From c8781392be3132bd101fd2b2fb41cfcd10c26b04 Mon Sep 17 00:00:00 2001 From: Lex Berezhny Date: Tue, 6 Apr 2021 15:19:34 -0400 Subject: [PATCH] added unit test for Access-Control HTTP headers --- lbry/extras/daemon/daemon.py | 3 +- .../lbrynet_daemon/test_allowed_origin.py | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/lbry/extras/daemon/daemon.py b/lbry/extras/daemon/daemon.py index 243e106f2..e211b5eb2 100644 --- a/lbry/extras/daemon/daemon.py +++ b/lbry/extras/daemon/daemon.py @@ -542,14 +542,13 @@ class Daemon(metaclass=JSONRPCServerType): async def add_cors_headers(self, request): if self.conf.allowed_origin: - response = web.Response( + return web.Response( headers={ 'Access-Control-Allow-Origin': self.conf.allowed_origin, 'Access-Control-Allow-Methods': self.conf.allowed_origin, 'Access-Control-Allow-Headers': self.conf.allowed_origin, } ) - return response return None async def handle_old_jsonrpc(self, request): diff --git a/tests/unit/lbrynet_daemon/test_allowed_origin.py b/tests/unit/lbrynet_daemon/test_allowed_origin.py index 230210202..e9fc7c247 100644 --- a/tests/unit/lbrynet_daemon/test_allowed_origin.py +++ b/tests/unit/lbrynet_daemon/test_allowed_origin.py @@ -1,11 +1,19 @@ import unittest +from aiohttp import ClientSession from aiohttp.test_utils import make_mocked_request as request from aiohttp.web import HTTPForbidden from lbry.testcase import AsyncioTestCase from lbry.conf import Config from lbry.extras.daemon.security import is_request_allowed as allowed, ensure_request_allowed as ensure +from lbry.extras.daemon.components import ( + DATABASE_COMPONENT, BLOB_COMPONENT, WALLET_COMPONENT, DHT_COMPONENT, + HASH_ANNOUNCER_COMPONENT, FILE_MANAGER_COMPONENT, PEER_PROTOCOL_SERVER_COMPONENT, + UPNP_COMPONENT, EXCHANGE_RATE_MANAGER_COMPONENT, WALLET_SERVER_PAYMENTS_COMPONENT, + LIBTORRENT_COMPONENT +) +from lbry.extras.daemon.daemon import Daemon class TestAllowedOrigin(unittest.TestCase): @@ -51,3 +59,38 @@ class TestAllowedOrigin(unittest.TestCase): ensure(request('GET', '/', headers={'Origin': 'hackers.com'}), conf) self.assertIn("'hackers.com' are not allowed", log.output[0]) self.assertIn("'allowed_origin' limits requests to: 'localhost'", log.output[0]) + + +class TestAccessHeaders(AsyncioTestCase): + + async def asyncSetUp(self): + conf = Config(allowed_origin='localhost') + conf.data_dir = '/tmp' + conf.share_usage_data = False + conf.api = 'localhost:5299' + conf.components_to_skip = ( + DATABASE_COMPONENT, BLOB_COMPONENT, WALLET_COMPONENT, DHT_COMPONENT, + HASH_ANNOUNCER_COMPONENT, FILE_MANAGER_COMPONENT, PEER_PROTOCOL_SERVER_COMPONENT, + UPNP_COMPONENT, EXCHANGE_RATE_MANAGER_COMPONENT, WALLET_SERVER_PAYMENTS_COMPONENT, + LIBTORRENT_COMPONENT + ) + Daemon.component_attributes = {} + self.daemon = Daemon(conf) + await self.daemon.start() + self.addCleanup(self.daemon.stop) + + async def test_headers(self): + async with ClientSession() as session: + + # OPTIONS + async with session.options('http://localhost:5299') as resp: + self.assertEqual(resp.headers['Access-Control-Allow-Origin'], 'localhost') + self.assertEqual(resp.headers['Access-Control-Allow-Methods'], 'localhost') + self.assertEqual(resp.headers['Access-Control-Allow-Headers'], 'localhost') + + # GET + status = {'method': 'status', 'params': []} + async with session.get('http://localhost:5299/lbryapi', json=status) as resp: + self.assertEqual(resp.headers['Access-Control-Allow-Origin'], 'localhost') + self.assertEqual(resp.headers['Access-Control-Allow-Methods'], 'localhost') + self.assertEqual(resp.headers['Access-Control-Allow-Headers'], 'localhost')