##// END OF EJS Templates
test /files/ gives 403 on hidden files
MinRK -
Show More
@@ -0,0 +1,52 b''
1 # coding: utf-8
2 """Test the /files/ handler."""
3
4 import io
5 import os
6 from unicodedata import normalize
7
8 pjoin = os.path.join
9
10 import requests
11
12 from IPython.html.utils import url_path_join
13 from .launchnotebook import NotebookTestBase
14 from IPython.utils import py3compat
15
16 class FilesTest(NotebookTestBase):
17 def test_hidden_files(self):
18 not_hidden = [
19 u'å b',
20 pjoin(u'å b/ç. d')
21 ]
22 hidden = [
23 u'.å b',
24 pjoin(u'å b/.ç d')
25 ]
26 dirs = not_hidden + hidden
27
28 nbdir = self.notebook_dir.name
29 for d in dirs:
30 path = pjoin(nbdir, d.replace('/', os.path.sep))
31 if not os.path.exists(path):
32 os.mkdir(path)
33 with io.open(pjoin(path, 'foo'), 'w', encoding='utf8') as f:
34 f.write(path)
35 with io.open(pjoin(path, '.foo'), 'w', encoding='utf8') as f:
36 f.write(path + '.foo')
37 url = self.base_url()
38
39 for d in not_hidden:
40 path = pjoin(nbdir, d.replace('/', os.path.sep))
41 r = requests.get(url_path_join(url, 'files', d, 'foo'))
42 r.raise_for_status()
43 reply = py3compat.cast_unicode(r.content)
44 self.assertEqual(normalize('NFC', path), normalize('NFC', reply))
45 r = requests.get(url_path_join(url, 'files', d, '.foo'))
46 self.assertEqual(r.status_code, 403)
47
48 for d in hidden:
49 path = pjoin(nbdir, d.replace('/', os.path.sep))
50 for foo in ('foo', '.foo'):
51 r = requests.get(url_path_join(url, 'files', d, foo))
52 self.assertEqual(r.status_code, 403)
@@ -102,10 +102,12 b' class APITest(NotebookTestBase):'
102 102 nbdir = self.notebook_dir.name
103 103
104 104 for d in self.dirs:
105 d.replace('/', os.path.sep)
105 106 if not os.path.isdir(pjoin(nbdir, d)):
106 107 os.mkdir(pjoin(nbdir, d))
107 108
108 109 for d, name in self.dirs_nbs:
110 d = d.replace('/', os.path.sep)
109 111 with io.open(pjoin(nbdir, d, '%s.ipynb' % name), 'w') as f:
110 112 nb = new_notebook(name=name)
111 113 write(nb, f, format='ipynb')
General Comments 0
You need to be logged in to leave comments. Login now