def _request_client(request):
creds = basic_auth_creds(request)
if creds is None:
raise ClientUnauthorized()
# We fetch the client by its ID and then do a constant-time comparison of
# the secret with that provided in the request.
#
# It is important not to include the secret as part of the SQL query
# because the resulting code may be subject to a timing attack.
client_id, client_secret = creds
try:
client = request.db.query(models.AuthClient).get(client_id)
except sa.exc.StatementError: # client_id is malformed
raise ClientUnauthorized()
if client is None:
raise ClientUnauthorized()
if client.secret is None: # client is not confidential
raise ClientUnauthorized()
if client.grant_type != GrantType.client_credentials: # client not allowed to create users
raise ClientUnauthorized()
if not hmac.compare_digest(client.secret, client_secret):
raise ClientUnauthorized()
return client
def _request_client(request):
creds = basic_auth_creds(request)
if creds is None:
raise ClientUnauthorized()
# We fetch the client by its ID and then do a constant-time comparison of
# the secret with that provided in the request.
#
# It is important not to include the secret as part of the SQL query
# because the resulting code may be subject to a timing attack.
client_id, client_secret = creds
try:
client = request.db.query(models.AuthClient).get(client_id)
except sa.exc.StatementError: # client_id is malformed
raise ClientUnauthorized()
if client is None:
raise ClientUnauthorized()
if not hmac.compare_digest(client.secret, client_secret):
raise ClientUnauthorized()
return client
def test_other_authorization_type(self, pyramid_request):
creds = ('Digest',
base64.standard_b64encode('foo:bar'.encode('utf-8')))
pyramid_request.authorization = creds
assert util.basic_auth_creds(pyramid_request) is None
def test_no_password(self, pyramid_request):
creds = ('Basic', base64.standard_b64encode('foobar'.encode('utf-8')))
pyramid_request.authorization = creds
assert util.basic_auth_creds(pyramid_request) is None
def test_missing(self, pyramid_request):
pyramid_request.authorization = None
assert util.basic_auth_creds(pyramid_request) is None
def test_valid(self, username, password, pyramid_request):
user_pass = username + ':' + password
creds = ('Basic', base64.standard_b64encode(user_pass.encode('utf-8')))
pyramid_request.authorization = creds
assert util.basic_auth_creds(pyramid_request) == (username, password)
def test_other_authorization_type(self, pyramid_request):
creds = ('Digest', base64.standard_b64encode('foo:bar'.encode('utf-8')))
pyramid_request.authorization = creds
assert util.basic_auth_creds(pyramid_request) is None
def test_no_password(self, pyramid_request):
creds = ('Basic', base64.standard_b64encode('foobar'.encode('utf-8')))
pyramid_request.authorization = creds
assert util.basic_auth_creds(pyramid_request) is None
def test_missing(self, pyramid_request):
pyramid_request.authorization = None
assert util.basic_auth_creds(pyramid_request) is None
def test_valid(self, username, password, pyramid_request):
user_pass = username + ':' + password
creds = ('Basic', base64.standard_b64encode(user_pass.encode('utf-8')))
pyramid_request.authorization = creds
assert util.basic_auth_creds(pyramid_request) == (username, password)