def testDigest(self):
self.getPage('/digest/')
self.assertStatus(401)
value = None
for k, v in self.headers:
if k.lower() == 'www-authenticate':
if v.startswith('Digest'):
value = v
break
if value is None:
self._handlewebError(
'Digest authentification scheme was not found')
value = value[7:]
items = value.split(', ')
tokens = {}
for item in items:
key, value = item.split('=')
tokens[key.lower()] = value
missing_msg = '%s is missing'
bad_value_msg = "'%s' was expecting '%s' but found '%s'"
nonce = None
if 'realm' not in tokens:
self._handlewebError(missing_msg % 'realm')
elif tokens['realm'] != '"localhost"':
self._handlewebError(bad_value_msg %
('realm', '"localhost"', tokens['realm']))
if 'nonce' not in tokens:
self._handlewebError(missing_msg % 'nonce')
else:
nonce = tokens['nonce'].strip('"')
if 'algorithm' not in tokens:
self._handlewebError(missing_msg % 'algorithm')
elif tokens['algorithm'] != '"MD5"':
self._handlewebError(bad_value_msg %
('algorithm', '"MD5"', tokens['algorithm']))
if 'qop' not in tokens:
self._handlewebError(missing_msg % 'qop')
elif tokens['qop'] != '"auth"':
self._handlewebError(bad_value_msg %
('qop', '"auth"', tokens['qop']))
base_auth = 'Digest username="******", realm="wrong realm", nonce="%s", uri="/digest/", algorithm=MD5, response="%s", qop=auth, nc=%s, cnonce="1522e61005789929"'
auth = base_auth % (nonce, '', '00000001')
params = httpauth.parseAuthorization(auth)
response = httpauth._computeDigestResponse(params, 'test')
auth = base_auth % (nonce, response, '00000001')
self.getPage('/digest/', [('Authorization', auth)])
self.assertStatus(401)
base_auth = 'Digest username="******", realm="localhost", nonce="%s", uri="/digest/", algorithm=MD5, response="%s", qop=auth, nc=%s, cnonce="1522e61005789929"'
auth = base_auth % (nonce, '', '00000001')
params = httpauth.parseAuthorization(auth)
response = httpauth._computeDigestResponse(params, 'test')
auth = base_auth % (nonce, response, '00000001')
self.getPage('/digest/', [('Authorization', auth)])
self.assertStatus('200 OK')
self.assertBody("Hello test, you've been authorized.")
def testDigest(self):
self.getPage('/digest/')
self.assertStatus(401)
value = None
for k, v in self.headers:
if k.lower() == 'www-authenticate':
if v.startswith('Digest'):
value = v
break
if value is None:
self._handlewebError('Digest authentification scheme was not found')
value = value[7:]
items = value.split(', ')
tokens = {}
for item in items:
key, value = item.split('=')
tokens[key.lower()] = value
missing_msg = '%s is missing'
bad_value_msg = "'%s' was expecting '%s' but found '%s'"
nonce = None
if 'realm' not in tokens:
self._handlewebError(missing_msg % 'realm')
elif tokens['realm'] != '"localhost"':
self._handlewebError(bad_value_msg % ('realm', '"localhost"', tokens['realm']))
if 'nonce' not in tokens:
self._handlewebError(missing_msg % 'nonce')
else:
nonce = tokens['nonce'].strip('"')
if 'algorithm' not in tokens:
self._handlewebError(missing_msg % 'algorithm')
elif tokens['algorithm'] != '"MD5"':
self._handlewebError(bad_value_msg % ('algorithm', '"MD5"', tokens['algorithm']))
if 'qop' not in tokens:
self._handlewebError(missing_msg % 'qop')
elif tokens['qop'] != '"auth"':
self._handlewebError(bad_value_msg % ('qop', '"auth"', tokens['qop']))
base_auth = 'Digest username="******", realm="wrong realm", nonce="%s", uri="/digest/", algorithm=MD5, response="%s", qop=auth, nc=%s, cnonce="1522e61005789929"'
auth = base_auth % (nonce, '', '00000001')
params = httpauth.parseAuthorization(auth)
response = httpauth._computeDigestResponse(params, 'test')
auth = base_auth % (nonce, response, '00000001')
self.getPage('/digest/', [('Authorization', auth)])
self.assertStatus(401)
base_auth = 'Digest username="******", realm="localhost", nonce="%s", uri="/digest/", algorithm=MD5, response="%s", qop=auth, nc=%s, cnonce="1522e61005789929"'
auth = base_auth % (nonce, '', '00000001')
params = httpauth.parseAuthorization(auth)
response = httpauth._computeDigestResponse(params, 'test')
auth = base_auth % (nonce, response, '00000001')
self.getPage('/digest/', [('Authorization', auth)])
self.assertStatus('200 OK')
self.assertBody("Hello test, you've been authorized.")
def testDigest(self):
self.getPage("/digest/")
self.assertStatus(401)
value = None
for k, v in self.headers:
if k.lower() == "www-authenticate":
if v.startswith("Digest"):
value = v
break
if value is None:
self._handlewebError("Digest authentification scheme was not found")
value = value[7:]
items = value.split(", ")
tokens = {}
for item in items:
key, value = item.split("=")
tokens[key.lower()] = value
missing_msg = "%s is missing"
bad_value_msg = "'%s' was expecting '%s' but found '%s'"
nonce = None
if "realm" not in tokens:
self._handlewebError(missing_msg % "realm")
elif tokens["realm"] != '"localhost"':
self._handlewebError(bad_value_msg % ("realm", '"localhost"', tokens["realm"]))
if "nonce" not in tokens:
self._handlewebError(missing_msg % "nonce")
else:
nonce = tokens["nonce"].strip('"')
if "algorithm" not in tokens:
self._handlewebError(missing_msg % "algorithm")
elif tokens["algorithm"] != '"MD5"':
self._handlewebError(bad_value_msg % ("algorithm", '"MD5"', tokens["algorithm"]))
if "qop" not in tokens:
self._handlewebError(missing_msg % "qop")
elif tokens["qop"] != '"auth"':
self._handlewebError(bad_value_msg % ("qop", '"auth"', tokens["qop"]))
# Test a wrong 'realm' value
base_auth = (
"Digest "
'username="******", '
'realm="wrong realm", '
'nonce="%s", '
'uri="/digest/", '
"algorithm=MD5, "
'response="%s", '
"qop=auth, "
"nc=%s, "
'cnonce="1522e61005789929"'
)
auth = base_auth % (nonce, "", "00000001")
params = httpauth.parseAuthorization(auth)
response = httpauth._computeDigestResponse(params, "test")
auth = base_auth % (nonce, response, "00000001")
self.getPage("/digest/", [("Authorization", auth)])
self.assertStatus(401)
# Test that must pass
base_auth = (
"Digest "
'username="******", '
'realm="localhost", '
'nonce="%s", '
'uri="/digest/", '
"algorithm=MD5, "
'response="%s", '
"qop=auth, "
"nc=%s, "
'cnonce="1522e61005789929"'
)
auth = base_auth % (nonce, "", "00000001")
params = httpauth.parseAuthorization(auth)
response = httpauth._computeDigestResponse(params, "test")
auth = base_auth % (nonce, response, "00000001")
self.getPage("/digest/", [("Authorization", auth)])
self.assertStatus("200 OK")
self.assertBody("Hello test, you've been authorized.")
