def test_is_authenticated(self):
auth = DigestAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No HTTP Basic auth details should fail.
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# HttpUnauthorized with auth type and realm
self.assertEqual(auth_request['WWW-Authenticate'].find('Digest'), 0)
self.assertEqual(
auth_request['WWW-Authenticate'].find(' realm="django-tastypie"') >
0, True)
self.assertEqual(auth_request['WWW-Authenticate'].find(' opaque=') > 0,
True)
self.assertEqual(auth_request['WWW-Authenticate'].find('nonce=') > 0,
True)
# Wrong basic auth details.
request.META['HTTP_AUTHORIZATION'] = 'abcdefg'
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# No password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode(
'daniel'.encode('utf-8')).decode('utf-8')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Wrong user/password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode(
'daniel:pass'.encode('utf-8')).decode('utf-8')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Correct user/password.
john_doe = User.objects.get(username='******')
request.META[
'HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
username=john_doe.username,
method=request.method,
uri='/',
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(
auth_request['WWW-Authenticate']),
password=john_doe.api_key.key)
auth_request = auth.is_authenticated(request)
self.assertEqual(auth_request, True)
def test_check_active_false(self):
auth = DigestAuthentication(require_active=False)
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
auth_request = auth.is_authenticated(request)
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
username=bob_doe.username,
method=request.method,
uri='/',
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(auth_request['WWW-Authenticate']),
password=bob_doe.api_key.key
)
auth_request = auth.is_authenticated(request)
self.assertTrue(auth_request, True)
def test_check_active_true(self):
auth = DigestAuthentication()
request = HttpRequest()
bob_doe = User.objects.get(username="******")
create_api_key(User, instance=bob_doe, created=True)
auth_request = auth.is_authenticated(request)
request.META["HTTP_AUTHORIZATION"] = python_digest.build_authorization_request(
username=bob_doe.username,
method=request.method,
uri="/",
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(auth_request["WWW-Authenticate"]),
password=bob_doe.api_key.key,
)
auth_request = auth.is_authenticated(request)
self.assertFalse(auth_request)
def test_check_active_false(self):
auth = DigestAuthentication(require_active=False)
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
auth_request = auth.is_authenticated(request)
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
username=bob_doe.username,
method=request.method,
uri='/',
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(auth_request['WWW-Authenticate']),
password=bob_doe.api_key.key
)
auth_request = auth.is_authenticated(request)
self.assertTrue(auth_request, True)
def test_is_authenticated(self):
auth = DigestAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No HTTP Basic auth details should fail.
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# HttpUnauthorized with auth type and realm
self.assertEqual(auth_request['WWW-Authenticate'].find('Digest'), 0)
self.assertEqual(auth_request['WWW-Authenticate'].find(' realm="django-tastypie"') > 0, True)
self.assertEqual(auth_request['WWW-Authenticate'].find(' opaque=') > 0, True)
self.assertEqual(auth_request['WWW-Authenticate'].find('nonce=') > 0, True)
# Wrong basic auth details.
request.META['HTTP_AUTHORIZATION'] = 'abcdefg'
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# No password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode('daniel'.encode('utf-8')).decode('utf-8')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Wrong user/password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode('daniel:pass'.encode('utf-8')).decode('utf-8')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Correct user/password.
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
username=john_doe.username,
method=request.method,
uri='/',
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(auth_request['WWW-Authenticate']),
password=john_doe.api_key.key
)
auth_request = auth.is_authenticated(request)
self.assertEqual(auth_request, True)