def test_forceAuthentication(self):
        """
        Test that if an HTTPError with an Unauthorized status code is raised
        from within our protected resource, we add the WWW-Authenticate 
        headers if they do not already exist.
        """
        self.portal.registerChecker(checkers.AllowAnonymousAccess())

        nonAnonResource = NonAnonymousResource()
        nonAnonResource.responseText = "We don't like anonymous users"

        root = wrapper.HTTPAuthResource(nonAnonResource, [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        def _tryAuthenticate(result):
            credentials = base64.encodestring('username:password')

            d2 = self.assertResponse((root, 'http://localhost/', {
                'authorization': ('basic', credentials)
            }), (200, {}, "We don't like anonymous users"))

            return d2

        d = self.assertResponse((root, 'http://localhost/', {}), (401, {
            'WWW-Authenticate': [('basic', {
                'realm': "test realm"
            })]
        }, None))

        d.addCallback(_tryAuthenticate)

        return d
    def test_unauthorizedResponse(self):
        """
        Test that a request with no credentials results in a
        valid Unauthorized response.
        """
        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        def makeDeepRequest(res):
            return self.assertResponse(
                (root, 'http://localhost/foo/bar/baz/bax'), (401, {
                    'WWW-Authenticate': [('basic', {
                        'realm': "test realm"
                    })]
                }, None))

        d = self.assertResponse((root, 'http://localhost/'), (401, {
            'WWW-Authenticate': [('basic', {
                'realm': "test realm"
            })]
        }, None))

        return d.addCallback(makeDeepRequest)
    def test_wrappedResourceGetsFullSegments(self):
        """
        Test that the wrapped resource gets all the URL segments in it's
        locateChild.
        """
        self.protectedResource.responseText = "I hope you can see me."

        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        credentials = base64.encodestring('username:password')

        d = self.assertResponse((root, 'http://localhost/foo/bar/baz/bax', {
            'authorization': ('basic', credentials)
        }), (404, {}, None))

        def checkSegments(ign):
            resource = self.protectedResource

            self.assertEquals(resource.segments, ['foo', 'bar', 'baz', 'bax'])

        d.addCallback(checkSegments)

        return d
    def test_renderHTTP(self):
        """
        Test that if the renderHTTP method is ever called we authenticate
        the request and delegate rendering to the wrapper.
        """
        self.protectedResource.responseText = "I hope you can see me."
        self.protectedResource.addSlash = True

        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        request = SimpleRequest(None, "GET", "/")
        request.prepath = ['']

        def _gotSecondResponse(response):
            self.assertEquals(response.code, 200)
            self.assertEquals(str(response.stream.read()),
                              "I hope you can see me.")

        def _gotResponse(exception):
            response = exception.response

            self.assertEquals(response.code, 401)
            self.failUnless(response.headers.hasHeader('WWW-Authenticate'))
            self.assertEquals(response.headers.getHeader('WWW-Authenticate'),
                              [('basic', {
                                  'realm': "test realm"
                              })])

            credentials = base64.encodestring('username:password')

            request.headers.setHeader('authorization', ['basic', credentials])

            d = root.renderHTTP(request)
            d.addCallback(_gotSecondResponse)

        d = self.assertFailure(root.renderHTTP(request), http.HTTPError)

        d.addCallback(_gotResponse)

        return d
    def test_successfulLogin(self):
        """
        Test that a request with good credentials results in the
        appropriate response from the protected resource
        """
        self.protectedResource.responseText = "I hope you can see me."

        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        credentials = base64.encodestring('username:password')

        d = self.assertResponse((root, 'http://localhost/', {
            'authorization': ('basic', credentials)
        }), (200, {}, 'I hope you can see me.'))

        return d
    def test_multipleWWWAuthenticateSchemes(self):
        """
        Test that our unauthorized response can contain challenges for
        multiple authentication schemes.
        """
        root = wrapper.HTTPAuthResource(
            self.protectedResource,
            (basic.BasicCredentialFactory('test realm'),
             FakeDigestCredentialFactory('md5', 'test realm')),
            self.portal,
            interfaces=(IHTTPUser, ))

        d = self.assertResponse((root, 'http://localhost/', {}), (401, {
            'www-authenticate':
            [challengeResponse, ('basic', {
                'realm': 'test realm'
            })]
        }, None))

        return d
    def test_wrongScheme(self):
        """
        Test that a request with credentials for a scheme that is not
        advertised by this resource results in the appropriate
        unauthorized response.
        """
        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        d = self.assertResponse((root, 'http://localhost/', {
            'authorization': [('digest', 'realm="foo", response="crap"')]
        }), (401, {
            'www-authenticate': [('basic', {
                'realm': 'test realm'
            })]
        }, None))

        return d
    def test_invalidCredentials(self):
        """
        Malformed or otherwise invalid credentials (as determined by
        the credential factory) should result in an Unauthorized response
        """
        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        credentials = base64.encodestring('Not Good Credentials')

        d = self.assertResponse((root, 'http://localhost/', {
            'authorization': ('basic', credentials)
        }), (401, {
            'WWW-Authenticate': [('basic', {
                'realm': "test realm"
            })]
        }, None))

        return d
    def test_badCredentials(self):
        """
        Test that a request with bad credentials results in a valid
        Unauthorized response
        """
        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        credentials = base64.encodestring('bad:credentials')

        d = self.assertResponse((root, 'http://localhost/', {
            'authorization': [('basic', credentials)]
        }), (401, {
            'WWW-Authenticate': [('basic', {
                'realm': "test realm"
            })]
        }, None))

        return d
Exemple #10
0
    def test_allowedMethods(self):
        """
        Test that unknown methods result in a 401 instead of a 405 when
        authentication hasn't been completed.
        """

        self.method = 'PROPFIND'

        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))
        d = self.assertResponse((root, 'http://localhost/'), (401, {
            'WWW-Authenticate': [('basic', {
                'realm': "test realm"
            })]
        }, None))

        self.method = 'GET'

        return d
Exemple #11
0
    def test_responseFilterDoesntClobberHeaders(self):
        """
        Test that if an UNAUTHORIZED response is returned and
        already has 'WWW-Authenticate' headers we don't add them.
        """
        self.portal.registerChecker(checkers.AllowAnonymousAccess())

        nonAnonResource = NonAnonymousResource()
        nonAnonResource.responseText = "We don't like anonymous users"
        nonAnonResource.sendOwnHeaders = True

        root = wrapper.HTTPAuthResource(nonAnonResource, [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        d = self.assertResponse((root, 'http://localhost/', {}), (401, {
            'WWW-Authenticate': [('basic', {
                'realm': "foo"
            })]
        }, None))

        return d
Exemple #12
0
    def test_anonymousAuthentication(self):
        """
        If our portal has a credentials checker for IAnonymous credentials
        authentication succeeds if no Authorization header is present
        """

        self.portal.registerChecker(checkers.AllowAnonymousAccess())

        self.protectedResource.responseText = "Anonymous access allowed"

        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        def _checkRequest(ign):
            self.assertEquals(self.protectedResource.request.avatar.username,
                              'anonymous')

        d = self.assertResponse((root, 'http://localhost/', {}),
                                (200, {}, "Anonymous access allowed"))
        d.addCallback(_checkRequest)

        return d
Exemple #13
0
    def test_authorizationAgainstMultipleSchemes(self):
        """
        Test that we can successfully authenticate when presented
        with multiple WWW-Authenticate headers
        """

        root = wrapper.HTTPAuthResource(
            self.protectedResource,
            (basic.BasicCredentialFactory('test realm'),
             FakeDigestCredentialFactory('md5', 'test realm')),
            self.portal,
            interfaces=(IHTTPUser, ))

        def respondBasic(ign):
            credentials = base64.encodestring('username:password')

            d = self.assertResponse((root, 'http://localhost/', {
                'authorization': ('basic', credentials)
            }), (200, {}, None))

            return d

        def respond(ign):
            d = self.assertResponse((root, 'http://localhost/', {
                'authorization': authRequest1
            }), (200, {}, None))
            return d.addCallback(respondBasic)

        d = self.assertResponse((root, 'http://localhost/', {}), (401, {
            'www-authenticate':
            [challengeResponse, ('basic', {
                'realm': 'test realm'
            })]
        }, None))

        return d
Exemple #14
0
    def test_authenticatedRequest(self):
        """
        Test that after successful authentication the request provides
        IAuthenticatedRequest and that the request.avatar implements
        the proper interfaces for this realm and has the proper values
        for this request.
        """
        self.protectedResource.responseText = "I hope you can see me."

        root = wrapper.HTTPAuthResource(self.protectedResource,
                                        [self.credFactory],
                                        self.portal,
                                        interfaces=(IHTTPUser, ))

        credentials = base64.encodestring('username:password')

        d = self.assertResponse((root, 'http://localhost/', {
            'authorization': ('basic', credentials)
        }), (200, {}, 'I hope you can see me.'))

        def checkRequest(result):
            resource = self.protectedResource

            self.failUnless(hasattr(resource, "request"))

            request = resource.request

            self.failUnless(IAuthenticatedRequest.providedBy(request))
            self.failUnless(hasattr(request, "avatar"))
            self.failUnless(IHTTPUser.providedBy(request.avatar))
            self.failUnless(hasattr(request, "avatarInterface"))
            self.assertEquals(request.avatarInterface, IHTTPUser)
            self.assertEquals(request.avatar.username, 'username')

        d.addCallback(checkRequest)
        return d