implement 'should not encode the encryption key in URL when a password has been speci...
[coquelicot.git] / test_coquelicot.rb
1 $:.unshift File.join(File.dirname(__FILE__), '../rack-test/lib')
2
3 require 'sinatra'
4 require 'coquelicot'
5 require 'spec'
6 require 'rack/test'
7 require 'hpricot'
8 require 'tmpdir'
9
10 UPLOAD_PASSWORD = 'secret'
11
12 set :environment, :test
13 set :upload_password, Digest::SHA1.hexdigest(UPLOAD_PASSWORD)
14
15 describe 'Coquelicot' do
16   include Rack::Test::Methods
17
18   def app
19     Sinatra::Application
20   end
21
22   before do
23     Depot.instance.path = Dir.mktmpdir('coquelicot') #"#{Time.now.to_f}"
24   end
25
26   after do
27     FileUtils.remove_entry_secure Depot.instance.path
28   end
29
30   it "should offer an upload form" do
31     get '/'
32     last_response.should be_ok
33     doc = Hpricot(last_response.body)
34     (doc/"form#upload").should have(1).items
35   end
36
37   it "should accept an uploaded file" do
38     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
39                     'upload_password' => UPLOAD_PASSWORD
40     last_response.redirect?.should be_true
41     last_response['Location'].start_with?('ready/').should be_true
42   end
43
44   it "should allow retrieval of an uploaded file" do
45     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
46                     'upload_password' => UPLOAD_PASSWORD
47     follow_redirect!
48     last_response.should be_ok
49     doc = Hpricot(last_response.body)
50     url = (doc/'a').collect { |a| a.attributes['href'] }.
51       select { |h| h.start_with? "http://#{last_request.host}/" }[0]
52     get url
53     last_response.should be_ok
54     last_response['Content-Type'].should eql('text/x-script.ruby')
55     last_response.body.should eql(File.new(__FILE__).read)
56   end
57
58   it "should prevent upload without a password" do
59     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby')
60     last_response.status.should eql(403)
61   end
62
63   it "should prevent upload with a wrong password" do
64     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
65                     'upload_password' => "bad"
66     last_response.status.should eql(403)
67   end
68
69   it "should not store an uploaded file in cleartext" do
70     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
71                     'upload_password' => UPLOAD_PASSWORD
72     last_response.redirect?.should be_true
73     files = Dir.glob("#{Depot.instance.path}/*")
74     files.should have(1).items
75     File.new(files[0]).read().should_not include('should not store an uploaded file')
76   end
77
78   it "should generate a random URL to retrieve a file" do
79     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
80                     'upload_password' => UPLOAD_PASSWORD
81     last_response.redirect?.should be_true
82     last_response['Location'].should_not include(File.basename(__FILE__))
83   end
84
85   it "should store files with a different name than then one in URL" do
86     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
87                     'upload_password' => UPLOAD_PASSWORD
88     last_response.redirect?.should be_true
89     url_name = last_response['Location'].split('/')[-1]
90     files = Dir.glob("#{Depot.instance.path}/*")
91     files.should have(1).items
92     url_name.should_not eql(File.basename(files[0]))
93   end
94
95   it "should encode the encryption key in URL when no password has been specified" do
96     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
97                     'upload_password' => UPLOAD_PASSWORD
98     last_response.redirect?.should be_true
99     url_name = last_response['Location'].split('/')[-1]
100     url_name.split('-').should have(2).items
101   end
102
103   it "should not encode the encryption key in URL when a password has been specified" do
104     post '/upload', 'file' => Rack::Test::UploadedFile.new(__FILE__, 'text/x-script.ruby'),
105                     'file_key' => 'somethingSecret',
106                     'upload_password' => UPLOAD_PASSWORD
107     last_response.redirect?.should be_true
108     url_name = last_response['Location'].split('/')[-1]
109     url_name.split('-').should have(1).items
110   end
111
112   it "should give a random password when asked"
113
114   it "should allow retrieval of a password protected file"
115
116   it "should not allow retrieval of a password protected file without the password"
117
118   it "should not allow retrieval after the time limit has expired"
119
120   it "should cleanup expired files"
121 end