TestPublicShareHandlerRules ensures that owner rules keep applying to paths below a shared directory, even though the share rebases the filesystem onto that directory. A deny rule relative to the owner's scope must not be bypassable by requesting the blocked path through the public share.
(t *testing.T)
| 149 | // that directory. A deny rule relative to the owner's scope must not be |
| 150 | // bypassable by requesting the blocked path through the public share. |
| 151 | func TestPublicShareHandlerRules(t *testing.T) { |
| 152 | t.Parallel() |
| 153 | |
| 154 | testCases := map[string]struct { |
| 155 | handler handleFunc |
| 156 | path string |
| 157 | expectedStatusCode int |
| 158 | }{ |
| 159 | "blocked file via dl handler, 403": { |
| 160 | handler: publicDlHandler, |
| 161 | path: "h/private/secret.txt", |
| 162 | expectedStatusCode: 403, |
| 163 | }, |
| 164 | "blocked dir listing via share handler, 403": { |
| 165 | handler: publicShareHandler, |
| 166 | path: "h/private/", |
| 167 | expectedStatusCode: 403, |
| 168 | }, |
| 169 | "blocked dir download via dl handler, 403": { |
| 170 | handler: publicDlHandler, |
| 171 | path: "h/private/", |
| 172 | expectedStatusCode: 403, |
| 173 | }, |
| 174 | "allowed file via dl handler, 200": { |
| 175 | handler: publicDlHandler, |
| 176 | path: "h/public/readme.txt", |
| 177 | expectedStatusCode: 200, |
| 178 | }, |
| 179 | "allowed dir listing via share handler, 200": { |
| 180 | handler: publicShareHandler, |
| 181 | path: "h/public/", |
| 182 | expectedStatusCode: 200, |
| 183 | }, |
| 184 | } |
| 185 | |
| 186 | for name, tc := range testCases { |
| 187 | name, tc := name, tc |
| 188 | t.Run(name, func(t *testing.T) { |
| 189 | t.Parallel() |
| 190 | |
| 191 | dbPath := filepath.Join(t.TempDir(), "db") |
| 192 | db, err := storm.Open(dbPath) |
| 193 | if err != nil { |
| 194 | t.Fatalf("failed to open db: %v", err) |
| 195 | } |
| 196 | t.Cleanup(func() { |
| 197 | if err := db.Close(); err != nil { |
| 198 | t.Errorf("failed to close db: %v", err) |
| 199 | } |
| 200 | }) |
| 201 | |
| 202 | storage, err := bolt.NewStorage(db) |
| 203 | if err != nil { |
| 204 | t.Fatalf("failed to get storage: %v", err) |
| 205 | } |
| 206 | if err := storage.Share.Save(&share.Link{Hash: "h", UserID: 1, Path: "/projects"}); err != nil { |
| 207 | t.Fatalf("failed to save share: %v", err) |
| 208 | } |
nothing calls this directly
no test coverage detected