vcsserver handling of git-lfs objects....
r180
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300 assert json.loads(response.text) == {'upload': 'ok', 'state': 'written'}
git-lfs: added vcsserver handling of git-lfs objects....
r180
# verify that we actually wrote that OID
fix(LFS): fixed LFSOidStorage, enbled LFS fetching on repo fetch, fixed tests and python3 transition related leftovers. Fixes: RCCE-8
r1194 oid_path = LFSOidStore(oid=oid, repo=None, store_location=git_lfs_app._store).oid_path
git-lfs: added vcsserver handling of git-lfs objects....
r180 assert os.path.isfile(oid_path)
assert 'CONTENT' == open(oid_path).read()
fix(git-lfs): fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids....
r1300
response = git_lfs_app.put(
f'/repo/info/lfs/objects/{oid}', params='CONTENT')
assert json.loads(response.text) == {'upload': 'ok', 'state': 'in-store'}
def test_app_upload_wrong_sha(self, git_lfs_app):
oid = 'i-am-a-wrong-sha'
response = git_lfs_app.put(f'/repo/info/lfs/objects/{oid}', params='CONTENT', status=400)
assert json.loads(response.text) == {
'message': 'oid i-am-a-wrong-sha does not match expected sha '
'65f23e22a9bfedda96929b3cfcb8b6d2fdd34a2e877ddb81f45d79ab05710e12'}
# check this OID wasn't written to store
response = git_lfs_app.get(f'/repo/info/lfs/objects/{oid}', status=404)
assert json.loads(response.text) == {'message': 'requested file with oid `i-am-a-wrong-sha` not found in store'}