def test_validate_digest_uri(self): request = make_request(SCRIPT_NAME="/my", PATH_INFO="/page") params = dict(scheme="Digest", realm="testrealm", username="******", nonce="abcdef", response="123456", qop="auth", uri="/my/page", cnonce="98765", nc="0001") self.failUnless(validate_digest_uri(params, request)) # Using full URI still works params["uri"] = "http://localhost/my/page" self.failUnless(validate_digest_uri(params, request)) # Check that query-string is taken into account. params["uri"] = "http://localhost/my/page?test=one" self.failIf(validate_digest_uri(params, request)) request["QUERY_STRING"] = "test=one" self.failUnless(validate_digest_uri(params, request)) params["uri"] = "/my/page?test=one" self.failUnless(validate_digest_uri(params, request)) # Check that only MSIE is allow to fudge on the query-string. params["uri"] = "/my/page" request["HTTP_USER_AGENT"] = "I AM FIREFOX I HAVE TO DO IT PROPERLY" self.failIf(validate_digest_uri(params, request)) request["HTTP_USER_AGENT"] = "I AM ANCIENT MSIE PLZ HELP KTHXBYE" self.failUnless(validate_digest_uri(params, request)) self.failIf(validate_digest_uri(params, request, msie_hack=False)) params["uri"] = "/wrong/page" self.failIf(validate_digest_uri(params, request))
def test_validate_digest_uri(self): request = make_request(SCRIPT_NAME="/my", PATH_INFO="/page") params = dict( scheme="Digest", realm="testrealm", username="******", nonce="abcdef", response="123456", qop="auth", uri="/my/page", cnonce="98765", nc="0001", ) self.failUnless(validate_digest_uri(params, request)) # Using full URI still works params["uri"] = "http://localhost/my/page" self.failUnless(validate_digest_uri(params, request)) # Check that query-string is taken into account. params["uri"] = "http://localhost/my/page?test=one" self.failIf(validate_digest_uri(params, request)) request["QUERY_STRING"] = "test=one" self.failUnless(validate_digest_uri(params, request)) params["uri"] = "/my/page?test=one" self.failUnless(validate_digest_uri(params, request)) # Check that only MSIE is allow to fudge on the query-string. params["uri"] = "/my/page" request["HTTP_USER_AGENT"] = "I AM FIREFOX I HAVE TO DO IT PROPERLY" self.failIf(validate_digest_uri(params, request)) request["HTTP_USER_AGENT"] = "I AM ANCIENT MSIE PLZ HELP KTHXBYE" self.failUnless(validate_digest_uri(params, request)) self.failIf(validate_digest_uri(params, request, msie_hack=False)) params["uri"] = "/wrong/page" self.failIf(validate_digest_uri(params, request))
def _get_auth_params(self, request): """Extract digest-auth parameters from the request. This method extracts digest-auth parameters from the Authorization header and returns them as a dict. If they are missing then None is returned. """ # Parse the Authorization header, using cached version if possible. if _ENVKEY_PARSED_AUTHZ in request.environ: params = request.environ[_ENVKEY_PARSED_AUTHZ] else: try: params = parse_authz_header(request) except ValueError: params = None request.environ[_ENVKEY_PARSED_AUTHZ] = params # Check that they're valid digest-auth parameters. if params is None: return None if params["scheme"].lower() != "digest": return None if not validate_digest_parameters(params, self.realm): return None # Check that the digest is applied to the correct URI. if not validate_digest_uri(params, request): return None # Check that the provided nonce is valid. # If this looks like a stale request, mark it in the request # so we can include that information in the challenge. if not validate_digest_nonce(params, request, self.nonce_manager): request.environ[_ENVKEY_STALE_NONCE] = True return None return params