class Controller(object):
def __init__(self):
self.authentication = Authentication(database)
self.request = request
self.render = render_template
self.abort = abort
self.request = request
self.redirect = redirect
self.url_for = url_for
@staticmethod
def authentication_required(view_function):
def decorator(self, *args, **kwargs):
if not self.user_is_authenticated():
return self.prompt_for_password()
return view_function(self, *args, **kwargs)
return decorator
def user_is_authenticated(self):
request_header = request.headers.get('Authorization')
if not self.authentication.is_valid_authentication_format(request_header):
return False
encoded_credentials = self.authentication.extract_encoded_credentials(request_header)
decoded_credentials = self.authentication.decode_credentials(encoded_credentials)
credentials = self.authentication.split_credentials(decoded_credentials)
return self.authentication.verify_credentials(credentials['username'], credentials['password'])
def prompt_for_password(self):
response = make_response(self.render('admin/unauthenticated.html'), 401)
response_header = self.authentication.authenticate_response_header()
response.headers['WWW-Authenticate'] = response_header
return response
def test_authentication_controller_returns_true_if_authorization_value_has_one_colon(self):
authentication_controller = Authentication()
header_value = 'Basic dmFsaWQ6Y3JlZGVudGlhbA==' # valid:credential
self.assertEqual(authentication_controller.is_valid_authentication_format(header_value), True)
def test_authentication_controller_returns_false_if_authorization_value_is_missing_username(self):
authentication_controller = Authentication()
header_value = 'Basic OnBhc3N3b3Jk' # :password
self.assertEqual(authentication_controller.is_valid_authentication_format(header_value), False)
def test_authentication_controller_returns_false_if_authorization_value_is_missing_password(self):
authentication_controller = Authentication()
header_value = 'Basic dXNlcm5hbWU6' # username:
self.assertEqual(authentication_controller.is_valid_authentication_format(header_value), False)
def test_authentication_controller_returns_false_if_authorization_value_has_multiple_colons(self):
authentication_controller = Authentication()
header_value = 'Basic dG9vLW1hbnk6OmNvbG9ucw==' # too-many::colons
self.assertEqual(authentication_controller.is_valid_authentication_format(header_value), False)
def test_authentication_controller_returns_false_if_authorization_value_is_missing_colon(self):
authentication_controller = Authentication()
header_value = 'Basic bWlzc2luZztjb2xvbg==' # missing;colon
self.assertEqual(authentication_controller.is_valid_authentication_format(header_value), False)
def test_authentication_controller_returns_false_if_authorization_value_is_none(self):
authentication_controller = Authentication()
header_value = None
self.assertEqual(authentication_controller.is_valid_authentication_format(header_value), False)
def test_authentication_controller_returns_false_if_authorization_value_contains_spaces_in_encoded_credentials(self):
authentication_controller = Authentication()
header_value = 'Basic dmFsaWQ6Y3 JlZGVudGlhbA==' # valid:credential (with space)
self.assertEqual(authentication_controller.is_valid_authentication_format(header_value), False)
def test_authentication_controller_returns_false_if_authorization_value_is_not_prefixed_with_basic(self):
authentication_controller = Authentication()
header_value = 'Advanced dmFsaWQ6Y3JlZGVudGlhbA==' # valid:credential
self.assertEqual(authentication_controller.is_valid_authentication_format(header_value), False)