def send_digest_auth_response(self, environ, start_response): realm_name = self.domain_controller.get_domain_realm( environ["PATH_INFO"], environ) random.seed() serverkey = hex(random.getrandbits(32))[2:] etagkey = calc_hexdigest(environ["PATH_INFO"]) timekey = str(time.time()) nonce_source = timekey + calc_hexdigest(timekey + ":" + etagkey + ":" + serverkey) nonce = calc_base64(nonce_source) wwwauthheaders = 'Digest realm="{}", nonce="{}", algorithm=MD5, qop="auth"'.format( realm_name, nonce) _logger.debug("401 Not Authorized for realm '{}' (digest): {}".format( realm_name, wwwauthheaders)) body = compat.to_bytes(self.get_error_message()) start_response( "401 Not Authorized", [ ("WWW-Authenticate", wwwauthheaders), ("Content-Type", "text/html"), ("Content-Length", str(len(body))), ("Date", util.get_rfc1123_time()), ], ) return [body]
def testAuthentication(self): """Require login.""" # Prepare file content (currently without authentication) data1 = b"this is a file\nwith two lines" app = self.app app.get("/file1.txt", status=404) # not found app.put("/file1.txt", params=data1, status=201) app.get("/file1.txt", status=200) # Re-create test app with authentication wsgi_app = self._makeWsgiDAVApp(True) app = self.app = webtest.TestApp(wsgi_app) # Anonymous access must fail (expect 401 Not Authorized) # Existing resource app.get("/file1.txt", status=401) # Non-existing resource app.get("/not_existing_file.txt", status=401) # Root container app.get("/", status=401) # Try basic access authentication user = "******" password = "******" creds = util.calc_base64(user + ":" + password) headers = { "Authorization": "Basic %s" % creds, } # Existing resource app.get("/file1.txt", headers=headers, status=200) # Non-existing resource (expect 404 NotFound) app.get("/not_existing_file.txt", headers=headers, status=404)
def send_digest_auth_response(self, environ, start_response): realm = self.domain_controller.get_domain_realm(environ["PATH_INFO"], environ) random.seed() serverkey = hex(random.getrandbits(32))[2:] etagkey = calc_hexdigest(environ["PATH_INFO"]) timekey = str(time.time()) nonce_source = timekey + calc_hexdigest( timekey + ":" + etagkey + ":" + serverkey ) nonce = calc_base64(nonce_source) wwwauthheaders = 'Digest realm="{}", nonce="{}", algorithm=MD5, qop="auth"'.format( realm, nonce ) _logger.debug( "401 Not Authorized for realm '{}' (digest): {}".format( realm, wwwauthheaders ) ) body = compat.to_bytes(self.error_message_401) start_response( "401 Not Authorized", [ ("WWW-Authenticate", wwwauthheaders), ("Content-Type", "text/html"), ("Content-Length", str(len(body))), ("Date", util.get_rfc1123_time()), ], ) return [body]
def testAuthentication(self): """Require login.""" # Prepare file content (currently without authentication) data1 = b"this is a file\nwith two lines" app = self.app app.get("/file1.txt", status=404) # not found app.put("/file1.txt", params=data1, status=201) app.get("/file1.txt", status=200) # Re-create test app with authentication wsgi_app = self._makeWsgiDAVApp(True) app = self.app = webtest.TestApp(wsgi_app) # Anonymous access must fail (expect 401 Not Authorized) # Existing resource app.get("/file1.txt", status=401) # Non-existing resource app.get("/not_existing_file.txt", status=401) # Root container app.get("/", status=401) # Try basic access authentication user = "******" password = "******" creds = util.calc_base64(user + ":" + password) headers = {"Authorization": "Basic %s" % creds} # Existing resource app.get("/file1.txt", headers=headers, status=200) # Non-existing resource (expect 404 NotFound) app.get("/not_existing_file.txt", headers=headers, status=404)
def sendDigestAuthResponse(self, environ, start_response): realmname = self._domaincontroller.getDomainRealm( environ["PATH_INFO"], environ) random.seed() serverkey = hex(random.getrandbits(32))[2:] etagkey = calc_hexdigest(environ["PATH_INFO"]) timekey = str(time.time()) nonce_source = timekey + \ calc_hexdigest(timekey + ":" + etagkey + ":" + serverkey) # nonce = to_native(base64.b64encode(compat.to_bytes(nonce_source))) nonce = calc_base64(nonce_source) wwwauthheaders = ('Digest realm="%s", nonce="%s", algorithm=MD5, qop="auth"' % (realmname, nonce)) _logger.debug("401 Not Authorized for realm '%s' (digest): %s" % (realmname, wwwauthheaders)) body = compat.to_bytes(self.getErrorMessage()) # start_response("403 Forbidden", [("WWW-Authenticate", wwwauthheaders), start_response("401 Not Authorized", [("WWW-Authenticate", wwwauthheaders), ("Content-Type", "text/html"), ("Content-Length", str(len(body))), ("Date", util.getRfc1123Time()), ]) return [body]