def test_forbidden_custom_content_type(self, clean, name, response, step, init): ''' Ensure that when the client sends an incorrect authorization token, they receive a 403 Forbidden response. If configured, they should receive customized content and content-type. ''' state = object() init.return_value = (kerberos.AUTH_GSS_COMPLETE, state) step.side_effect = kerberos.GSSError("FAILURE") app = TestApp( KerberosAuthMiddleware(index, hostname='example.org', forbidden=('CUSTOM', 'text/html'))) r = app.get('/', headers={'Authorization': 'Negotiate CTOKEN'}, expect_errors=True) self.assertEqual(r.status, '403 Forbidden') self.assertEqual(r.status_int, 403) self.assertEqual(r.body, 'CUSTOM') self.assertEqual(r.headers['content-type'], 'text/html') self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')]) self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')]) self.assertEqual(name.mock_calls, []) self.assertEqual(response.mock_calls, []) self.assertEqual(clean.mock_calls, [mock.call(state)])
def test_authentication_invalid_but_not_required(self, clean, name, response, step, init): ''' Ensure that when a user's auth_required_callback returns False, and the request includes an invalid auth token, the invalid auth is ignored and the request is allowed through to the app. ''' state = object() init.return_value = (kerberos.AUTH_GSS_COMPLETE, state) step.side_effect = kerberos.GSSError("FAILURE") false = lambda x: False app = TestApp(KerberosAuthMiddleware(index, hostname='example.org', auth_required_callback=false)) r = app.get('/', headers={'Authorization': 'Negotiate CTOKEN'}) self.assertEqual(r.status, '200 OK') self.assertEqual(r.status_int, 200) self.assertEqual(r.body, b'Hello ANONYMOUS') self.assertEqual(r.headers.get('WWW-Authenticate'), None) self.assertEqual(r.headers['content-type'], 'text/plain') self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')]) self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')]) self.assertEqual(name.mock_calls, []) self.assertEqual(response.mock_calls, []) self.assertEqual(clean.mock_calls, [mock.call(state)])
def get_host_info(self, host): host, extra_headers, x509 = xmlrpclib.Transport.get_host_info(self, host) # Set the remote host principal h = host hostinfo = h.split(':') service = "HTTP@" + hostinfo[0] try: rc, vc = kerberos.authGSSClientInit(service); except kerberos.GSSError, e: raise kerberos.GSSError(e)
def test_forbidden(self, clean, name, response, step, init): ''' Ensure that when the client sends an incorrect authorization token, they receive a 403 Forbidden response. ''' state = object() init.return_value = (kerberos.AUTH_GSS_COMPLETE, state) step.side_effect = kerberos.GSSError("FAILURE") c = self.app.test_client() r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'}) self.assertEqual(r.status_code, 403) self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')]) self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')]) self.assertEqual(name.mock_calls, []) self.assertEqual(response.mock_calls, []) self.assertEqual(clean.mock_calls, [mock.call(state)])
class KerbTransport(SafeCookieTransport): """Handles Kerberos Negotiation authentication to an XML-RPC server.""" def get_host_info(self, host): host, extra_headers, x509 = xmlrpclib.Transport.get_host_info(self, host) # Set the remote host principal h = host hostinfo = h.split(':') service = "HTTP@" + hostinfo[0] try: rc, vc = kerberos.authGSSClientInit(service); except kerberos.GSSError, e: raise kerberos.GSSError(e) try: kerberos.authGSSClientStep(vc, ""); except kerberos.GSSError, e: raise kerberos.GSSError(e)
def test_forbidden(self, clean, name, response, step, init): ''' Ensure that when the client sends an incorrect authorization token, they receive a 403 Forbidden response. ''' state = object() init.return_value = (kerberos.AUTH_GSS_COMPLETE, state) step.side_effect = kerberos.GSSError("FAILURE") app = TestApp(KerberosAuthMiddleware(index)) r = app.get('/', headers={'Authorization': 'Negotiate CTOKEN'}, expect_errors=True) self.assertEqual(r.status, '403 Forbidden') self.assertEqual(r.status_int, 403) self.assertEqual(r.body, b'Forbidden') self.assertEqual(r.headers['content-type'], 'text/plain') self.assertEqual(init.mock_calls, [mock.call('')]) self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')]) self.assertEqual(name.mock_calls, []) self.assertEqual(response.mock_calls, []) self.assertEqual(clean.mock_calls, [mock.call(state)])