def digest_challenge_response(app, qop, algorithm, stale=False): response = app.make_response('') response.status_code = 401 # RFC2616 Section4.2: HTTP headers are ASCII. That means # request.remote_addr was originally ASCII, so I should be able to # encode it back to ascii. Also, RFC2617 says about nonces: "The # contents of the nonce are implementation dependent" nonce = H( b''.join([ getattr(request, 'remote_addr', u'').encode('ascii'), b':', str(time.time()).encode('ascii'), b':', os.urandom(10) ]), "MD5") opaque = H(os.urandom(10), "MD5") auth = WWWAuthenticate("digest") auth.set_digest('*****@*****.**', nonce, opaque=opaque, qop=('auth', 'auth-int') if qop is None else (qop, ), algorithm=algorithm) auth.stale = stale response.headers['WWW-Authenticate'] = auth.to_header() return response
def digest_auth(qop=None, user='******', passwd='passwd'): """Prompts the user for authorization using HTTP Digest auth""" if qop not in ('auth', 'auth-int'): qop = None if 'Authorization' not in request.headers or \ not check_digest_auth(user, passwd) or \ not 'Cookie' in request.headers: response = app.make_response('') response.status_code = 401 # RFC2616 Section4.2: HTTP headers are ASCII. That means # request.remote_addr was originally ASCII, so I should be able to # encode it back to ascii. Also, RFC2617 says about nonces: "The # contents of the nonce are implementation dependent" nonce = H(b''.join([ getattr(request,'remote_addr',u'').encode('ascii'), b':', str(time.time()).encode('ascii'), b':', os.urandom(10) ])) opaque = H(os.urandom(10)) auth = WWWAuthenticate("digest") auth.set_digest('*****@*****.**', nonce, opaque=opaque, qop=('auth', 'auth-int') if qop is None else (qop, )) response.headers['WWW-Authenticate'] = auth.to_header() response.headers['Set-Cookie'] = 'fake=fake_value' return response return jsonify(authenticated=True, user=user)
def digest_auth(qop=None, user='******', passwd='passwd'): """Prompts the user for authorization using HTTP Digest auth""" if qop not in ('auth', 'auth-int'): qop = None if 'Authorization' not in request.headers or \ not check_digest_auth(user, passwd) or \ not 'Cookie' in request.headers: response = app.make_response('') response.status_code = 401 # RFC2616 Section4.2: HTTP headers are ASCII. That means # request.remote_addr was originally ASCII, so I should be able to # encode it back to ascii. Also, RFC2617 says about nonces: "The # contents of the nonce are implementation dependent" nonce = H(b''.join([ getattr(request,'remote_addr',u'').encode('ascii'), b':', str(time.time()).encode('ascii'), b':', os.urandom(10) ])) opaque = H(os.urandom(10)) auth = WWWAuthenticate("digest") auth.set_digest('*****@*****.**', nonce, opaque=opaque, qop=('auth', 'auth-int') if qop is None else (qop, )) response.headers['WWW-Authenticate'] = auth.to_header() response.headers['Set-Cookie'] = 'fake=fake_value' return response return jsonify(authenticated=True, user=user)
def digest_auth(qop=None, user="******", passwd="passwd"): """Prompts the user for authorization using HTTP Digest auth""" if qop not in ("auth", "auth-int"): qop = None if not request.headers.get("Authorization"): response = app.make_response("") response.status_code = 401 # RFC2616 Section4.2: HTTP headers are ASCII. That means # request.remote_addr was originally ASCII, so I should be able to # encode it back to ascii. Also, RFC2617 says about nonces: "The # contents of the nonce are implementation dependent" nonce = H( b"".join( [ getattr(request, "remote_addr", u"").encode("ascii"), b":", str(time.time()).encode("ascii"), b":", os.urandom(10), ] ) ) opaque = H(os.urandom(10)) auth = WWWAuthenticate("digest") auth.set_digest( "*****@*****.**", nonce, opaque=opaque, qop=("auth", "auth-int") if qop is None else (qop,) ) response.headers["WWW-Authenticate"] = auth.to_header() response.headers["Set-Cookie"] = "fake=fake_value" return response elif not (check_digest_auth(user, passwd) and request.headers.get("Cookie")): return status_code(401) return jsonify(authenticated=True, user=user)
def digest_auth(qop=None, user='******', passwd='passwd', checkCookie=True): """Prompts the user for authorization using HTTP Digest auth""" if qop not in ('auth', 'auth-int'): qop = None try: remoteAddr = request.remote_addr or u'' authInHeaders = 'Authorization' in request.headers digestCheck = authInHeaders and request.headers.get( 'Authorization').startswith('Digest ') authCheck = authInHeaders and digestCheck and check_digest_auth( user, passwd) if not all([authInHeaders, digestCheck, authCheck]): # RFC2616 Section4.2: HTTP headers are ASCII. That means # request.remote_addr was originally ASCII, so I should be able to # encode it back to ascii. Also, RFC2617 says about nonces: "The # contents of the nonce are implementation dependent" nonce = H(b':'.join([ remoteAddr.encode('ascii'), str(time.time()).encode('ascii'), os.urandom(10) ])) opaque = H(os.urandom(10)) response = app.make_response( jsonify(authenticated=False, user=user, authInHeaders=authInHeaders, digestCheck=digestCheck, authCheck=authCheck, headers=dict(request.headers))) response.status_code = 401 auth = WWWAuthenticate("digest") auth.set_digest('*****@*****.**', nonce, opaque=opaque, qop=('auth', 'auth-int') if qop is None else (qop, )) response.headers['WWW-Authenticate'] = auth.to_header() if checkCookie is True: response.headers['Set-Cookie'] = 'auth=%s' % remoteAddr return response elif checkCookie is True and request.cookies.get('auth') != remoteAddr: # check for auth challange cookie per https://github.com/Runscope/httpbin/issues/124 response = app.make_response( 'Missing the cookie set in the 401 response. ' 'This client seems broken. To bypass this check use the digest-auth-nocookie route.' ) response.status_code = 403 return response except Exception as e: response = app.make_response('Error: %s' % str(e)) response.status_code = 500 return response return jsonify(authenticated=True, user=user)
def test_unauthorized_www_authenticate(): basic = WWWAuthenticate() basic.set_basic("test") digest = WWWAuthenticate() digest.set_digest("test", "test") exc = exceptions.Unauthorized(www_authenticate=basic) h = dict(exc.get_headers({})) assert h['WWW-Authenticate'] == str(basic) exc = exceptions.Unauthorized(www_authenticate=[digest, basic]) h = dict(exc.get_headers({})) assert h['WWW-Authenticate'] == ', '.join((str(digest), str(basic)))
def test_unauthorized_www_authenticate(): basic = WWWAuthenticate() basic.set_basic("test") digest = WWWAuthenticate() digest.set_digest("test", "test") exc = exceptions.Unauthorized(www_authenticate=basic) h = dict(exc.get_headers({})) assert h["WWW-Authenticate"] == str(basic) exc = exceptions.Unauthorized(www_authenticate=[digest, basic]) h = dict(exc.get_headers({})) assert h["WWW-Authenticate"] == ", ".join((str(digest), str(basic)))
def test_unauthorized_www_authenticate(): basic = WWWAuthenticate() basic.set_basic("test") digest = WWWAuthenticate() digest.set_digest("test", "test") exc = exceptions.Unauthorized(www_authenticate=basic) h = Headers(exc.get_headers({})) assert h["WWW-Authenticate"] == str(basic) exc = exceptions.Unauthorized(www_authenticate=[digest, basic]) h = Headers(exc.get_headers({})) assert h.get_all("WWW-Authenticate") == [str(digest), str(basic)] exc = exceptions.Unauthorized() h = Headers(exc.get_headers({})) assert "WWW-Authenticate" not in h
def digest_auth(qop=None, user='******', passwd='passwd', checkCookie=True): """Prompts the user for authorization using HTTP Digest auth""" if qop not in ('auth', 'auth-int'): qop = None try: remoteAddr = request.remote_addr or u'' authInHeaders = 'Authorization' in request.headers digestCheck = authInHeaders and request.headers.get('Authorization').startswith('Digest ') authCheck = authInHeaders and digestCheck and check_digest_auth(user, passwd) if not all([authInHeaders, digestCheck, authCheck]): # RFC2616 Section4.2: HTTP headers are ASCII. That means # request.remote_addr was originally ASCII, so I should be able to # encode it back to ascii. Also, RFC2617 says about nonces: "The # contents of the nonce are implementation dependent" nonce = H(b':'.join([ remoteAddr.encode('ascii'), str(time.time()).encode('ascii'), os.urandom(10) ])) opaque = H(os.urandom(10)) response = app.make_response(jsonify( authenticated=False, user=user, authInHeaders=authInHeaders, digestCheck=digestCheck, authCheck=authCheck, headers=dict(request.headers))) response.status_code = 401 auth = WWWAuthenticate("digest") auth.set_digest('*****@*****.**', nonce, opaque=opaque, qop=('auth', 'auth-int') if qop is None else (qop, )) response.headers['WWW-Authenticate'] = auth.to_header() if checkCookie is True: response.headers['Set-Cookie'] = 'auth=%s' % remoteAddr return response elif checkCookie is True and request.cookies.get('auth') != remoteAddr: # check for auth challange cookie per https://github.com/Runscope/httpbin/issues/124 response = app.make_response('Missing the cookie set in the 401 response. ' 'This client seems broken. To bypass this check use the digest-auth-nocookie route.') response.status_code = 403 return response except Exception as e: response = app.make_response('Error: %s' % str(e)) response.status_code = 500 return response return jsonify(authenticated=True, user=user)
def digest_auth(qop=None, user="******", passwd="passwd"): """Prompts the user for authorization using HTTP Digest auth""" if qop not in ("auth", "auth-int"): qop = None if not request.headers.get("Authorization"): response = app.make_response("") response.status_code = 401 nonce = H("%s:%d:%s" % (request.remote_addr, time.time(), os.urandom(10))) opaque = H(os.urandom(10)) auth = WWWAuthenticate("digest") auth.set_digest( "*****@*****.**", nonce, opaque=opaque, qop=("auth", "auth-int") if qop is None else (qop,) ) response.headers["WWW-Authenticate"] = auth.to_header() return response elif not check_digest_auth(user, passwd): return status_code(401) return jsonify(authenticated=True, user=user)
def digest_auth(qop=None, user='******', passwd='passwd'): """Prompts the user for authorization using HTTP Digest auth""" if qop not in ('auth', 'auth-int'): qop = None if not request.headers.get('Authorization'): response = app.make_response('') response.status_code = 401 nonce = H("%s:%d:%s" % (request.remote_addr, time.time(), os.urandom(10))) opaque = H(os.urandom(10)) auth = WWWAuthenticate("digest") auth.set_digest('*****@*****.**', nonce, opaque=opaque, qop=('auth', 'auth-int') if qop is None else (qop, )) response.headers['WWW-Authenticate'] = auth.to_header() return response elif not check_digest_auth(user, passwd): return status_code(403) return jsonify(authenticated=True, user=user)
def digest_auth(qop=None, user='******', passwd='passwd'): """Prompts the user for authorization using HTTP Digest auth""" if qop not in ('auth', 'auth-int'): qop = None if not request.headers.get('Authorization'): response = app.make_response('') response.status_code = 401 nonce = H("%s:%d:%s" % (request.remote_addr, time.time(), os.urandom(10))) opaque = H(os.urandom(10)) auth = WWWAuthenticate("digest") auth.set_digest('*****@*****.**', nonce, opaque=opaque, qop=('auth', 'auth-int') if qop is None else (qop, )) response.headers['WWW-Authenticate'] = auth.to_header() return response elif not check_digest_auth(user, passwd): return status_code(403) return dict(authenticated=True, user=user)
def digest_challenge_response(app, qop, algorithm, stale = False): response = app.make_response('') response.status_code = 401 # RFC2616 Section4.2: HTTP headers are ASCII. That means # request.remote_addr was originally ASCII, so I should be able to # encode it back to ascii. Also, RFC2617 says about nonces: "The # contents of the nonce are implementation dependent" nonce = H(b''.join([ getattr(request, 'remote_addr', u'').encode('ascii'), b':', str(time.time()).encode('ascii'), b':', os.urandom(10) ]), algorithm) opaque = H(os.urandom(10), algorithm) auth = WWWAuthenticate("digest") auth.set_digest('*****@*****.**', nonce, opaque=opaque, qop=('auth', 'auth-int') if qop is None else (qop,), algorithm=algorithm) auth.stale = stale response.headers['WWW-Authenticate'] = auth.to_header() return response