add another pending test
[coquelicot.git] / test_coquelicot.rb
1 $:.unshift File.join(File.dirname(__FILE__), '../rack-test/lib')
2
3 require 'sinatra'
4 require 'coquelicot'
5 require 'spec'
6 require 'rack/test'
7 require 'hpricot'
8 require 'tmpdir'
9
10 UPLOAD_PASSWORD = 'secret'
11
12 set :environment, :test
13 set :upload_password, Digest::SHA1.hexdigest(UPLOAD_PASSWORD)
14
15 describe 'Coquelicot' do
16   include Rack::Test::Methods
17
18   def app
19     Sinatra::Application
20   end
21
22   before do
23     Depot.instance.path = Dir.mktmpdir('coquelicot') #"#{Time.now.to_f}"
24   end
25
26   after do
27     FileUtils.remove_entry_secure Depot.instance.path
28   end
29
30   it "should offer an upload form" do
31     get '/'
32     last_response.should be_ok
33     doc = Hpricot(last_response.body)
34     (doc/"form#upload").should have(1).items
35   end
36
37   it "should accept an uploaded file" do
38     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
39                     'upload_password' => UPLOAD_PASSWORD
40     last_response.redirect?.should be_true
41     last_response['Location'].start_with?('ready/').should be_true
42   end
43
44   it "should allow retrieval of an uploaded file" do
45     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
46                     'upload_password' => UPLOAD_PASSWORD
47     follow_redirect!
48     last_response.should be_ok
49     doc = Hpricot(last_response.body)
50     url = (doc/'a').collect { |a| a.attributes['href'] }.
51       select { |h| h.start_with? "http://#{last_request.host}/" }[0]
52     get url
53     last_response.should be_ok
54     last_response['Content-Type'].should eql('text/x-script.ruby')
55     last_response.body.should eql(File.new(__FILE__).read)
56   end
57
58   it "should prevent upload without a password" do
59     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby')
60     last_response.status.should eql(403)
61   end
62
63   it "should prevent upload with a wrong password" do
64     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
65                     'upload_password' => "bad"
66     last_response.status.should eql(403)
67   end
68
69   it "should not store an uploaded file in cleartext" do
70     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
71                     'upload_password' => UPLOAD_PASSWORD
72     last_response.redirect?.should be_true
73     files = Dir.glob("#{Depot.instance.path}/*")
74     files.should have(1).items
75     File.new(files[0]).read().should_not include('should not store an uploaded file')
76   end
77
78   it "should generate a random URL to retrieve a file" do
79     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
80                     'upload_password' => UPLOAD_PASSWORD
81     last_response.redirect?.should be_true
82     last_response['Location'].should_not include(File.basename(__FILE__))
83   end
84
85   it "should store files with a different name than then one in URL" do
86     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
87                     'upload_password' => UPLOAD_PASSWORD
88     last_response.redirect?.should be_true
89     url_name = last_response['Location'].split('/')[-1]
90     files = Dir.glob("#{Depot.instance.path}/*")
91     files.should have(1).items
92     url_name.should_not eql(File.basename(files[0]))
93   end
94
95   it "should encode the encryption key in URL when no password has been specified" do
96     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
97                     'upload_password' => UPLOAD_PASSWORD
98     last_response.redirect?.should be_true
99     url_name = last_response['Location'].split('/')[-1]
100     url_name.split('-').should have(2).items
101   end
102
103   it "should not encode the encryption key in URL when a password has been specified" do
104     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
105                     'file_key' => 'somethingSecret',
106                     'upload_password' => UPLOAD_PASSWORD
107     last_response.redirect?.should be_true
108     url_name = last_response['Location'].split('/')[-1]
109     url_name.split('-').should have(1).items
110   end
111
112   it "should give a random password when asked"
113
114   it "should allow retrieval of a password protected file" do
115     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
116                     'file_key' => 'somethingSecret',
117                     'upload_password' => UPLOAD_PASSWORD
118     last_response.redirect?.should be_true
119     follow_redirect!
120     last_response.should be_ok
121     doc = Hpricot(last_response.body)
122     url = (doc/'a').collect { |a| a.attributes['href'] }.
123       select { |h| h.start_with? "http://#{last_request.host}/" }[0]
124     get url
125     last_response.should be_ok
126     doc = Hpricot(last_response.body)
127     (doc/'input#file_key').should have(1).items
128     url = (doc/'form')[0].attributes['action']
129     post url, 'file_key' => 'somethingSecret'
130     last_response.should be_ok
131     last_response['Content-Type'].should eql('text/x-script.ruby')
132     last_response.body.should eql(File.new(__FILE__).read)
133   end
134
135   it "should not allow retrieval of a password protected file without the password" do
136     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
137                     'file_key' => 'somethingSecret',
138                     'upload_password' => UPLOAD_PASSWORD
139     last_response.redirect?.should be_true
140     follow_redirect!
141     last_response.should be_ok
142     doc = Hpricot(last_response.body)
143     url = (doc/'a').collect { |a| a.attributes['href'] }.
144       select { |h| h.start_with? "http://#{last_request.host}/" }[0]
145     get url
146     last_response.should be_ok
147     last_response['Content-Type'].should_not eql('text/x-script.ruby')
148     post url
149     last_response.status.should eql(403)
150   end
151
152   it "should not allow retrieval of a password protected file with a wrong password" do
153     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
154                     'file_key' => 'somethingSecret',
155                     'upload_password' => UPLOAD_PASSWORD
156     last_response.redirect?.should be_true
157     follow_redirect!
158     last_response.should be_ok
159     doc = Hpricot(last_response.body)
160     url = (doc/'a').collect { |a| a.attributes['href'] }.
161       select { |h| h.start_with? "http://#{last_request.host}/" }[0]
162     get url
163     post url, 'file_key' => 'BAD'
164     last_response.status.should eql(403)
165   end
166
167   it "should not allow retrieval after the time limit has expired"
168
169   it "should cleanup expired files"
170
171   it "should map extra base32 characters to filenames"
172 end