def test_validate_digest_parameters_legacy(self): params = dict(scheme="Digest", realm="testrealm", username="******", nonce="abcdef", response="123456") # Missing "uri" self.failIf(validate_digest_parameters(params)) params["uri"] = "/my/page" self.failUnless(validate_digest_parameters(params)) # Wrong realm self.failIf(validate_digest_parameters(params, realm="otherrealm")) self.failUnless(validate_digest_parameters(params, realm="testrealm"))
def test_validate_digest_parameters_qop(self): params = dict( scheme="Digest", realm="testrealm", username="******", nonce="abcdef", response="123456", qop="auth", uri="/my/page", cnonce="98765", ) # Missing "nc" self.failIf(validate_digest_parameters(params)) params["nc"] = "0001" self.failUnless(validate_digest_parameters(params)) # Wrong realm self.failIf(validate_digest_parameters(params, realm="otherrealm")) self.failUnless(validate_digest_parameters(params, realm="testrealm")) # Unknown qop params["qop"] = "super-duper" self.failIf(validate_digest_parameters(params)) params["qop"] = "auth-int" self.failUnless(validate_digest_parameters(params)) params["qop"] = "auth" # Unknown algorithm params["algorithm"] = "sha1" self.failIf(validate_digest_parameters(params)) params["algorithm"] = "md5" self.failUnless(validate_digest_parameters(params))
def _get_auth_params(self, request): """Extract digest-auth parameters from the request. This method extracts digest-auth parameters from the Authorization header and returns them as a dict. If they are missing then None is returned. """ # Parse the Authorization header, using cached version if possible. if _ENVKEY_PARSED_AUTHZ in request.environ: params = request.environ[_ENVKEY_PARSED_AUTHZ] else: try: params = parse_authz_header(request) except ValueError: params = None request.environ[_ENVKEY_PARSED_AUTHZ] = params # Check that they're valid digest-auth parameters. if params is None: return None if params["scheme"].lower() != "digest": return None if not validate_digest_parameters(params, self.realm): return None # Check that the digest is applied to the correct URI. if not validate_digest_uri(params, request): return None # Check that the provided nonce is valid. # If this looks like a stale request, mark it in the request # so we can include that information in the challenge. if not validate_digest_nonce(params, request, self.nonce_manager): request.environ[_ENVKEY_STALE_NONCE] = True return None return params
def test_validate_digest_parameters_qop(self): params = dict(scheme="Digest", realm="testrealm", username="******", nonce="abcdef", response="123456", qop="auth", uri="/my/page", cnonce="98765") # Missing "nc" self.failIf(validate_digest_parameters(params)) params["nc"] = "0001" self.failUnless(validate_digest_parameters(params)) # Wrong realm self.failIf(validate_digest_parameters(params, realm="otherrealm")) self.failUnless(validate_digest_parameters(params, realm="testrealm")) # Unknown qop params["qop"] = "super-duper" self.failIf(validate_digest_parameters(params)) params["qop"] = "auth-int" self.failUnless(validate_digest_parameters(params)) params["qop"] = "auth" # Unknown algorithm params["algorithm"] = "sha1" self.failIf(validate_digest_parameters(params)) params["algorithm"] = "md5" self.failUnless(validate_digest_parameters(params))