def test_forceAuthentication(self): """ Test that if an HTTPError with an Unauthorized status code is raised from within our protected resource, we add the WWW-Authenticate headers if they do not already exist. """ self.portal.registerChecker(checkers.AllowAnonymousAccess()) nonAnonResource = NonAnonymousResource() nonAnonResource.responseText = "We don't like anonymous users" root = wrapper.HTTPAuthResource(nonAnonResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) def _tryAuthenticate(result): credentials = base64.encodestring('username:password') d2 = self.assertResponse((root, 'http://localhost/', { 'authorization': ('basic', credentials) }), (200, {}, "We don't like anonymous users")) return d2 d = self.assertResponse((root, 'http://localhost/', {}), (401, { 'WWW-Authenticate': [('basic', { 'realm': "test realm" })] }, None)) d.addCallback(_tryAuthenticate) return d
def test_unauthorizedResponse(self): """ Test that a request with no credentials results in a valid Unauthorized response. """ root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) def makeDeepRequest(res): return self.assertResponse( (root, 'http://localhost/foo/bar/baz/bax'), (401, { 'WWW-Authenticate': [('basic', { 'realm': "test realm" })] }, None)) d = self.assertResponse((root, 'http://localhost/'), (401, { 'WWW-Authenticate': [('basic', { 'realm': "test realm" })] }, None)) return d.addCallback(makeDeepRequest)
def test_wrappedResourceGetsFullSegments(self): """ Test that the wrapped resource gets all the URL segments in it's locateChild. """ self.protectedResource.responseText = "I hope you can see me." root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) credentials = base64.encodestring('username:password') d = self.assertResponse((root, 'http://localhost/foo/bar/baz/bax', { 'authorization': ('basic', credentials) }), (404, {}, None)) def checkSegments(ign): resource = self.protectedResource self.assertEquals(resource.segments, ['foo', 'bar', 'baz', 'bax']) d.addCallback(checkSegments) return d
def test_renderHTTP(self): """ Test that if the renderHTTP method is ever called we authenticate the request and delegate rendering to the wrapper. """ self.protectedResource.responseText = "I hope you can see me." self.protectedResource.addSlash = True root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) request = SimpleRequest(None, "GET", "/") request.prepath = [''] def _gotSecondResponse(response): self.assertEquals(response.code, 200) self.assertEquals(str(response.stream.read()), "I hope you can see me.") def _gotResponse(exception): response = exception.response self.assertEquals(response.code, 401) self.failUnless(response.headers.hasHeader('WWW-Authenticate')) self.assertEquals(response.headers.getHeader('WWW-Authenticate'), [('basic', { 'realm': "test realm" })]) credentials = base64.encodestring('username:password') request.headers.setHeader('authorization', ['basic', credentials]) d = root.renderHTTP(request) d.addCallback(_gotSecondResponse) d = self.assertFailure(root.renderHTTP(request), http.HTTPError) d.addCallback(_gotResponse) return d
def test_successfulLogin(self): """ Test that a request with good credentials results in the appropriate response from the protected resource """ self.protectedResource.responseText = "I hope you can see me." root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) credentials = base64.encodestring('username:password') d = self.assertResponse((root, 'http://localhost/', { 'authorization': ('basic', credentials) }), (200, {}, 'I hope you can see me.')) return d
def test_multipleWWWAuthenticateSchemes(self): """ Test that our unauthorized response can contain challenges for multiple authentication schemes. """ root = wrapper.HTTPAuthResource( self.protectedResource, (basic.BasicCredentialFactory('test realm'), FakeDigestCredentialFactory('md5', 'test realm')), self.portal, interfaces=(IHTTPUser, )) d = self.assertResponse((root, 'http://localhost/', {}), (401, { 'www-authenticate': [challengeResponse, ('basic', { 'realm': 'test realm' })] }, None)) return d
def test_wrongScheme(self): """ Test that a request with credentials for a scheme that is not advertised by this resource results in the appropriate unauthorized response. """ root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) d = self.assertResponse((root, 'http://localhost/', { 'authorization': [('digest', 'realm="foo", response="crap"')] }), (401, { 'www-authenticate': [('basic', { 'realm': 'test realm' })] }, None)) return d
def test_invalidCredentials(self): """ Malformed or otherwise invalid credentials (as determined by the credential factory) should result in an Unauthorized response """ root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) credentials = base64.encodestring('Not Good Credentials') d = self.assertResponse((root, 'http://localhost/', { 'authorization': ('basic', credentials) }), (401, { 'WWW-Authenticate': [('basic', { 'realm': "test realm" })] }, None)) return d
def test_badCredentials(self): """ Test that a request with bad credentials results in a valid Unauthorized response """ root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) credentials = base64.encodestring('bad:credentials') d = self.assertResponse((root, 'http://localhost/', { 'authorization': [('basic', credentials)] }), (401, { 'WWW-Authenticate': [('basic', { 'realm': "test realm" })] }, None)) return d
def test_allowedMethods(self): """ Test that unknown methods result in a 401 instead of a 405 when authentication hasn't been completed. """ self.method = 'PROPFIND' root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) d = self.assertResponse((root, 'http://localhost/'), (401, { 'WWW-Authenticate': [('basic', { 'realm': "test realm" })] }, None)) self.method = 'GET' return d
def test_responseFilterDoesntClobberHeaders(self): """ Test that if an UNAUTHORIZED response is returned and already has 'WWW-Authenticate' headers we don't add them. """ self.portal.registerChecker(checkers.AllowAnonymousAccess()) nonAnonResource = NonAnonymousResource() nonAnonResource.responseText = "We don't like anonymous users" nonAnonResource.sendOwnHeaders = True root = wrapper.HTTPAuthResource(nonAnonResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) d = self.assertResponse((root, 'http://localhost/', {}), (401, { 'WWW-Authenticate': [('basic', { 'realm': "foo" })] }, None)) return d
def test_anonymousAuthentication(self): """ If our portal has a credentials checker for IAnonymous credentials authentication succeeds if no Authorization header is present """ self.portal.registerChecker(checkers.AllowAnonymousAccess()) self.protectedResource.responseText = "Anonymous access allowed" root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) def _checkRequest(ign): self.assertEquals(self.protectedResource.request.avatar.username, 'anonymous') d = self.assertResponse((root, 'http://localhost/', {}), (200, {}, "Anonymous access allowed")) d.addCallback(_checkRequest) return d
def test_authorizationAgainstMultipleSchemes(self): """ Test that we can successfully authenticate when presented with multiple WWW-Authenticate headers """ root = wrapper.HTTPAuthResource( self.protectedResource, (basic.BasicCredentialFactory('test realm'), FakeDigestCredentialFactory('md5', 'test realm')), self.portal, interfaces=(IHTTPUser, )) def respondBasic(ign): credentials = base64.encodestring('username:password') d = self.assertResponse((root, 'http://localhost/', { 'authorization': ('basic', credentials) }), (200, {}, None)) return d def respond(ign): d = self.assertResponse((root, 'http://localhost/', { 'authorization': authRequest1 }), (200, {}, None)) return d.addCallback(respondBasic) d = self.assertResponse((root, 'http://localhost/', {}), (401, { 'www-authenticate': [challengeResponse, ('basic', { 'realm': 'test realm' })] }, None)) return d
def test_authenticatedRequest(self): """ Test that after successful authentication the request provides IAuthenticatedRequest and that the request.avatar implements the proper interfaces for this realm and has the proper values for this request. """ self.protectedResource.responseText = "I hope you can see me." root = wrapper.HTTPAuthResource(self.protectedResource, [self.credFactory], self.portal, interfaces=(IHTTPUser, )) credentials = base64.encodestring('username:password') d = self.assertResponse((root, 'http://localhost/', { 'authorization': ('basic', credentials) }), (200, {}, 'I hope you can see me.')) def checkRequest(result): resource = self.protectedResource self.failUnless(hasattr(resource, "request")) request = resource.request self.failUnless(IAuthenticatedRequest.providedBy(request)) self.failUnless(hasattr(request, "avatar")) self.failUnless(IHTTPUser.providedBy(request.avatar)) self.failUnless(hasattr(request, "avatarInterface")) self.assertEquals(request.avatarInterface, IHTTPUser) self.assertEquals(request.avatar.username, 'username') d.addCallback(checkRequest) return d