def test_unauthorized(self): ''' Ensure that when the client does not send an authorization token, they receive a 401 Unauthorized response which includes a www-authenticate header field which indicates the server supports Negotiate authentication. ''' flask_sspi.init_sspi(self.app, 'HTTP', 'example.org') c = self.app.test_client() r = c.get('/') self.assertEqual(r.status_code, 401) self.assertEqual(r.headers.get('www-authenticate'), 'NTLM')
def test_forbidden(self, clean, name, response, step, init): ''' Ensure that when the client sends an incorrect authorization token, they receive a 403 Forbidden response. ''' state = object() init.return_value = (sspi.AUTH_GSS_COMPLETE, state) step.side_effect = sspi.GSSError("FAILURE") flask_sspi.init_sspi(self.app, 'HTTP', 'example.org') c = self.app.test_client() r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'}) self.assertEqual(r.status_code, 403) self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')]) self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')]) self.assertEqual(name.mock_calls, []) self.assertEqual(response.mock_calls, []) self.assertEqual(clean.mock_calls, [mock.call(state)])
def test_authorized_no_mutual_auth(self, clean, name, response, step, init): ''' Ensure that when a client does not request mutual authentication, we don't provide a token & that we don't throw an exception. ''' state = object() init.return_value = (sspi.AUTH_GSS_COMPLETE, state) step.return_value = sspi.AUTH_GSS_COMPLETE name.return_value = "*****@*****.**" response.return_value = None flask_sspi.init_sspi(self.app, 'HTTP', 'example.org') c = self.app.test_client() r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'}) self.assertEqual(r.status_code, 200) self.assertEqual(r.data, '*****@*****.**') self.assertEqual(r.headers.get('WWW-Authenticate'), None) self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')]) self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')]) self.assertEqual(name.mock_calls, [mock.call(state)]) self.assertEqual(response.mock_calls, [mock.call(state)]) self.assertEqual(clean.mock_calls, [mock.call(state)])
def test_authorized(self, clean, name, response, step, init): ''' Ensure that when the client sends an correct authorization token, they receive a 200 OK response and the user principal is extracted and passed on to the routed method. ''' state = object() init.return_value = (sspi.AUTH_GSS_COMPLETE, state) step.return_value = sspi.AUTH_GSS_COMPLETE name.return_value = "*****@*****.**" response.return_value = "STOKEN" flask_sspi.init_sspi(self.app, 'HTTP', 'example.org') c = self.app.test_client() r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'}) self.assertEqual(r.status_code, 200) self.assertEqual(r.data, '*****@*****.**') self.assertEqual(r.headers.get('WWW-Authenticate'), 'negotiate STOKEN') self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')]) self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')]) self.assertEqual(name.mock_calls, [mock.call(state)]) self.assertEqual(response.mock_calls, [mock.call(state)]) self.assertEqual(clean.mock_calls, [mock.call(state)])
#!/usr/bin/env python import sys sys.path.append("../") import logging logging.basicConfig(level=logging.DEBUG) from flask import Flask from flask import render_template from flask_sspi import init_sspi from flask_sspi import requires_authentication DEBUG = True app = Flask(__name__) app.secret_key = 'efca0226-1746-43f6-92ac-1975e1eea085' @app.route("/") @requires_authentication def index(user): print("index") return render_template('index.html', user=user) if __name__ == '__main__': init_sspi(app) app.run(host='0.0.0.0')