assert_equal([['.', 'foo', 3]], assigns(:object).files)
end
+ test "viewing a collection with spaces in filename" do
+ show_collection(:w_a_z_file, :active)
+ assert_equal([['.', 'w a z', 5]], assigns(:object).files)
+ end
+
+ test "download a file with spaces in filename" do
+ collection = api_fixture('collections')['w_a_z_file']
+ fakepipe = IO.popen(['echo', '-n', 'w a z'], 'rb')
+ IO.expects(:popen).with { |cmd, mode|
+ cmd.include? "#{collection['uuid']}/w a z"
+ }.returns(fakepipe)
+ get :show_file, {
+ uuid: collection['uuid'],
+ file: 'w a z'
+ }, session_for(:active)
+ assert_response :success
+ assert_equal 'w a z', response.body
+ end
+
test "viewing a collection fetches related projects" do
show_collection({id: api_fixture('collections')["foo_file"]['portable_data_hash']}, :active)
assert_includes(assigns(:same_pdh).map(&:owner_uuid),
"controller did not find related log")
end
+ test "sharing auths available to admin" do
+ show_collection("collection_owned_by_active", "admin_trustedclient")
+ assert_not_nil assigns(:search_sharing)
+ end
+
+ test "sharing auths available to owner" do
+ show_collection("collection_owned_by_active", "active_trustedclient")
+ assert_not_nil assigns(:search_sharing)
+ end
+
+ test "sharing auths available to reader" do
+ show_collection("foo_collection_in_aproject",
+ "project_viewer_trustedclient")
+ assert_not_nil assigns(:search_sharing)
+ end
+
test "viewing collection files with a reader token" do
params = collection_params(:foo_file)
params[:reader_token] = api_fixture("api_client_authorizations",
"failed to get a correct file from Keep")
end
+ test 'anonymous download' do
+ Rails.configuration.anonymous_user_token =
+ api_fixture('api_client_authorizations')['anonymous']['api_token']
+ expect_content = stub_file_content
+ get :show_file, {
+ uuid: api_fixture('collections')['user_agreement_in_anonymously_accessible_project']['uuid'],
+ file: 'GNU_General_Public_License,_version_3.pdf',
+ }
+ assert_response :success
+ assert_equal expect_content, response.body
+ end
+
test "can't get a file from Keep without permission" do
params = collection_params(:foo_file, 'foo')
sess = session_for(:spectator)
"using a reader token set the session's API token")
end
- test "trying to get from Keep with an unscoped reader token prompts login" do
- params = collection_params(:foo_file, 'foo')
- params[:reader_token] =
- api_fixture('api_client_authorizations')['active_noscope']['api_token']
- get(:show_file, params)
- assert_response :redirect
+ [false, api_fixture('api_client_authorizations')['anonymous']['api_token']].
+ each do |anon_conf|
+ test "download a file using a reader token with insufficient scope (anon_conf=#{!!anon_conf})" do
+ Rails.configuration.anonymous_user_token = anon_conf
+ params = collection_params(:foo_file, 'foo')
+ params[:reader_token] =
+ api_fixture('api_client_authorizations')['active_noscope']['api_token']
+ get(:show_file, params)
+ if anon_conf
+ # Some files can be shown without a valid token, but not this one.
+ assert_response 404
+ else
+ # No files will ever be shown without a valid token. You
+ # should log in and try again.
+ assert_response :redirect
+ end
+ end
end
test "can get a file with an unpermissioned auth but in-scope reader token" do