Resolves#241
@willrogers points out that `pypiuploader` appears to be a dead project,
so we'll remove specific instructions for it in the docs, unless it
is confirmed to be otherwise.
Thanks for your PR! I was wondering why everyone kept complaining about
`bcrypt`, when my local tests were succeeding just fine, so I spent
some time making the docker test script replicate the error.
Turns out the `.htpasswd` files I was generating were using md5, so they
were not triggering the error. The htpasswd file in this update does
use bcrypt encryption, so it triggers a 500 error on the previous
version of the Dockerfile.
I also updated the test to be a bit more thorough, validating an
authenticated upload in addition to just making sure the server is
running.
The only other change I made was to move `requirements.txt` into a more
specific `docker-requirements.txt` file, just to make it clear that its
intention is to be a part of the docker build and not the normal install
process.
Resolves#237
Previously, we were not running any sort of URL escaping on values
passed in from the client that were used for redirects. This allowed
injection attacks via URL encoded newlines in the original request.
This update ensures that all user-supplied paths that are used as
components of redirects are passed through `urllib.parse.quote()`
(or the python 2 equivalent) prior to being used in a redirect
response.
Also specified 127.0.0.1 rather than 0.0.0.0 (the default) in server
tests to avoid triggering firewall dialogs when testing on MacOS
Resolves#226
Cleaned up `test_server.py` a bit:
* Call `twine` via `Popen` instead of using their internal API, which
should help us from having to fix twine tests as often
* Cleaned up fixtures
* Some PEP8 updates and general formatting
* Grouped test fixtures and functions all before the tests themselves
* Refactored `updae()` into several single-responsibility functions
* Added tests for said functions
* Some PEP 008 cleanup
* Imported standard `__future__` imports in `manage.py` and its test
module
