-
Notifications
You must be signed in to change notification settings - Fork 791
/
interface_http.py
executable file
·172 lines (145 loc) · 7.2 KB
/
interface_http.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
#!/usr/bin/env python3
# Copyright (c) 2014-2019 The Bitcoin Core developers
# Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
"""Test the RPC HTTP basics."""
import http.client
import urllib.parse
from test_framework.test_framework import BitcoinTestFramework
from test_framework.util import assert_equal, str_to_b64str
class HTTPBasicsTest (BitcoinTestFramework):
def set_test_params(self):
self.num_nodes = 3
def setup_network(self):
self.extra_args = [["-rpccorsdomain=null"], [], []]
self.setup_nodes()
def run_test(self):
#
# lowlevel check for http persistent connection #
#
url = urllib.parse.urlparse(self.nodes[0].url)
authpair = url.username + ':' + url.password
headers = {"Authorization": "Basic " + str_to_b64str(authpair)}
conn = http.client.HTTPConnection(url.hostname, url.port)
conn.connect()
conn.request('POST', '/', '{"method": "getbestblockhash"}', headers)
out1 = conn.getresponse().read()
assert b'"error":null' in out1
assert conn.sock is not None
# according to http/1.1 connection must still be open!
# send 2nd request without closing connection
conn.request('POST', '/', '{"method": "getchaintips"}', headers)
out1 = conn.getresponse().read()
assert b'"error":null' in out1
# must also response with a correct json-rpc message
assert conn.sock is not None
# according to http/1.1 connection must still be open!
conn.close()
# same should be if we add keep-alive because this should be the std.
# behaviour
headers = {"Authorization": "Basic " +
str_to_b64str(authpair), "Connection": "keep-alive"}
conn = http.client.HTTPConnection(url.hostname, url.port)
conn.connect()
conn.request('POST', '/', '{"method": "getbestblockhash"}', headers)
out1 = conn.getresponse().read()
assert b'"error":null' in out1
assert conn.sock is not None
# according to http/1.1 connection must still be open!
# send 2nd request without closing connection
conn.request('POST', '/', '{"method": "getchaintips"}', headers)
out1 = conn.getresponse().read()
assert b'"error":null' in out1
# must also response with a correct json-rpc message
assert conn.sock is not None
# according to http/1.1 connection must still be open!
conn.close()
# now do the same with "Connection: close"
headers = {"Authorization": "Basic " +
str_to_b64str(authpair), "Connection": "close"}
conn = http.client.HTTPConnection(url.hostname, url.port)
conn.connect()
conn.request('POST', '/', '{"method": "getbestblockhash"}', headers)
out1 = conn.getresponse().read()
assert b'"error":null' in out1
assert conn.sock is None
# now the connection must be closed after the response
# node1 (2nd node) is running with disabled keep-alive option
urlNode1 = urllib.parse.urlparse(self.nodes[1].url)
authpair = urlNode1.username + ':' + urlNode1.password
headers = {"Authorization": "Basic " + str_to_b64str(authpair)}
conn = http.client.HTTPConnection(urlNode1.hostname, urlNode1.port)
conn.connect()
conn.request('POST', '/', '{"method": "getbestblockhash"}', headers)
out1 = conn.getresponse().read()
assert b'"error":null' in out1
# node2 (third node) is running with standard keep-alive parameters
# which means keep-alive is on
urlNode2 = urllib.parse.urlparse(self.nodes[2].url)
authpair = urlNode2.username + ':' + urlNode2.password
headers = {"Authorization": "Basic " + str_to_b64str(authpair)}
conn = http.client.HTTPConnection(urlNode2.hostname, urlNode2.port)
conn.connect()
conn.request('POST', '/', '{"method": "getbestblockhash"}', headers)
out1 = conn.getresponse().read()
assert b'"error":null' in out1
assert conn.sock is not None
# connection must be closed because bitcoind should use
# keep-alive by default
# Check excessive request size
conn = http.client.HTTPConnection(urlNode2.hostname, urlNode2.port)
conn.connect()
conn.request('GET', '/' + ('x' * 1000), '', headers)
out1 = conn.getresponse()
assert_equal(out1.status, http.client.NOT_FOUND)
conn = http.client.HTTPConnection(urlNode2.hostname, urlNode2.port)
conn.connect()
conn.request('GET', '/' + ('x' * 10000), '', headers)
out1 = conn.getresponse()
assert_equal(out1.status, http.client.BAD_REQUEST)
# Check Standard CORS request
origin = "null"
conn = http.client.HTTPConnection(url.hostname, url.port)
conn.connect()
authpair = url.username + ':' + url.password
headers = {"Authorization": "Basic " + str_to_b64str(authpair),
"Origin": origin}
conn.request('POST', '/', '{"method": "getbestblockhash"}', headers)
out1 = conn.getresponse()
assert_equal(out1.status, http.client.OK)
assert_equal(out1.headers["Access-Control-Allow-Origin"], origin)
assert_equal(out1.headers["Access-Control-Allow-Credentials"], "true")
assert_equal(out1.headers["Access-Control-Expose-Headers"],
"WWW-Authenticate")
assert b'"error":null' in out1.read()
# Check Pre-flight CORS request
corsheaders = {"Origin": origin,
"Access-Control-Request-Method": "POST"}
conn.request('OPTIONS', '/', None, corsheaders)
out1 = conn.getresponse()
assert_equal(out1.status, http.client.OK)
assert_equal(out1.headers["Access-Control-Allow-Origin"], origin)
assert_equal(out1.headers["Access-Control-Allow-Credentials"], "true")
assert_equal(out1.headers["Access-Control-Allow-Methods"], "POST")
assert_equal(out1.headers["Access-Control-Allow-Headers"],
"authorization,content-type")
assert_equal(b'', out1.read())
# Check Standard CORS request to node without CORS, expected failure
conn = http.client.HTTPConnection(urlNode2.hostname, urlNode2.port)
conn.connect()
authpair = url.username + ':' + url.password
headers = {"Authorization": "Basic " + str_to_b64str(authpair),
"Origin": origin}
conn.request('POST', '/', '{"method": "getbestblockhash"}', headers)
out1 = conn.getresponse()
assert_equal(out1.status, http.client.UNAUTHORIZED)
assert_equal(b'', out1.read())
# Check Pre-flight CORS request to node without CORS, expected failure
corsheaders = {"Origin": origin,
"Access-Control-Request-Method": "POST"}
conn.request('OPTIONS', '/', None, corsheaders)
out1 = conn.getresponse()
assert_equal(out1.status, http.client.METHOD_NOT_ALLOWED)
assert_equal(b'JSONRPC server handles only POST requests', out1.read())
if __name__ == '__main__':
HTTPBasicsTest().main()