def test_challenge(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
response = policy.challenge_view(request)
response = get_response(response, request)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("WWW-Authenticate: SRP-HMAC" in response)
def test_auth_good(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), "tester")
def test_challenge(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
response = policy.challenge_view(request)
response = get_response(response, request)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("WWW-Authenticate: SRP-HMAC" in response)
def test_auth_good_post(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request(REQUEST_METHOD="POST", PATH_INFO="/do/stuff")
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), "tester")
def test_auth_good_post(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request(REQUEST_METHOD="POST", PATH_INFO="/do/stuff")
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), "tester")
def test_auth_good(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), "tester")
def test_identify_with_mismatched_uri(self):
policy = SRPAuthenticationPolicy("test", get_password=get_password)
request = make_request(PATH_INFO="/path_one")
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "tester")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
request["PATH_INFO"] = "/path_two"
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_challenge_with_extra_domains(self):
policy = SRPAuthenticationPolicy("test", domain="http://example.com")
request = make_request()
app = policy.challenge_view(request)
self.assertNotEqual(app, None)
response = get_response(app, request)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("http://example.com" in response)
def test_auth_with_different_realm(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request, "tester")
params["realm"] = "other-realm"
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), None)
def test_challenge_with_extra_domains(self):
policy = SRPAuthenticationPolicy("test", domain="http://example.com")
request = make_request()
app = policy.challenge_view(request)
self.assertNotEqual(app, None)
response = get_response(app, request)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless("http://example.com" in response)
def test_identify_with_mismatched_uri(self):
policy = SRPAuthenticationPolicy("test", get_password=get_password)
request = make_request(PATH_INFO="/path_one")
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "tester")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
request["PATH_INFO"] = "/path_two"
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_auth_with_different_realm(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request, "tester")
params["realm"] = "other-realm"
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), None)
def test_auth_good_contentmd5(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/authint",
HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
params = get_challenge(policy, request, "tester")
params = build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), "tester")
def test_auth_with_bad_hmac_response(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request, "tester")
params = build_response(params, request, "tester", "testing")
params["response"] = "WRONG"
set_authz_header(request, params)
self.assertEquals(policy.authenticated_userid(request), None)
def test_remember_with_next_nonce(self):
policy = SRPAuthenticationPolicy("test",
get_password=get_password,
nonce_manager=EasyNonceManager())
request = make_request()
params = get_challenge(policy, request, "tester")
params = build_response(params, request, "tester", "tester")
headers = policy.remember(request, "tester")
self.assertEquals(headers[0][0], "Authentication-Info")
def test_remember_with_next_nonce(self):
policy = SRPAuthenticationPolicy("test",
get_password=get_password,
nonce_manager=EasyNonceManager())
request = make_request()
params = get_challenge(policy, request, "tester")
params = build_response(params, request, "tester", "tester")
headers = policy.remember(request, "tester")
self.assertEquals(headers[0][0], "Authentication-Info")
def test_auth_good_contentmd5(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request(REQUEST_METHOD="GET",
PATH_INFO="/authint",
HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==")
params = get_challenge(policy, request, "tester")
params = build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), "tester")
def test_auth_with_bad_hmac_response(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request, "tester")
params = build_response(params, request, "tester", "testing")
params["response"] = "WRONG"
set_authz_header(request, params)
self.assertEquals(policy.authenticated_userid(request), None)
def test_auth_with_missing_nonce(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
del params["nonce"]
set_authz_header(request, params)
self.assertEquals(policy.unauthenticated_userid(request), None)
self.assertRaises(KeyError, policy._authenticate, params, request)
def test_auth_with_missing_nonce(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
del params["nonce"]
set_authz_header(request, params)
self.assertEquals(policy.unauthenticated_userid(request), None)
self.assertRaises(KeyError, policy._authenticate, params, request)
def test_challenge_with_stale_nonce(self):
policy = SRPAuthenticationPolicy("test", get_password=get_password)
request = make_request()
# Identify with a bad nonce to mark it as stale.
params = get_challenge(policy, request, "tester")
params["nonce"] += "STALE"
params = build_response(params, request, "tester", "testing")
self.assertEquals(policy.unauthenticated_userid(request), None)
# The challenge should then include stale=TRUE
app = policy.challenge_view(request)
self.assertNotEqual(app, None)
response = get_response(app, request)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless('stale="TRUE"' in response)
def test_challenge_with_stale_nonce(self):
policy = SRPAuthenticationPolicy("test", get_password=get_password)
request = make_request()
# Identify with a bad nonce to mark it as stale.
params = get_challenge(policy, request, "tester")
params["nonce"] += "STALE"
params = build_response(params, request, "tester", "testing")
self.assertEquals(policy.unauthenticated_userid(request), None)
# The challenge should then include stale=TRUE
app = policy.challenge_view(request)
self.assertNotEqual(app, None)
response = get_response(app, request)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless('stale="TRUE"' in response)
def test_auth_good_get_with_vars(self):
def get_verifier(username):
params = {
"username": username,
"algorithm": "SRP-1024-SHA1",
"salt": "SALTIPUS REX",
}
verifier = calculate_verifier(params, "testing")
return (params["algorithm"], params["salt"], verifier)
policy = SRPAuthenticationPolicy("test", get_verifier=get_verifier)
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/hi?who=me")
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), "tester")
def test_auth_good_get_with_vars(self):
def get_verifier(username):
params = {
"username": username,
"algorithm": "SRP-1024-SHA1",
"salt": "SALTIPUS REX",
}
verifier = calculate_verifier(params, "testing")
return (params["algorithm"], params["salt"], verifier)
policy = SRPAuthenticationPolicy("test", get_verifier=get_verifier)
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/hi?who=me")
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), "tester")
def test_from_settings(self):
def ref(class_name):
return __name__ + ":" + class_name
policy = SRPAuthenticationPolicy.from_settings(
realm="test",
nonce_manager=ref("EasyNonceManager"),
domain="http://example.com",
get_verifier=ref("get_verifier"),
get_password=ref("get_password"))
self.assertEquals(policy.realm, "test")
self.assertEquals(policy.domain, "http://example.com")
self.failUnless(isinstance(policy.nonce_manager, EasyNonceManager))
self.failUnless(policy.get_verifier is get_verifier)
self.failUnless(policy.get_password is get_password)
def test_from_settings(self):
def ref(class_name):
return __name__ + ":" + class_name
policy = SRPAuthenticationPolicy.from_settings(
realm="test",
nonce_manager=ref("EasyNonceManager"),
domain="http://example.com",
get_verifier=ref("get_verifier"),
get_password=ref("get_password"))
self.assertEquals(policy.realm, "test")
self.assertEquals(policy.domain, "http://example.com")
self.failUnless(isinstance(policy.nonce_manager, EasyNonceManager))
self.failUnless(policy.get_verifier is get_verifier)
self.failUnless(policy.get_password is get_password)
def test_identify_with_bad_noncecount(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/one")
# Do an initial auth to get the nonce.
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing", nc="01")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
# Authing without increasing nc will fail.
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="01")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with a badly-formed nc will fail
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02XXX")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with a badly-formed nc will fail
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02XXX")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with increasing nc will succeed.
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_bad_noncecount(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/one")
# Do an initial auth to get the nonce.
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing", nc="01")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
# Authing without increasing nc will fail.
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="01")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with a badly-formed nc will fail
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02XXX")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with a badly-formed nc will fail
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02XXX")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with increasing nc will succeed.
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_invalid_params(self):
policy = SRPAuthenticationPolicy("test")
request = make_request(HTTP_AUTHORIZATION="SRP-HMAC realm=Sync")
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_remember_with_no_next_nonce(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
params = get_challenge(policy, request, "tester")
params = build_response(params, request, "tester", "testing")
self.assertEquals(policy.remember(request, "tester"), None)
def test_remember_with_no_authorization(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
self.assertEquals(policy.remember(request, "user"), None)
def test_auth_with_no_identity(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
self.assertEquals(policy.authenticated_userid(request), None)
def test_auth_with_no_password_callbacks(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), None)
def test_remember_with_no_authorization(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
self.assertEquals(policy.remember(request, "user"), None)
def test_auth_with_no_identity(self):
policy = SRPAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request()
self.assertEquals(policy.authenticated_userid(request), None)
def test_remember_with_no_next_nonce(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
params = get_challenge(policy, request, "tester")
params = build_response(params, request, "tester", "testing")
self.assertEquals(policy.remember(request, "tester"), None)
def test_identify_with_no_authz(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_no_authz(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_non_digest_authz(self):
policy = SRPAuthenticationPolicy("test")
request = make_request(HTTP_AUTHORIZATION="Basic lalalala")
self.assertEquals(policy.unauthenticated_userid(request), None)
request = make_request(HTTP_AUTHORIZATION="BrowserID assertion=1234")
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_non_digest_authz(self):
policy = SRPAuthenticationPolicy("test")
request = make_request(HTTP_AUTHORIZATION="Basic lalalala")
self.assertEquals(policy.unauthenticated_userid(request), None)
request = make_request(HTTP_AUTHORIZATION="BrowserID assertion=1234")
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_auth_with_no_password_callbacks(self):
policy = SRPAuthenticationPolicy("test")
request = make_request()
params = get_challenge(policy, request, "tester")
build_response(params, request, "tester", "testing")
self.assertEquals(policy.authenticated_userid(request), None)
def test_identify_with_invalid_params(self):
policy = SRPAuthenticationPolicy("test")
request = make_request(HTTP_AUTHORIZATION="SRP-HMAC realm=Sync")
self.assertEquals(policy.unauthenticated_userid(request), None)