Ejemplo n.º 1
0
 def test_auth_with_no_password_callbacks(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertEquals(scheme.authenticated_userid(request), None)
Ejemplo n.º 2
0
 def test_rfc2617_example(self):
     password = "******"
     params = {"username": "******",
               "realm": "*****@*****.**",
               "nonce": "dcd98b7102dd2f0e8b11d0f600bfb0c093",
               "uri": "/dir/index.html",
               "qop": "auth",
               "nc": "00000001",
               "cnonce": "0a4f113b",
               "opaque": "5ccc069c403ebaf9f0171e9517f40e41"}
     http_auth_policy = HttpAuthPolicy("*****@*****.**", 'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy,
                               nonce_manager=EasyNonceManager())
     # Calculate the response according to the RFC example parameters.
     request = make_request(REQUEST_METHOD="GET",
                            PATH_INFO="/dir/index.html")
     resp = utils.calculate_digest_response(params, request, password=password)
     # Check that it's as expected from the RFC example section.
     self.assertEquals(resp, "6629fae49393a05397450978507c4ef1")
     # Check that we can auth using it.
     params["response"] = resp
     set_authz_header(request, params)
     self.assertEquals(scheme.unauthenticated_userid(request), "Mufasa")
     self.assertEquals(scheme.authenticated_userid(request), "Mufasa")
Ejemplo n.º 3
0
 def test_rfc2617_example(self):
     password = "******"
     params = {
         "username": "******",
         "realm": "*****@*****.**",
         "nonce": "dcd98b7102dd2f0e8b11d0f600bfb0c093",
         "uri": "/dir/index.html",
         "qop": "auth",
         "nc": "00000001",
         "cnonce": "0a4f113b",
         "opaque": "5ccc069c403ebaf9f0171e9517f40e41"
     }
     http_auth_policy = HttpAuthPolicy(
         "*****@*****.**",
         'digest',
         get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy,
                               nonce_manager=EasyNonceManager())
     # Calculate the response according to the RFC example parameters.
     request = make_request(REQUEST_METHOD="GET",
                            PATH_INFO="/dir/index.html")
     resp = utils.calculate_digest_response(params,
                                            request,
                                            password=password)
     # Check that it's as expected from the RFC example section.
     self.assertEquals(resp, "6629fae49393a05397450978507c4ef1")
     # Check that we can auth using it.
     params["response"] = resp
     set_authz_header(request, params)
     self.assertEquals(scheme.unauthenticated_userid(request), "Mufasa")
     self.assertEquals(scheme.authenticated_userid(request), "Mufasa")
Ejemplo n.º 4
0
 def test_auth_with_no_password_callbacks(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertEquals(scheme.authenticated_userid(request), None)
Ejemplo n.º 5
0
 def test_auth_good_get_with_vars(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(REQUEST_METHOD="GET", PATH_INFO="/hi?who=me")
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertEquals(scheme.authenticated_userid(request), 'tester')
Ejemplo n.º 6
0
 def test_auth_good_get_with_vars(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                       'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(REQUEST_METHOD="GET", PATH_INFO="/hi?who=me")
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertEquals(scheme.authenticated_userid(request), 'tester')
Ejemplo n.º 7
0
 def test_login_required(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     res = scheme.login_required(request)
     self.assertEqual(res.status_code, 401)
     www_authenticate = res.headers.get('www-authenticate')
     www_authenticate = www_authenticate.lower()
     self.assertTrue(www_authenticate.startswith('digest'))
Ejemplo n.º 8
0
 def test_login_required(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     res = scheme.login_required(request)
     self.assertEqual(res.status_code, 401)
     www_authenticate = res.headers.get('www-authenticate')
     www_authenticate = www_authenticate.lower()
     self.assertTrue(www_authenticate.startswith('digest'))
Ejemplo n.º 9
0
 def test_auth_with_failed_password_lookup(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest',
                                       get_password=lambda usr: None)
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertEquals(scheme.unauthenticated_userid(request), "tester")
     self.assertEquals(scheme.authenticated_userid(request), None)
Ejemplo n.º 10
0
 def test_auth_good_legacy_mode(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(REQUEST_METHOD="GET", PATH_INFO="/legacy")
     params = get_challenge(scheme, request)
     params = build_response(params, request, "tester", "testing", qop=None)
     self.failIf("qop" in params)
     self.assertTrue(scheme._authenticate(request, params))
Ejemplo n.º 11
0
 def test_with_correct_password(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertEqual(scheme.unauthenticated_userid(request), 'tester')
     self.assertEqual(scheme.authenticated_userid(request), 'tester')
Ejemplo n.º 12
0
 def test_auth_with_different_realm(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     params["realm"] = "other-realm"
     build_response(params, request, "tester", "testing")
     self.assertEquals(scheme.unauthenticated_userid(request), None)
     self.assertEquals(scheme.authenticated_userid(request), None)
Ejemplo n.º 13
0
 def test_auth_good_authint_mode(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(REQUEST_METHOD="GET", PATH_INFO="/authint",
                            HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
     params = get_challenge(scheme, request)
     params = build_response(params, request, "tester", "testing",
                             qop="auth-int")
     self.assertTrue(scheme._authenticate(request, params))
Ejemplo n.º 14
0
 def test_auth_with_failed_password_lookup(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                       'digest',
                                       get_password=lambda usr: None)
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertEquals(scheme.unauthenticated_userid(request), "tester")
     self.assertEquals(scheme.authenticated_userid(request), None)
Ejemplo n.º 15
0
 def test_with_correct_password(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                       'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertEqual(scheme.unauthenticated_userid(request), 'tester')
     self.assertEqual(scheme.authenticated_userid(request), 'tester')
Ejemplo n.º 16
0
    def test_with_wrong_authorization_header(self):
        http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
        scheme = HttpDigestScheme(http_auth_policy)
        request = make_request(HTTP_AUTHORIZATION='Digest ha ha ha')
        self.assertIsNone(scheme.unauthenticated_userid(request))
        self.assertIsNone(scheme.authenticated_userid(request))

        request = make_request(HTTP_AUTHORIZATION='Digest realm=Sync')
        self.assertIsNone(scheme.unauthenticated_userid(request))
        self.assertIsNone(scheme.authenticated_userid(request))
Ejemplo n.º 17
0
 def test_auth_good_legacy_mode(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                       'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(REQUEST_METHOD="GET", PATH_INFO="/legacy")
     params = get_challenge(scheme, request)
     params = build_response(params, request, "tester", "testing", qop=None)
     self.failIf("qop" in params)
     self.assertTrue(scheme._authenticate(request, params))
Ejemplo n.º 18
0
 def test_auth_with_different_realm(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                       'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     params["realm"] = "other-realm"
     build_response(params, request, "tester", "testing")
     self.assertEquals(scheme.unauthenticated_userid(request), None)
     self.assertEquals(scheme.authenticated_userid(request), None)
Ejemplo n.º 19
0
 def test_auth_with_invalid_content_md5(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(REQUEST_METHOD="GET", PATH_INFO="/authint",
                            HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
     params = get_challenge(scheme, request)
     params = build_response(params, request, "tester", "testing",
                             qop="auth-int")
     request.environ["HTTP_CONTENT_MD5"] = "8baNZjN6gc+g0gdhccuiqA=="
     self.assertEquals(scheme._authenticate(request, params), False)
Ejemplo n.º 20
0
 def test_identify_with_mismatched_uri(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(PATH_INFO="/path_one")
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertNotEqual(scheme.unauthenticated_userid(request), None)
     request = make_request(PATH_INFO="/path_one")
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     request.PATH_INFO = '/path_two'
     self.assertEquals(scheme.unauthenticated_userid(request), None)
Ejemplo n.º 21
0
 def test_auth_with_missing_nonce(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     authz = request.environ["HTTP_AUTHORIZATION"]
     authz = authz.replace("nonce", " notanonce")
     request.environ["HTTP_AUTHORIZATION"] = authz
     self.assertEquals(scheme.unauthenticated_userid(request), None)
     self.assertEquals(scheme.authenticated_userid(request), None)
Ejemplo n.º 22
0
 def test_identify_with_mismatched_uri(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(PATH_INFO="/path_one")
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     self.assertNotEqual(scheme.unauthenticated_userid(request), None)
     request = make_request(PATH_INFO="/path_one")
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     request.PATH_INFO = '/path_two'
     self.assertEquals(scheme.unauthenticated_userid(request), None)
Ejemplo n.º 23
0
 def test_auth_with_missing_nonce(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                       'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     build_response(params, request, "tester", "testing")
     authz = request.environ["HTTP_AUTHORIZATION"]
     authz = authz.replace("nonce", " notanonce")
     request.environ["HTTP_AUTHORIZATION"] = authz
     self.assertEquals(scheme.unauthenticated_userid(request), None)
     self.assertEquals(scheme.authenticated_userid(request), None)
Ejemplo n.º 24
0
 def test_auth_good_authint_mode(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                       'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(REQUEST_METHOD="GET",
                            PATH_INFO="/authint",
                            HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
     params = get_challenge(scheme, request)
     params = build_response(params,
                             request,
                             "tester",
                             "testing",
                             qop="auth-int")
     self.assertTrue(scheme._authenticate(request, params))
Ejemplo n.º 25
0
 def test_auth_with_invalid_content_md5(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                       'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request(REQUEST_METHOD="GET",
                            PATH_INFO="/authint",
                            HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
     params = get_challenge(scheme, request)
     params = build_response(params,
                             request,
                             "tester",
                             "testing",
                             qop="auth-int")
     request.environ["HTTP_CONTENT_MD5"] = "8baNZjN6gc+g0gdhccuiqA=="
     self.assertEquals(scheme._authenticate(request, params), False)
Ejemplo n.º 26
0
    def test_identify_with_bad_noncecount(self):
        http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                          'digest',
                                          get_password=lambda usr: '******')
        scheme = HttpDigestScheme(http_auth_policy)
        request = make_request(REQUEST_METHOD="GET", PATH_INFO="/one")
        # Do an initial auth to get the nonce.
        params = get_challenge(scheme, request)
        build_response(params, request, "tester", "testing", nc="01")
        self.assertNotEquals(scheme.unauthenticated_userid(request), None)

        # Authing without increasing nc will fail.
        request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
        build_response(params, request, "tester", "testing", nc="01")
        self.assertEquals(scheme.unauthenticated_userid(request), None)

        # Authing with a badly-formed nc will fail
        request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
        build_response(params, request, "tester", "testing", nc="02XXX")
        self.assertEquals(scheme.unauthenticated_userid(request), None)

        # Authing with increasing nc will succeed.
        request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
        build_response(params, request, "tester", "testing", nc="02")
        self.assertEquals(scheme.unauthenticated_userid(request), 'tester')
        self.assertEquals(scheme.authenticated_userid(request), 'tester')
Ejemplo n.º 27
0
 def test_auth_with_unknown_qop(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme',
                                       'digest',
                                       get_password=lambda usr: '******')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     params = get_challenge(scheme, request)
     params = build_response(params, request, "tester", "testing")
     params["qop"] = "super-duper"
     self.assertRaises(ValueError, scheme._authenticate, request, params)
Ejemplo n.º 28
0
    def test_identify_with_bad_noncecount(self):
        http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest',
                                          get_password=lambda usr: '******')
        scheme = HttpDigestScheme(http_auth_policy)
        request = make_request(REQUEST_METHOD="GET", PATH_INFO="/one")
        # Do an initial auth to get the nonce.
        params = get_challenge(scheme, request)
        build_response(params, request, "tester", "testing", nc="01")
        self.assertNotEquals(scheme.unauthenticated_userid(request), None)

        # Authing without increasing nc will fail.
        request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
        build_response(params, request, "tester", "testing", nc="01")
        self.assertEquals(scheme.unauthenticated_userid(request), None)

        # Authing with a badly-formed nc will fail
        request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
        build_response(params, request, "tester", "testing", nc="02XXX")
        self.assertEquals(scheme.unauthenticated_userid(request), None)

        # Authing with increasing nc will succeed.
        request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
        build_response(params, request, "tester", "testing", nc="02")
        self.assertEquals(scheme.unauthenticated_userid(request), 'tester')
        self.assertEquals(scheme.authenticated_userid(request), 'tester')
Ejemplo n.º 29
0
    def test_with_wrong_authorization_header(self):
        http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
        scheme = HttpDigestScheme(http_auth_policy)
        request = make_request(HTTP_AUTHORIZATION='Digest ha ha ha')
        self.assertIsNone(scheme.unauthenticated_userid(request))
        self.assertIsNone(scheme.authenticated_userid(request))

        request = make_request(HTTP_AUTHORIZATION='Digest realm=Sync')
        self.assertIsNone(scheme.unauthenticated_userid(request))
        self.assertIsNone(scheme.authenticated_userid(request))
Ejemplo n.º 30
0
 def test_without_authorization_header(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     self.assertIsNone(scheme.unauthenticated_userid(request))
     self.assertIsNone(scheme.authenticated_userid(request))
Ejemplo n.º 31
0
 def test_without_authorization_header(self):
     http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest')
     scheme = HttpDigestScheme(http_auth_policy)
     request = make_request()
     self.assertIsNone(scheme.unauthenticated_userid(request))
     self.assertIsNone(scheme.authenticated_userid(request))