def test_handle_response_500_mutual_auth_required_failure(self):
with patch('kerberos.authGSSClientStep', clientStep_error):
response_500 = requests.Response()
response_500.url = "http://www.example.org/"
response_500.status_code = 500
response_500.headers = {}
response_500.request = "REQUEST"
response_500.connection = "CONNECTION"
response_500._content = "CONTENT"
response_500.encoding = "ENCODING"
response_500.raw = "RAW"
response_500.cookies = "COOKIES"
auth = requests_gssapi.HTTPGSSAPIAuth()
auth.context = {"www.example.org": "CTX"}
r = auth.handle_response(response_500)
self.assertNotEqual(r, response_500)
self.assertNotEqual(r.headers, response_500.headers)
self.assertEqual(r.status_code, response_500.status_code)
self.assertEqual(r.encoding, response_500.encoding)
self.assertEqual(r.raw, response_500.raw)
self.assertEqual(r.url, response_500.url)
self.assertEqual(r.reason, response_500.reason)
self.assertEqual(r.connection, response_500.connection)
self.assertEqual(r.content, b'')
self.assertNotEqual(r.cookies, response_500.cookies)
self.assertFalse(clientStep_error.called)
def test_generate_request_header_custom_service(self):
with patch.multiple('kerberos',
authGSSClientInit=clientInit_error,
authGSSClientResponse=clientResponse,
authGSSClientStep=clientStep_continue):
response = requests.Response()
response.url = "http://www.example.org/"
response.headers = {'www-authenticate': 'negotiate token'}
auth = requests_gssapi.HTTPGSSAPIAuth(service="barfoo")
auth.generate_request_header(response),
clientInit_error.assert_called_with("*****@*****.**")
def test_generate_request_header_step_error(self):
with patch.multiple('kerberos',
authGSSClientInit=clientInit_complete,
authGSSClientResponse=clientResponse,
authGSSClientStep=clientStep_error):
response = requests.Response()
response.url = "http://www.example.org/"
response.headers = {'www-authenticate': 'negotiate token'}
auth = requests_gssapi.HTTPGSSAPIAuth()
self.assertEqual(auth.generate_request_header(response), None)
clientInit_complete.assert_called_with("*****@*****.**")
clientStep_error.assert_called_with("CTX", "token")
self.assertFalse(clientResponse.called)
def test_handle_response_200_mutual_auth_optional_soft_failure(self):
with patch('kerberos.authGSSClientStep', clientStep_error):
response_ok = requests.Response()
response_ok.url = "http://www.example.org/"
response_ok.status_code = 200
auth = requests_gssapi.HTTPGSSAPIAuth(requests_gssapi.OPTIONAL)
auth.context = {"www.example.org": "CTX"}
r = auth.handle_response(response_ok)
self.assertEqual(r, response_ok)
self.assertFalse(clientStep_error.called)
def test_handle_response_200_mutual_auth_required_failure(self):
with patch('kerberos.authGSSClientStep', clientStep_error):
response_ok = requests.Response()
response_ok.url = "http://www.example.org/"
response_ok.status_code = 200
response_ok.headers = {}
auth = requests_gssapi.HTTPGSSAPIAuth()
auth.context = {"www.example.org": "CTX"}
self.assertRaises(requests_gssapi.MutualAuthenticationError,
auth.handle_response, response_ok)
self.assertFalse(clientStep_error.called)
def test_authenticate_server(self):
with patch.multiple('kerberos', authGSSClientStep=clientStep_complete):
response_ok = requests.Response()
response_ok.url = "http://www.example.org/"
response_ok.status_code = 200
response_ok.headers = {
'www-authenticate': 'negotiate servertoken',
'authorization': 'Negotiate GSSRESPONSE'
}
auth = requests_gssapi.HTTPGSSAPIAuth()
auth.context = {"www.example.org": "CTX"}
result = auth.authenticate_server(response_ok)
self.assertTrue(result)
clientStep_complete.assert_called_with("CTX", "servertoken")
def test_handle_response_200_mutual_auth_optional_hard_failure(self):
with patch('kerberos.authGSSClientStep', clientStep_error):
response_ok = requests.Response()
response_ok.url = "http://www.example.org/"
response_ok.status_code = 200
response_ok.headers = {
'www-authenticate': 'negotiate servertoken',
'authorization': 'Negotiate GSSRESPONSE'
}
auth = requests_gssapi.HTTPGSSAPIAuth(requests_gssapi.OPTIONAL)
auth.context = {"www.example.org": "CTX"}
self.assertRaises(requests_gssapi.MutualAuthenticationError,
auth.handle_response, response_ok)
clientStep_error.assert_called_with("CTX", "servertoken")
def test_handle_response_200(self):
with patch('kerberos.authGSSClientStep', clientStep_complete):
response_ok = requests.Response()
response_ok.url = "http://www.example.org/"
response_ok.status_code = 200
response_ok.headers = {
'www-authenticate': 'negotiate servertoken',
'authorization': 'Negotiate GSSRESPONSE'
}
auth = requests_gssapi.HTTPGSSAPIAuth()
auth.context = {"www.example.org": "CTX"}
r = auth.handle_response(response_ok)
self.assertEqual(r, response_ok)
clientStep_complete.assert_called_with("CTX", "servertoken")
def test_handle_response_401(self):
with patch.multiple('kerberos',
authGSSClientInit=clientInit_complete,
authGSSClientResponse=clientResponse,
authGSSClientStep=clientStep_continue):
response_ok = requests.Response()
response_ok.url = "http://www.example.org/"
response_ok.status_code = 200
response_ok.headers = {'www-authenticate': 'negotiate servertoken'}
connection = Mock()
connection.send = Mock(return_value=response_ok)
raw = Mock()
raw.release_conn = Mock(return_value=None)
request = requests.Request()
response = requests.Response()
response.request = request
response.url = "http://www.example.org/"
response.headers = {'www-authenticate': 'negotiate token'}
response.status_code = 401
response.connection = connection
response._content = ""
response.raw = raw
auth = requests_gssapi.HTTPGSSAPIAuth()
auth.handle_other = Mock(return_value=response_ok)
r = auth.handle_response(response)
self.assertTrue(response in r.history)
auth.handle_other.assert_called_with(response_ok)
self.assertEqual(r, response_ok)
self.assertEqual(request.headers['Authorization'],
'Negotiate GSSRESPONSE')
connection.send.assert_called_with(request)
raw.release_conn.assert_called_with()
clientInit_complete.assert_called_with("*****@*****.**")
clientStep_continue.assert_called_with("CTX", "token")
clientResponse.assert_called_with("CTX")