Revision 6cce0301
Added by koszko over 1 year ago
test/haketilo_test/unit/test_haketilo_apis.py | ||
---|---|---|
30 | 30 |
def background_script(): |
31 | 31 |
return load_script('background/CORS_bypass_server.js') + ';\nstart();' |
32 | 32 |
|
33 |
resource_url = 'https://anotherdoma.in/resource/blocked/by/CORS.json' |
|
34 |
|
|
33 | 35 |
@pytest.mark.ext_data({ |
34 | 36 |
'content_script': content_script, |
35 | 37 |
'background_script': background_script |
... | ... | |
41 | 43 |
Haketilo API. |
42 | 44 |
""" |
43 | 45 |
driver.get('https://gotmyowndoma.in/') |
44 |
driver.execute_script( |
|
46 |
|
|
47 |
# First, verify that it is impossible to normally fetch the resource. |
|
48 |
with pytest.raises(Exception, match='NetworkError'): |
|
49 |
driver.execute_script('return fetch(arguments[0]);', resource_url) |
|
50 |
|
|
51 |
# First, verify that it is possible to fetch the resource using API. |
|
52 |
response = driver.execute_script( |
|
45 | 53 |
''' |
46 | 54 |
const fetch_arg = { |
47 |
url: "https://anotherdoma.in/resource/blocked/by/CORS.json", |
|
48 |
init: {} |
|
55 |
url: arguments[0], |
|
56 |
init: {}, |
|
57 |
verify_that_nonstandard_properties_are_ignored: ":)" |
|
49 | 58 |
}; |
50 | 59 |
|
51 | 60 |
const detail = { |
52 | 61 |
data: JSON.stringify(fetch_arg), |
53 |
id: "abcdef" |
|
62 |
id: "abcdef", |
|
63 |
nonstandard_properties_verify_that_ignored_are: ":o" |
|
54 | 64 |
}; |
55 | 65 |
|
66 |
let cb, done = new Promise(_cb => cb = _cb); |
|
56 | 67 |
window.addEventListener("haketilo_CORS_bypass-abcdef", |
57 |
e => window.__response = e.detail);
|
|
68 |
e => cb(JSON.parse(e.detail)));
|
|
58 | 69 |
window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", {detail})); |
59 |
''') |
|
60 | 70 |
|
61 |
get_response = lambda d: d.execute_script("return window.__response;")
|
|
62 |
response = WebDriverWait(driver, 10).until(get_response)
|
|
63 |
response = json.loads(response)
|
|
71 |
return done;
|
|
72 |
''',
|
|
73 |
resource_url)
|
|
64 | 74 |
|
65 | 75 |
assert response['body'] == some_data.encode().hex() |
66 | 76 |
assert response['status'] == 200 |
67 | 77 |
assert type(response['headers']) is list |
78 |
|
|
79 |
@pytest.mark.ext_data({ |
|
80 |
'content_script': content_script, |
|
81 |
'background_script': background_script |
|
82 |
}) |
|
83 |
@pytest.mark.usefixtures('webextension') |
|
84 |
@pytest.mark.parametrize('error', [ |
|
85 |
'bad url', |
|
86 |
'no_url', |
|
87 |
'non_string_url', |
|
88 |
'non_object_init', |
|
89 |
'non_object_detail', |
|
90 |
'non_string_id', |
|
91 |
'non_string_data' |
|
92 |
]) |
|
93 |
def test_haketilo_apis_CORS_bypass_errors(driver, error): |
|
94 |
""" |
|
95 |
Verify errors are returned properly by CORS_bypass API. |
|
96 |
""" |
|
97 |
data = { |
|
98 |
'bad_url': {'url': 'muahahahaha', 'init': {}}, |
|
99 |
'no_url': {'init': {}}, |
|
100 |
'non_string_url': {'url': {}, 'init': {}}, |
|
101 |
'non_object_init': {'url': {}, 'init': ":d"}, |
|
102 |
}.get(error, {'url': resource_url, 'init': {}}) |
|
103 |
|
|
104 |
detail = { |
|
105 |
'non_object_detail': '!!!', |
|
106 |
'non_string_id': {'data': json.dumps(data), 'id': None}, |
|
107 |
'non_string_data': {'data': data, 'id': 'abcdef'} |
|
108 |
}.get(error, {'data': json.dumps(data), 'id': 'abcdef'}) |
|
109 |
|
|
110 |
driver.get('https://gotmyowndoma.in/') |
|
111 |
|
|
112 |
result = driver.execute_script( |
|
113 |
''' |
|
114 |
let cb, done = new Promise(_cb => cb = _cb); |
|
115 |
window.addEventListener("haketilo_CORS_bypass-abcdef", |
|
116 |
e => cb(JSON.parse(e.detail))); |
|
117 |
window.dispatchEvent(new CustomEvent("haketilo_CORS_bypass", |
|
118 |
{detail: arguments[0]})); |
|
119 |
setTimeout(() => cb("timeout"), 5000); |
|
120 |
|
|
121 |
return done; |
|
122 |
''', |
|
123 |
detail) |
|
124 |
|
|
125 |
if error in {'bad_url', 'no_url', 'non_string_url', 'non_object_init'}: |
|
126 |
assert result['error']['name'] == 'TypeError' |
|
127 |
|
|
128 |
if error in {'non_object_detail', 'non_string_id', 'non_string_data'}: |
|
129 |
assert result == 'timeout' |
Also available in: Unified diff
add more tests for CORS bypassing feature