def test_unauthorized(self):
'''
Ensure that when the client does not send an authorization token, they
receive a 401 Unauthorized response which includes a www-authenticate
header field which indicates the server supports Negotiate
authentication.
'''
bottle_kerberos.init_kerberos(self.app, 'HTTP', 'example.org')
c = self.app.test_client()
r = c.get('/')
self.assertEqual(r.status_code, 401)
self.assertEqual(r.headers.get('www-authenticate'), 'Negotiate')
def test_unauthorized(self):
'''
Ensure that when the client does not send an authorization token, they
receive a 401 Unauthorized response which includes a www-authenticate
header field which indicates the server supports Negotiate
authentication.
'''
bottle_kerberos.init_kerberos(self.app, 'HTTP', 'example.org')
c = self.app.test_client()
r = c.get('/')
self.assertEqual(r.status_code, 401)
self.assertEqual(r.headers.get('www-authenticate'), 'Negotiate')
def test_forbidden(self, clean, name, response, step, init):
'''
Ensure that when the client sends an incorrect authorization token,
they receive a 403 Forbidden response.
'''
state = object()
init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
step.side_effect = kerberos.GSSError("FAILURE")
bottle_kerberos.init_kerberos(self.app, 'HTTP', 'example.org')
c = self.app.test_client()
r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'})
self.assertEqual(r.status_code, 403)
self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')])
self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
self.assertEqual(name.mock_calls, [])
self.assertEqual(response.mock_calls, [])
self.assertEqual(clean.mock_calls, [mock.call(state)])
def test_forbidden(self, clean, name, response, step, init):
'''
Ensure that when the client sends an incorrect authorization token,
they receive a 403 Forbidden response.
'''
state = object()
init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
step.side_effect = kerberos.GSSError("FAILURE")
bottle_kerberos.init_kerberos(self.app, 'HTTP', 'example.org')
c = self.app.test_client()
r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'})
self.assertEqual(r.status_code, 403)
self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')])
self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
self.assertEqual(name.mock_calls, [])
self.assertEqual(response.mock_calls, [])
self.assertEqual(clean.mock_calls, [mock.call(state)])
def test_authorized_no_mutual_auth(self, clean, name, response, step, init):
'''
Ensure that when a client does not request mutual authentication, we
don't provide a token & that we don't throw an exception.
'''
state = object()
init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
step.return_value = kerberos.AUTH_GSS_COMPLETE
name.return_value = "*****@*****.**"
response.return_value = None
bottle_kerberos.init_kerberos(self.app, 'HTTP', 'example.org')
c = self.app.test_client()
r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'})
self.assertEqual(r.status_code, 200)
self.assertEqual(r.data, '*****@*****.**')
self.assertEqual(r.headers.get('WWW-Authenticate'), None)
self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')])
self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
self.assertEqual(name.mock_calls, [mock.call(state)])
self.assertEqual(response.mock_calls, [mock.call(state)])
self.assertEqual(clean.mock_calls, [mock.call(state)])
def test_authorized(self, clean, name, response, step, init):
'''
Ensure that when the client sends an correct authorization token,
they receive a 200 OK response and the user principal is extracted and
passed on to the routed method.
'''
state = object()
init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
step.return_value = kerberos.AUTH_GSS_COMPLETE
name.return_value = "*****@*****.**"
response.return_value = "STOKEN"
bottle_kerberos.init_kerberos(self.app, 'HTTP', 'example.org')
c = self.app.test_client()
r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'})
self.assertEqual(r.status_code, 200)
self.assertEqual(r.data, '*****@*****.**')
self.assertEqual(r.headers.get('WWW-Authenticate'), 'negotiate STOKEN')
self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')])
self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
self.assertEqual(name.mock_calls, [mock.call(state)])
self.assertEqual(response.mock_calls, [mock.call(state)])
self.assertEqual(clean.mock_calls, [mock.call(state)])
def test_authorized_no_mutual_auth(self, clean, name, response, step,
init):
'''
Ensure that when a client does not request mutual authentication, we
don't provide a token & that we don't throw an exception.
'''
state = object()
init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
step.return_value = kerberos.AUTH_GSS_COMPLETE
name.return_value = "*****@*****.**"
response.return_value = None
bottle_kerberos.init_kerberos(self.app, 'HTTP', 'example.org')
c = self.app.test_client()
r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'})
self.assertEqual(r.status_code, 200)
self.assertEqual(r.data, '*****@*****.**')
self.assertEqual(r.headers.get('WWW-Authenticate'), None)
self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')])
self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
self.assertEqual(name.mock_calls, [mock.call(state)])
self.assertEqual(response.mock_calls, [mock.call(state)])
self.assertEqual(clean.mock_calls, [mock.call(state)])
def test_authorized(self, clean, name, response, step, init):
'''
Ensure that when the client sends an correct authorization token,
they receive a 200 OK response and the user principal is extracted and
passed on to the routed method.
'''
state = object()
init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
step.return_value = kerberos.AUTH_GSS_COMPLETE
name.return_value = "*****@*****.**"
response.return_value = "STOKEN"
bottle_kerberos.init_kerberos(self.app, 'HTTP', 'example.org')
c = self.app.test_client()
r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'})
self.assertEqual(r.status_code, 200)
self.assertEqual(r.data, '*****@*****.**')
self.assertEqual(r.headers.get('WWW-Authenticate'), 'negotiate STOKEN')
self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')])
self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
self.assertEqual(name.mock_calls, [mock.call(state)])
self.assertEqual(response.mock_calls, [mock.call(state)])
self.assertEqual(clean.mock_calls, [mock.call(state)])
#!/usr/bin/env python
from bottle import route
from bottle import run
from bottle import template
from bottle import static_file
from bottle_kerberos import init_kerberos
from bottle_kerberos import requires_authentication
@route('/')
@requires_authentication
@view('index.html')
def index(user):
return dict(user=user)
@route('/static/<filename:path>')
def static(filename):
return static_file(filename, root='static')
if __name__ == '__main__':
init_kerberos(app)
run(host='0.0.0.0', debug=True)
#!/usr/bin/env python
from bottle import route
from bottle import run
from bottle import template
from bottle import static_file
from bottle_kerberos import init_kerberos
from bottle_kerberos import requires_authentication
@route('/')
@requires_authentication
@view('index.html')
def index(user):
return dict(user=user)
@route('/static/<filename:path>')
def static(filename):
return static_file(filename, root='static')
if __name__ == '__main__':
init_kerberos(app)
run(host='0.0.0.0', debug=True)
