def test_identify_with_mismatched_uri(self): policy = SRPAuthenticationPolicy("test", get_password=get_password) request = make_request(PATH_INFO="/path_one") params = get_challenge(policy, request, "tester") build_response(params, request, "tester", "tester") self.assertNotEquals(policy.unauthenticated_userid(request), None) request["PATH_INFO"] = "/path_two" self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_mismatched_uri(self): policy = SRPAuthenticationPolicy("test", get_password=get_password) request = make_request(PATH_INFO="/path_one") params = get_challenge(policy, request, "tester") build_response(params, request, "tester", "tester") self.assertNotEquals(policy.unauthenticated_userid(request), None) request["PATH_INFO"] = "/path_two" self.assertEquals(policy.unauthenticated_userid(request), None)
def test_auth_with_missing_nonce(self): policy = SRPAuthenticationPolicy("test", get_password=lambda u: "testing") request = make_request() params = get_challenge(policy, request, "tester") build_response(params, request, "tester", "testing") del params["nonce"] set_authz_header(request, params) self.assertEquals(policy.unauthenticated_userid(request), None) self.assertRaises(KeyError, policy._authenticate, params, request)
def test_auth_with_missing_nonce(self): policy = SRPAuthenticationPolicy("test", get_password=lambda u: "testing") request = make_request() params = get_challenge(policy, request, "tester") build_response(params, request, "tester", "testing") del params["nonce"] set_authz_header(request, params) self.assertEquals(policy.unauthenticated_userid(request), None) self.assertRaises(KeyError, policy._authenticate, params, request)
def test_challenge_with_stale_nonce(self): policy = SRPAuthenticationPolicy("test", get_password=get_password) request = make_request() # Identify with a bad nonce to mark it as stale. params = get_challenge(policy, request, "tester") params["nonce"] += "STALE" params = build_response(params, request, "tester", "testing") self.assertEquals(policy.unauthenticated_userid(request), None) # The challenge should then include stale=TRUE app = policy.challenge_view(request) self.assertNotEqual(app, None) response = get_response(app, request) self.failUnless(response.startswith("401 Unauthorized")) self.failUnless('stale="TRUE"' in response)
def test_challenge_with_stale_nonce(self): policy = SRPAuthenticationPolicy("test", get_password=get_password) request = make_request() # Identify with a bad nonce to mark it as stale. params = get_challenge(policy, request, "tester") params["nonce"] += "STALE" params = build_response(params, request, "tester", "testing") self.assertEquals(policy.unauthenticated_userid(request), None) # The challenge should then include stale=TRUE app = policy.challenge_view(request) self.assertNotEqual(app, None) response = get_response(app, request) self.failUnless(response.startswith("401 Unauthorized")) self.failUnless('stale="TRUE"' in response)
def test_identify_with_bad_noncecount(self): policy = SRPAuthenticationPolicy("test", get_password=lambda u: "testing") request = make_request(REQUEST_METHOD="GET", PATH_INFO="/one") # Do an initial auth to get the nonce. params = get_challenge(policy, request, "tester") build_response(params, request, "tester", "testing", nc="01") self.assertNotEquals(policy.unauthenticated_userid(request), None) # Authing without increasing nc will fail. request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="01") self.assertEquals(policy.unauthenticated_userid(request), None) # Authing with a badly-formed nc will fail request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="02XXX") self.assertEquals(policy.unauthenticated_userid(request), None) # Authing with a badly-formed nc will fail request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="02XXX") self.assertEquals(policy.unauthenticated_userid(request), None) # Authing with increasing nc will succeed. request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="02") self.assertNotEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_bad_noncecount(self): policy = SRPAuthenticationPolicy("test", get_password=lambda u: "testing") request = make_request(REQUEST_METHOD="GET", PATH_INFO="/one") # Do an initial auth to get the nonce. params = get_challenge(policy, request, "tester") build_response(params, request, "tester", "testing", nc="01") self.assertNotEquals(policy.unauthenticated_userid(request), None) # Authing without increasing nc will fail. request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="01") self.assertEquals(policy.unauthenticated_userid(request), None) # Authing with a badly-formed nc will fail request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="02XXX") self.assertEquals(policy.unauthenticated_userid(request), None) # Authing with a badly-formed nc will fail request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="02XXX") self.assertEquals(policy.unauthenticated_userid(request), None) # Authing with increasing nc will succeed. request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="02") self.assertNotEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_invalid_params(self): policy = SRPAuthenticationPolicy("test") request = make_request(HTTP_AUTHORIZATION="SRP-HMAC realm=Sync") self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_non_digest_authz(self): policy = SRPAuthenticationPolicy("test") request = make_request(HTTP_AUTHORIZATION="Basic lalalala") self.assertEquals(policy.unauthenticated_userid(request), None) request = make_request(HTTP_AUTHORIZATION="BrowserID assertion=1234") self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_no_authz(self): policy = SRPAuthenticationPolicy("test") request = make_request() self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_invalid_params(self): policy = SRPAuthenticationPolicy("test") request = make_request(HTTP_AUTHORIZATION="SRP-HMAC realm=Sync") self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_non_digest_authz(self): policy = SRPAuthenticationPolicy("test") request = make_request(HTTP_AUTHORIZATION="Basic lalalala") self.assertEquals(policy.unauthenticated_userid(request), None) request = make_request(HTTP_AUTHORIZATION="BrowserID assertion=1234") self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_no_authz(self): policy = SRPAuthenticationPolicy("test") request = make_request() self.assertEquals(policy.unauthenticated_userid(request), None)