def test_digest_next_nonce_nc():
# Test that if the server sets nextnonce that we reset
# the nonce count back to 1
http = httplib2.Http()
password = tests.gen_password()
grenew_nonce = [None]
handler = tests.http_reflect_with_auth(
allow_scheme="digest", allow_credentials=(("joe", password),), out_renew_nonce=grenew_nonce,
)
with tests.server_request(handler, request_count=5) as uri:
http.add_credentials("joe", password)
response1, _ = http.request(uri, "GET")
info = httplib2.auth._parse_authentication_info(response1)
print("debug: response1 authentication-info: {}\nparsed: {}".format(response1.get("authentication-info"), info))
assert response1.status == 200
assert info.get("nc") == "00000001", info
assert not info.get("digest", {}).get("nextnonce"), info
response2, _ = http.request(uri, "GET")
info2 = httplib2.auth._parse_authentication_info(response2)
assert info2.get("nc") == "00000002", info2
grenew_nonce[0]()
response3, content = http.request(uri, "GET")
info3 = httplib2.auth._parse_authentication_info(response3)
assert response3.status == 200
assert info3.get("nc") == "00000001", info3
def test_digest_next_nonce_nc():
# Test that if the server sets nextnonce that we reset
# the nonce count back to 1
http = httplib2.Http()
password = tests.gen_password()
grenew_nonce = [None]
handler = tests.http_reflect_with_auth(
allow_scheme='digest',
allow_credentials=(('joe', password), ),
out_renew_nonce=grenew_nonce,
)
with tests.server_request(handler, request_count=5) as uri:
http.add_credentials('joe', password)
response1, _ = http.request(uri, 'GET')
info = httplib2._parse_www_authenticate(response1,
'authentication-info')
assert response1.status == 200
assert info.get('digest', {}).get('nc') == '00000001', info
assert not info.get('digest', {}).get('nextnonce'), info
response2, _ = http.request(uri, 'GET')
info2 = httplib2._parse_www_authenticate(response2,
'authentication-info')
assert info2.get('digest', {}).get('nc') == '00000002', info2
grenew_nonce[0]()
response3, content = http.request(uri, 'GET')
info3 = httplib2._parse_www_authenticate(response3,
'authentication-info')
assert response3.status == 200
assert info3.get('digest', {}).get('nc') == '00000001', info3
def test_digest_auth_stale():
# Test that we can handle a nonce becoming stale
http = httplib2.Http()
password = tests.gen_password()
grenew_nonce = [None]
requests = []
handler = tests.http_reflect_with_auth(
allow_scheme='digest',
allow_credentials=(('joe', password), ),
out_renew_nonce=grenew_nonce,
out_requests=requests,
)
with tests.server_request(handler, request_count=4) as uri:
http.add_credentials('joe', password)
response, _ = http.request(uri, 'GET')
assert response.status == 200
info = httplib2._parse_www_authenticate(requests[0][1].headers,
'www-authenticate')
grenew_nonce[0]()
response, _ = http.request(uri, 'GET')
assert response.status == 200
assert not response.fromcache
assert getattr(response, '_stale_digest', False)
info2 = httplib2._parse_www_authenticate(requests[2][1].headers,
'www-authenticate')
nonce1 = info.get('digest', {}).get('nonce', '')
nonce2 = info2.get('digest', {}).get('nonce', '')
assert nonce1 != ''
assert nonce2 != ''
assert nonce1 != nonce2, (nonce1, nonce2)
def test_digest_next_nonce_nc():
# Test that if the server sets nextnonce that we reset
# the nonce count back to 1
http = httplib2.Http()
password = tests.gen_password()
grenew_nonce = [None]
handler = tests.http_reflect_with_auth(
allow_scheme="digest",
allow_credentials=(("joe", password),),
out_renew_nonce=grenew_nonce,
)
with tests.server_request(handler, request_count=5) as uri:
http.add_credentials("joe", password)
response1, _ = http.request(uri, "GET")
info = httplib2._parse_www_authenticate(response1, "authentication-info")
assert response1.status == 200
assert info.get("digest", {}).get("nc") == "00000001", info
assert not info.get("digest", {}).get("nextnonce"), info
response2, _ = http.request(uri, "GET")
info2 = httplib2._parse_www_authenticate(response2, "authentication-info")
assert info2.get("digest", {}).get("nc") == "00000002", info2
grenew_nonce[0]()
response3, content = http.request(uri, "GET")
info3 = httplib2._parse_www_authenticate(response3, "authentication-info")
assert response3.status == 200
assert info3.get("digest", {}).get("nc") == "00000001", info3
def test_digest_auth_stale():
# Test that we can handle a nonce becoming stale
http = httplib2.Http()
password = tests.gen_password()
grenew_nonce = [None]
requests = []
handler = tests.http_reflect_with_auth(
allow_scheme="digest",
allow_credentials=(("joe", password),),
out_renew_nonce=grenew_nonce,
out_requests=requests,
)
with tests.server_request(handler, request_count=4) as uri:
http.add_credentials("joe", password)
response, _ = http.request(uri, "GET")
assert response.status == 200
info = httplib2._parse_www_authenticate(
requests[0][1].headers, "www-authenticate"
)
grenew_nonce[0]()
response, _ = http.request(uri, "GET")
assert response.status == 200
assert not response.fromcache
assert getattr(response, "_stale_digest", False)
info2 = httplib2._parse_www_authenticate(
requests[2][1].headers, "www-authenticate"
)
nonce1 = info.get("digest", {}).get("nonce", "")
nonce2 = info2.get("digest", {}).get("nonce", "")
assert nonce1 != ""
assert nonce2 != ""
assert nonce1 != nonce2, (nonce1, nonce2)
def test_basic_two_credentials():
# Test Basic Authentication with multiple sets of credentials
http = httplib2.Http()
password1 = tests.gen_password()
password2 = tests.gen_password()
allowed = [("joe", password1)] # exploit shared mutable list
handler = tests.http_reflect_with_auth(allow_scheme="basic", allow_credentials=allowed)
with tests.server_request(handler, request_count=7) as uri:
http.add_credentials("fred", password2)
response, content = http.request(uri, "GET")
assert response.status == 401
http.add_credentials("joe", password1)
response, content = http.request(uri, "GET")
assert response.status == 200
allowed[0] = ("fred", password2)
response, content = http.request(uri, "GET")
assert response.status == 200
def test_basic_two_credentials():
# Test Basic Authentication with multiple sets of credentials
http = httplib2.Http()
password1 = tests.gen_password()
password2 = tests.gen_password()
allowed = [("joe", password1)] # exploit shared mutable list
handler = tests.http_reflect_with_auth(
allow_scheme="basic", allow_credentials=allowed
)
with tests.server_request(handler, request_count=7) as uri:
http.add_credentials("fred", password2)
response, content = http.request(uri, "GET")
assert response.status == 401
http.add_credentials("joe", password1)
response, content = http.request(uri, "GET")
assert response.status == 200
allowed[0] = ("fred", password2)
response, content = http.request(uri, "GET")
assert response.status == 200
def test_digest():
# Test that we support Digest Authentication
http = httplib2.Http()
password = tests.gen_password()
handler = tests.http_reflect_with_auth(allow_scheme="digest", allow_credentials=(("joe", password),))
with tests.server_request(handler, request_count=3) as uri:
response, content = http.request(uri, "GET")
assert response.status == 401
http.add_credentials("joe", password)
response, content = http.request(uri, "GET")
assert response.status == 200, content.decode()
def test_basic():
# Test Basic Authentication
http = httplib2.Http()
password = tests.gen_password()
handler = tests.http_reflect_with_auth(allow_scheme='basic',
allow_credentials=(('joe',
password), ))
with tests.server_request(handler, request_count=3) as uri:
response, content = http.request(uri, 'GET')
assert response.status == 401
http.add_credentials('joe', password)
response, content = http.request(uri, 'GET')
assert response.status == 200
def test_digest():
# Test that we support Digest Authentication
http = httplib2.Http()
password = tests.gen_password()
handler = tests.http_reflect_with_auth(
allow_scheme="digest", allow_credentials=(("joe", password),)
)
with tests.server_request(handler, request_count=3) as uri:
response, content = http.request(uri, "GET")
assert response.status == 401
http.add_credentials("joe", password)
response, content = http.request(uri, "GET")
assert response.status == 200, content.decode()
def test_basic_for_domain():
# Test Basic Authentication
http = httplib2.Http()
password = tests.gen_password()
handler = tests.http_reflect_with_auth(allow_scheme="basic", allow_credentials=(("joe", password),))
with tests.server_request(handler, request_count=4) as uri:
response, content = http.request(uri, "GET")
assert response.status == 401
http.add_credentials("joe", password, "example.org")
response, content = http.request(uri, "GET")
assert response.status == 401
domain = urllib.parse.urlparse(uri)[1]
http.add_credentials("joe", password, domain)
response, content = http.request(uri, "GET")
assert response.status == 200
def test_basic_for_domain():
# Test Basic Authentication
http = httplib2.Http()
password = tests.gen_password()
handler = tests.http_reflect_with_auth(
allow_scheme="basic", allow_credentials=(("joe", password),)
)
with tests.server_request(handler, request_count=4) as uri:
response, content = http.request(uri, "GET")
assert response.status == 401
http.add_credentials("joe", password, "example.org")
response, content = http.request(uri, "GET")
assert response.status == 401
domain = urllib.parse.urlparse(uri)[1]
http.add_credentials("joe", password, domain)
response, content = http.request(uri, "GET")
assert response.status == 200
def test_wsse_ok():
http = httplib2.Http()
username = "******"
password = tests.gen_password()
grenew_nonce = [None]
requests = []
handler = tests.http_reflect_with_auth(
allow_scheme="wsse",
allow_credentials=((username, password),),
out_renew_nonce=grenew_nonce,
out_requests=requests,
)
http.add_credentials(username, password)
with tests.server_request(handler, request_count=2) as uri:
response, _ = http.request(uri)
assert requests[0][1].status == 401
assert requests[1][0].headers["authorization"] == 'WSSE profile="UsernameToken"'
assert response.status == 200
