def test_validate_digest_parameters_legacy(self):
params = dict(scheme="Digest", realm="testrealm", username="******", nonce="abcdef", response="123456")
# Missing "uri"
self.failIf(validate_digest_parameters(params))
params["uri"] = "/my/page"
self.failUnless(validate_digest_parameters(params))
# Wrong realm
self.failIf(validate_digest_parameters(params, realm="otherrealm"))
self.failUnless(validate_digest_parameters(params, realm="testrealm"))
def test_validate_digest_parameters_legacy(self):
params = dict(scheme="Digest", realm="testrealm", username="******",
nonce="abcdef", response="123456")
# Missing "uri"
self.failIf(validate_digest_parameters(params))
params["uri"] = "/my/page"
self.failUnless(validate_digest_parameters(params))
# Wrong realm
self.failIf(validate_digest_parameters(params, realm="otherrealm"))
self.failUnless(validate_digest_parameters(params, realm="testrealm"))
def test_validate_digest_parameters_qop(self):
params = dict(
scheme="Digest",
realm="testrealm",
username="******",
nonce="abcdef",
response="123456",
qop="auth",
uri="/my/page",
cnonce="98765",
)
# Missing "nc"
self.failIf(validate_digest_parameters(params))
params["nc"] = "0001"
self.failUnless(validate_digest_parameters(params))
# Wrong realm
self.failIf(validate_digest_parameters(params, realm="otherrealm"))
self.failUnless(validate_digest_parameters(params, realm="testrealm"))
# Unknown qop
params["qop"] = "super-duper"
self.failIf(validate_digest_parameters(params))
params["qop"] = "auth-int"
self.failUnless(validate_digest_parameters(params))
params["qop"] = "auth"
# Unknown algorithm
params["algorithm"] = "sha1"
self.failIf(validate_digest_parameters(params))
params["algorithm"] = "md5"
self.failUnless(validate_digest_parameters(params))
def _get_auth_params(self, request):
"""Extract digest-auth parameters from the request.
This method extracts digest-auth parameters from the Authorization
header and returns them as a dict. If they are missing then None
is returned.
"""
# Parse the Authorization header, using cached version if possible.
if _ENVKEY_PARSED_AUTHZ in request.environ:
params = request.environ[_ENVKEY_PARSED_AUTHZ]
else:
try:
params = parse_authz_header(request)
except ValueError:
params = None
request.environ[_ENVKEY_PARSED_AUTHZ] = params
# Check that they're valid digest-auth parameters.
if params is None:
return None
if params["scheme"].lower() != "digest":
return None
if not validate_digest_parameters(params, self.realm):
return None
# Check that the digest is applied to the correct URI.
if not validate_digest_uri(params, request):
return None
# Check that the provided nonce is valid.
# If this looks like a stale request, mark it in the request
# so we can include that information in the challenge.
if not validate_digest_nonce(params, request, self.nonce_manager):
request.environ[_ENVKEY_STALE_NONCE] = True
return None
return params
def test_validate_digest_parameters_qop(self):
params = dict(scheme="Digest", realm="testrealm", username="******",
nonce="abcdef", response="123456", qop="auth",
uri="/my/page", cnonce="98765")
# Missing "nc"
self.failIf(validate_digest_parameters(params))
params["nc"] = "0001"
self.failUnless(validate_digest_parameters(params))
# Wrong realm
self.failIf(validate_digest_parameters(params, realm="otherrealm"))
self.failUnless(validate_digest_parameters(params, realm="testrealm"))
# Unknown qop
params["qop"] = "super-duper"
self.failIf(validate_digest_parameters(params))
params["qop"] = "auth-int"
self.failUnless(validate_digest_parameters(params))
params["qop"] = "auth"
# Unknown algorithm
params["algorithm"] = "sha1"
self.failIf(validate_digest_parameters(params))
params["algorithm"] = "md5"
self.failUnless(validate_digest_parameters(params))
