def test_identify_with_mismatched_realm(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
params = get_challenge(plugin, environ)
params["realm"] = "SomeOtherRealm"
build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.identify(environ), None)
def test_remember_with_next_nonce(self):
plugin = DigestAuthPlugin("test", nonce_manager=EasyNonceManager())
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
headers = plugin.remember(environ, params)
self.assertEquals(headers[0][0], "Authentication-Info")
def test_auth_good_legacy_mode(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/legacy")
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing", qop=None)
self.failIf("qop" in params)
self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_challenge_with_other_status(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
app = plugin.challenge(environ, "200 OK", [], [])
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
def test_identify_with_mismatched_realm(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
params = get_challenge(plugin, environ)
params["realm"] = "SomeOtherRealm"
build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.identify(environ), None)
def test_challenge_with_other_status(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
app = plugin.challenge(environ, "200 OK", [], [])
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
def test_auth_with_failed_password_lookup(self):
plugin = DigestAuthPlugin("test", get_pwdhash=lambda u, r: None)
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertNotEquals(plugin.identify(environ), None)
self.assertRaises(ValueError, plugin.authenticate, environ, params)
def test_auth_good_get_with_vars(self):
pwdhash = calculate_pwdhash("tester", "testing", "test")
plugin = DigestAuthPlugin("test", get_pwdhash=lambda u, r: pwdhash)
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/hi?who=me")
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_auth_with_bad_digest_response(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
params["response"] += "WRONG"
self.assertEquals(plugin.authenticate(environ, params), None)
def test_auth_good_legacy_mode(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/legacy")
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing", qop=None)
self.failIf("qop" in params)
self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_auth_with_different_realm(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
params = get_challenge(plugin, environ)
params["realm"] = "other-realm"
params = build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.authenticate(environ, params), None)
def test_remember_with_next_nonce(self):
plugin = DigestAuthPlugin("test", nonce_manager=EasyNonceManager())
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
headers = plugin.remember(environ, params)
self.assertEquals(headers[0][0], "Authentication-Info")
def test_auth_with_different_realm(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
params = get_challenge(plugin, environ)
params["realm"] = "other-realm"
params = build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.authenticate(environ, params), None)
def test_auth_good_get_with_vars(self):
pwdhash = calculate_pwdhash("tester", "testing", "test")
plugin = DigestAuthPlugin("test", get_pwdhash=lambda u, r: pwdhash)
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/hi?who=me")
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_auth_with_bad_digest_response(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
params["response"] += "WRONG"
self.assertEquals(plugin.authenticate(environ, params), None)
def test_rfc2617_example(self):
plugin = DigestAuthPlugin("*****@*****.**",
nonce_manager=EasyNonceManager())
# Calculate the response according to the RFC example parameters.
password = "******"
params = {
"username": "******",
"realm": "*****@*****.**",
"nonce": "dcd98b7102dd2f0e8b11d0f600bfb0c093",
"uri": "/dir/index.html",
"qop": "auth",
"nc": "00000001",
"cnonce": "0a4f113b",
"opaque": "5ccc069c403ebaf9f0171e9517f40e41",
"request-method": "GET",
}
resp = calculate_digest_response(params, password=password)
# Check that it's as expected
self.assertEquals(resp, "6629fae49393a05397450978507c4ef1")
# Check that we can auth using it.
params["response"] = resp
authz = ",".join('%s="%s"' % v for v in params.iteritems())
environ = make_environ(REQUEST_METHOD="GET",
PATH_INFO="/dir/index.html",
HTTP_AUTHORIZATION="Digest " + authz)
identity = plugin.identify(environ)
self.assertEquals(identity["username"], "Mufasa")
def test_auth_with_failed_password_lookup(self):
plugin = DigestAuthPlugin("test", get_pwdhash=lambda u, r: None)
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertNotEquals(plugin.identify(environ), None)
self.assertRaises(ValueError, plugin.authenticate, environ, params)
def test_auth_with_missing_nonce(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
del params["nonce"]
self.assertNotEquals(plugin.identify(environ), None)
self.assertRaises(KeyError, plugin.authenticate, environ, params)
def test_identify_with_mismatched_uri(self):
plugin = DigestAuthPlugin("test")
environ = make_environ(PATH_INFO="/path_one")
params = get_challenge(plugin, environ)
build_response(environ, params, "tester", "testing")
self.assertNotEquals(plugin.identify(environ), None)
environ["PATH_INFO"] = "/path_two"
self.assertEquals(plugin.identify(environ), None)
def test_challenge_with_extra_domains(self):
plugin = DigestAuthPlugin("test", domain="http://example.com")
environ = make_environ()
app = plugin.challenge(environ, "200 OK", [], [])
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("http://example.com" in response)
def test_challenge(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
app = plugin.challenge(environ, "401 Unauthorized", [], [])
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("WWW-Authenticate: Digest" in response)
def test_challenge(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
app = plugin.challenge(environ, "401 Unauthorized", [], [])
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("WWW-Authenticate: Digest" in response)
def test_challenge_with_extra_domains(self):
plugin = DigestAuthPlugin("test", domain="http://example.com")
environ = make_environ()
app = plugin.challenge(environ, "200 OK", [], [])
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("http://example.com" in response)
def test_identify_with_non_digest_authz(self):
plugin = DigestAuthPlugin("test")
environ = make_environ(HTTP_AUTHORIZATION="Basic lalalala")
identity = plugin.identify(environ)
self.assertEquals(identity, None)
environ = make_environ(HTTP_AUTHORIZATION="BrowserID assertion=1234")
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_auth_with_missing_nonce(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
del params["nonce"]
self.assertNotEquals(plugin.identify(environ), None)
self.assertRaises(KeyError, plugin.authenticate, environ, params)
def test_identify_with_mismatched_uri(self):
plugin = DigestAuthPlugin("test")
environ = make_environ(PATH_INFO="/path_one")
params = get_challenge(plugin, environ)
build_response(environ, params, "tester", "testing")
self.assertNotEquals(plugin.identify(environ), None)
environ["PATH_INFO"] = "/path_two"
self.assertEquals(plugin.identify(environ), None)
def test_auth_with_invalid_content_md5(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/authint", HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing", qop="auth-int")
params["content-md5"] = "8baNZjN6gc+g0gdhccuiqA=="
self.assertNotEquals(plugin.identify(environ), None)
self.assertEquals(plugin.authenticate(environ, params), None)
def test_identify_with_non_digest_authz(self):
plugin = DigestAuthPlugin("test")
environ = make_environ(HTTP_AUTHORIZATION="Basic lalalala")
identity = plugin.identify(environ)
self.assertEquals(identity, None)
environ = make_environ(HTTP_AUTHORIZATION="BrowserID assertion=1234")
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_auth_with_unknown_qop(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
authz = environ["HTTP_AUTHORIZATION"].replace("auth", "super-duper")
environ["HTTP_AUTHORIZATION"] = authz
self.assertEquals(plugin.identify(environ), None)
params["qop"] = "super-duper"
self.assertRaises(ValueError, plugin.authenticate, environ, params)
def test_auth_with_unknown_qop(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
authz = environ["HTTP_AUTHORIZATION"].replace("auth", "super-duper")
environ["HTTP_AUTHORIZATION"] = authz
self.assertEquals(plugin.identify(environ), None)
params["qop"] = "super-duper"
self.assertRaises(ValueError, plugin.authenticate, environ, params)
def test_identify_with_bad_noncecount(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/one")
# Do an initial auth to get the nonce.
params = get_challenge(plugin, environ)
build_response(environ, params, "tester", "testing", nc="01")
identity = plugin.identify(environ)
self.assertNotEquals(identity, None)
plugin.remember(environ, identity)
# Authing without increasing nc will fail.
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(environ, params, "tester", "testing", nc="01")
self.assertEquals(plugin.identify(environ), None)
# Authing with a badly-formed nc will fail
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(environ, params, "tester", "testing", nc="02XXX")
self.assertEquals(plugin.identify(environ), None)
# Authing with a badly-formed nc will fail
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(environ, params, "tester", "testing", nc="02XXX")
self.assertEquals(plugin.identify(environ), None)
# Authing with increasing nc will succeed.
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(environ, params, "tester", "testing", nc="02")
self.assertNotEquals(plugin.identify(environ), None)
def test_auth_good_authint_mode(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="GET",
PATH_INFO="/authint",
HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
params = get_challenge(plugin, environ)
params = build_response(environ,
params,
"tester",
"testing",
qop="auth-int")
self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_auth_with_invalid_content_md5(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="GET",
PATH_INFO="/authint",
HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
params = get_challenge(plugin, environ)
params = build_response(environ,
params,
"tester",
"testing",
qop="auth-int")
params["content-md5"] = "8baNZjN6gc+g0gdhccuiqA=="
self.assertNotEquals(plugin.identify(environ), None)
self.assertEquals(plugin.authenticate(environ, params), None)
def test_identify_with_bad_noncecount(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/one")
# Do an initial auth to get the nonce.
params = get_challenge(plugin, environ)
build_response(environ, params, "tester", "testing", nc="01")
identity = plugin.identify(environ)
self.assertNotEquals(identity, None)
plugin.remember(environ, identity)
# Authing without increasing nc will fail.
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(environ, params, "tester", "testing", nc="01")
self.assertEquals(plugin.identify(environ), None)
# Authing with a badly-formed nc will fail
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(environ, params, "tester", "testing", nc="02XXX")
self.assertEquals(plugin.identify(environ), None)
# Authing with a badly-formed nc will fail
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(environ, params, "tester", "testing", nc="02XXX")
self.assertEquals(plugin.identify(environ), None)
# Authing with increasing nc will succeed.
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(environ, params, "tester", "testing", nc="02")
self.assertNotEquals(plugin.identify(environ), None)
def test_challenge_with_stale_nonce(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
# Identify with a bad nonce to mark it as stale.
params = get_challenge(plugin, environ)
params["nonce"] += "STALE"
params = build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.identify(environ), None)
# The challenge should then include stale=TRUE
app = plugin.challenge(environ, "200 OK", [], [])
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless('stale="TRUE"' in response)
def test_challenge_with_stale_nonce(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
# Identify with a bad nonce to mark it as stale.
params = get_challenge(plugin, environ)
params["nonce"] += "STALE"
params = build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.identify(environ), None)
# The challenge should then include stale=TRUE
app = plugin.challenge(environ, "200 OK", [], [])
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless('stale="TRUE"' in response)
def test_challenge_with_extra_headers(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
app_headers = [("X-Test-One", "test1")]
forget_headers = [("X-Test-Two", "test2")]
app = plugin.challenge(environ, "401 Unauthorized", app_headers, forget_headers)
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("WWW-Authenticate: Digest" in response)
self.failUnless("X-Test-One" in response)
self.failUnless("test1" in response)
self.failUnless("X-Test-Two" in response)
self.failUnless("test2" in response)
def test_challenge_with_extra_headers(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
app_headers = [("X-Test-One", "test1")]
forget_headers = [("X-Test-Two", "test2")]
app = plugin.challenge(environ, "401 Unauthorized", app_headers,
forget_headers)
self.assertNotEqual(app, None)
response = get_response(app, environ)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("WWW-Authenticate: Digest" in response)
self.failUnless("X-Test-One" in response)
self.failUnless("test1" in response)
self.failUnless("X-Test-Two" in response)
self.failUnless("test2" in response)
def test_rfc2617_example(self):
plugin = DigestAuthPlugin("*****@*****.**", nonce_manager=EasyNonceManager())
# Calculate the response according to the RFC example parameters.
password = "******"
params = {
"username": "******",
"realm": "*****@*****.**",
"nonce": "dcd98b7102dd2f0e8b11d0f600bfb0c093",
"uri": "/dir/index.html",
"qop": "auth",
"nc": "00000001",
"cnonce": "0a4f113b",
"opaque": "5ccc069c403ebaf9f0171e9517f40e41",
"request-method": "GET",
}
resp = calculate_digest_response(params, password=password)
# Check that it's as expected
self.assertEquals(resp, "6629fae49393a05397450978507c4ef1")
# Check that we can auth using it.
params["response"] = resp
authz = ",".join('%s="%s"' % v for v in params.iteritems())
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/dir/index.html", HTTP_AUTHORIZATION="Digest " + authz)
identity = plugin.identify(environ)
self.assertEquals(identity["username"], "Mufasa")
def test_remember_with_no_next_nonce(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.remember(environ, params), None)
def test_remember_with_no_identity(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
self.assertEquals(plugin.remember(environ, {}), None)
def test_identify_with_invalid_params(self):
plugin = DigestAuthPlugin("test")
environ = make_environ(HTTP_AUTHORIZATION="Digest realm=Sync")
self.assertEquals(plugin.identify(environ), None)
def test_auth_good_post(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="POST", PATH_INFO="/do/stuff")
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_identify_with_invalid_params(self):
plugin = DigestAuthPlugin("test")
environ = make_environ(HTTP_AUTHORIZATION="Digest realm=Sync")
self.assertEquals(plugin.identify(environ), None)
def test_auth_good_post(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="POST", PATH_INFO="/do/stuff")
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_auth_with_no_password_callbacks(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.authenticate(environ, params), None)
def test_auth_good_authint_mode(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/authint", HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing", qop="auth-int")
self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_auth_with_no_identity(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
self.assertEquals(plugin.authenticate(environ, {}), None)
def test_auth_with_no_password_callbacks(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.authenticate(environ, params), None)
def test_remember_with_no_identity(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
self.assertEquals(plugin.remember(environ, {}), None)
def test_auth_with_no_identity(self):
plugin = DigestAuthPlugin("test", get_password=lambda u: "testing")
environ = make_environ()
self.assertEquals(plugin.authenticate(environ, {}), None)
def test_remember_with_no_next_nonce(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
params = get_challenge(plugin, environ)
params = build_response(environ, params, "tester", "testing")
self.assertEquals(plugin.remember(environ, params), None)
def test_identify_with_no_authz(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_identify_with_no_authz(self):
plugin = DigestAuthPlugin("test")
environ = make_environ()
identity = plugin.identify(environ)
self.assertEquals(identity, None)
