def test_identify_with_mismatched_uri(self):
policy = DigestAuthenticationPolicy("test")
request = make_request(PATH_INFO="/path_one")
params = get_challenge(policy, request)
build_response(params, request, "tester", "testing")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
request["PATH_INFO"] = "/path_two"
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_mismatched_uri(self):
policy = DigestAuthenticationPolicy("test")
request = make_request(PATH_INFO="/path_one")
params = get_challenge(policy, request)
build_response(params, request, "tester", "testing")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
request["PATH_INFO"] = "/path_two"
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_auth_with_failed_password_lookup(self):
policy = DigestAuthenticationPolicy("test", get_pwdhash=lambda u, r: None)
request = make_request()
params = get_challenge(policy, request)
build_response(params, request, "tester", "testing")
self.assertEquals(policy.unauthenticated_userid(request), "tester")
self.assertEquals(policy.authenticated_userid(request), None)
def test_auth_with_failed_password_lookup(self):
policy = DigestAuthenticationPolicy("test", get_pwdhash=lambda u, r: None)
request = make_request()
params = get_challenge(policy, request)
build_response(params, request, "tester", "testing")
self.assertEquals(policy.unauthenticated_userid(request), "tester")
self.assertEquals(policy.authenticated_userid(request), None)
def test_auth_with_missing_nonce(self):
policy = DigestAuthenticationPolicy("test", get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request)
build_response(params, request, "tester", "testing")
authz = request.environ["HTTP_AUTHORIZATION"]
authz = authz.replace(" nonce", " notanonce")
request.environ["HTTP_AUTHORIZATION"] = authz
self.assertEquals(policy.unauthenticated_userid(request), None)
self.assertRaises(KeyError, policy._authenticate, params, request)
def test_auth_with_missing_nonce(self):
policy = DigestAuthenticationPolicy("test", get_password=lambda u: "testing")
request = make_request()
params = get_challenge(policy, request)
build_response(params, request, "tester", "testing")
authz = request.environ["HTTP_AUTHORIZATION"]
authz = authz.replace(" nonce", " notanonce")
request.environ["HTTP_AUTHORIZATION"] = authz
self.assertEquals(policy.unauthenticated_userid(request), None)
self.assertRaises(KeyError, policy._authenticate, params, request)
def test_identify_with_bad_noncecount(self):
policy = DigestAuthenticationPolicy("test", get_password=lambda u: "testing")
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/one")
# Do an initial auth to get the nonce.
params = get_challenge(policy, request)
build_response(params, request, "tester", "testing", nc="01")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
# Authing without increasing nc will fail.
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="01")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with a badly-formed nc will fail
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02XXX")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with a badly-formed nc will fail
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02XXX")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with increasing nc will succeed.
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
def test_challenge_with_stale_nonce(self):
policy = DigestAuthenticationPolicy("test")
request = make_request()
# Identify with a bad nonce to mark it as stale.
params = get_challenge(policy, request)
params["nonce"] += "STALE"
params = build_response(params, request, "tester", "testing")
self.assertEquals(policy.unauthenticated_userid(request), None)
# The challenge should then include stale=TRUE
app = policy.challenge_view(request)
self.assertNotEqual(app, None)
response = get_response(app, request)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless('stale="TRUE"' in response)
def test_challenge_with_stale_nonce(self):
policy = DigestAuthenticationPolicy("test")
request = make_request()
# Identify with a bad nonce to mark it as stale.
params = get_challenge(policy, request)
params["nonce"] += "STALE"
params = build_response(params, request, "tester", "testing")
self.assertEquals(policy.unauthenticated_userid(request), None)
# The challenge should then include stale=TRUE
app = policy.challenge_view(request)
self.assertNotEqual(app, None)
response = get_response(app, request)
self.failUnless(response.startswith("401 Unauthorized"))
self.failUnless('stale="TRUE"' in response)
def test_identify_with_bad_noncecount(self):
policy = DigestAuthenticationPolicy("test",
get_password=lambda u: "testing")
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/one")
# Do an initial auth to get the nonce.
params = get_challenge(policy, request)
build_response(params, request, "tester", "testing", nc="01")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
# Authing without increasing nc will fail.
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="01")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with a badly-formed nc will fail
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02XXX")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with a badly-formed nc will fail
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02XXX")
self.assertEquals(policy.unauthenticated_userid(request), None)
# Authing with increasing nc will succeed.
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two")
build_response(params, request, "tester", "testing", nc="02")
self.assertNotEquals(policy.unauthenticated_userid(request), None)
def test_rfc2617_example(self):
password = "******"
params = {
"username": "******",
"realm": "*****@*****.**",
"nonce": "dcd98b7102dd2f0e8b11d0f600bfb0c093",
"uri": "/dir/index.html",
"qop": "auth",
"nc": "00000001",
"cnonce": "0a4f113b",
"opaque": "5ccc069c403ebaf9f0171e9517f40e41",
}
policy = DigestAuthenticationPolicy("*****@*****.**", EasyNonceManager(), get_password=lambda u: password)
# Calculate the response according to the RFC example parameters.
request = make_request(REQUEST_METHOD="GET", PATH_INFO="/dir/index.html")
resp = calculate_digest_response(params, request, password=password)
# Check that it's as expected from the RFC example section.
self.assertEquals(resp, "6629fae49393a05397450978507c4ef1")
# Check that we can auth using it.
params["response"] = resp
set_authz_header(request, params)
self.assertEquals(policy.unauthenticated_userid(request), "Mufasa")
self.assertEquals(policy.authenticated_userid(request), "Mufasa")
def test_rfc2617_example(self):
password = "******"
params = {"username": "******",
"realm": "*****@*****.**",
"nonce": "dcd98b7102dd2f0e8b11d0f600bfb0c093",
"uri": "/dir/index.html",
"qop": "auth",
"nc": "00000001",
"cnonce": "0a4f113b",
"opaque": "5ccc069c403ebaf9f0171e9517f40e41"}
policy = DigestAuthenticationPolicy("*****@*****.**",
EasyNonceManager(),
get_password=lambda u: password)
# Calculate the response according to the RFC example parameters.
request = make_request(REQUEST_METHOD="GET",
PATH_INFO="/dir/index.html")
resp = calculate_digest_response(params, request, password=password)
# Check that it's as expected from the RFC example section.
self.assertEquals(resp, "6629fae49393a05397450978507c4ef1")
# Check that we can auth using it.
params["response"] = resp
set_authz_header(request, params)
self.assertEquals(policy.unauthenticated_userid(request), "Mufasa")
self.assertEquals(policy.authenticated_userid(request), "Mufasa")
def test_identify_with_invalid_params(self):
policy = DigestAuthenticationPolicy("test")
request = make_request(HTTP_AUTHORIZATION="Digest realm=Sync")
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_non_digest_authz(self):
policy = DigestAuthenticationPolicy("test")
request = make_request(HTTP_AUTHORIZATION="Basic lalalala")
self.assertEquals(policy.unauthenticated_userid(request), None)
request = make_request(HTTP_AUTHORIZATION="BrowserID assertion=1234")
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_non_digest_authz(self):
policy = DigestAuthenticationPolicy("test")
request = make_request(HTTP_AUTHORIZATION="Basic lalalala")
self.assertEquals(policy.unauthenticated_userid(request), None)
request = make_request(HTTP_AUTHORIZATION="BrowserID assertion=1234")
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_invalid_params(self):
policy = DigestAuthenticationPolicy("test")
request = make_request(HTTP_AUTHORIZATION="Digest realm=Sync")
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_no_authz(self):
policy = DigestAuthenticationPolicy("test")
request = make_request()
self.assertEquals(policy.unauthenticated_userid(request), None)
def test_identify_with_no_authz(self):
policy = DigestAuthenticationPolicy("test")
request = make_request()
self.assertEquals(policy.unauthenticated_userid(request), None)
