def test_nonce_validation(self):
nm = SignedNonceManager(timeout=0.1)
environ = make_environ(HTTP_USER_AGENT="good-user")
# malformed nonces should be invalid
self.failIf(nm.is_valid_nonce("", environ))
self.failIf(nm.is_valid_nonce("IHACKYOU", environ))
# immediately-generated nonces should be valid.
nonce = nm.generate_nonce(environ)
self.failUnless(nm.is_valid_nonce(nonce, environ))
# tampered-with nonces should be invalid
self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", environ))
# nonces are only valid for specific user-agent
environ2 = make_environ(HTTP_USER_AGENT="nasty-hacker")
self.failIf(nm.is_valid_nonce(nonce, environ2))
# expired nonces should be invalid
self.failUnless(nm.is_valid_nonce(nonce, environ))
time.sleep(0.1)
self.failIf(nm.is_valid_nonce(nonce, environ))
def __init__(self, realm, nonce_manager=None, domain=None, qop=None,
get_password=None, get_pwdhash=None):
if nonce_manager is None:
nonce_manager = SignedNonceManager()
if qop is None:
qop = "auth"
self.realm = realm
self.nonce_manager = nonce_manager
self.domain = domain
self.qop = qop
self.get_password = get_password
self.get_pwdhash = get_pwdhash
def test_nonce_validation(self):
nm = SignedNonceManager(timeout=0.1)
environ = make_environ(HTTP_USER_AGENT="good-user")
# malformed nonces should be invalid
self.failIf(nm.is_valid_nonce("", environ))
self.failIf(nm.is_valid_nonce("IHACKYOU", environ))
# immediately-generated nonces should be valid.
nonce = nm.generate_nonce(environ)
self.failUnless(nm.is_valid_nonce(nonce, environ))
# tampered-with nonces should be invalid
self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", environ))
# nonces are only valid for specific user-agent
environ2 = make_environ(HTTP_USER_AGENT="nasty-hacker")
self.failIf(nm.is_valid_nonce(nonce, environ2))
# expired nonces should be invalid
self.failUnless(nm.is_valid_nonce(nonce, environ))
time.sleep(0.1)
self.failIf(nm.is_valid_nonce(nonce, environ))
def test_next_nonce_generation(self):
nm = SignedNonceManager(soft_timeout=0.1)
environ = make_environ()
nonce1 = nm.generate_nonce(environ)
self.failUnless(nm.is_valid_nonce(nonce1, environ))
# next-nonce is not generated until the soft timeout expires.
self.assertEquals(nm.get_next_nonce(nonce1, environ), None)
time.sleep(0.1)
nonce2 = nm.get_next_nonce(nonce1, environ)
self.assertNotEquals(nonce2, None)
self.assertNotEquals(nonce2, nonce1)
self.failUnless(nm.is_valid_nonce(nonce1, environ))
self.failUnless(nm.is_valid_nonce(nonce2, environ))
def test_next_nonce_generation(self):
nm = SignedNonceManager(soft_timeout=0.1)
environ = make_environ()
nonce1 = nm.generate_nonce(environ)
self.failUnless(nm.is_valid_nonce(nonce1, environ))
# next-nonce is not generated until the soft timeout expires.
self.assertEquals(nm.get_next_nonce(nonce1, environ), None)
time.sleep(0.1)
nonce2 = nm.get_next_nonce(nonce1, environ)
self.assertNotEquals(nonce2, None)
self.assertNotEquals(nonce2, nonce1)
self.failUnless(nm.is_valid_nonce(nonce1, environ))
self.failUnless(nm.is_valid_nonce(nonce2, environ))
def test_auto_purging_of_expired_nonces(self):
nm = SignedNonceManager(timeout=0.2)
environ = make_environ()
nonce1 = nm.generate_nonce(environ)
nm.record_nonce_count(nonce1, 1)
time.sleep(0.1)
# nonce1 hasn't expired, so adding a new one won't purge it
nonce2 = nm.generate_nonce(environ)
nm.record_nonce_count(nonce2, 1)
self.assertEquals(nm.get_nonce_count(nonce1), 1)
time.sleep(0.1)
# nonce1 has expired, it should be purged when adding another.
# nonce2 hasn't expired so it should remain in memory.
nonce3 = nm.generate_nonce(environ)
nm.record_nonce_count(nonce3, 1)
self.assertEquals(nm.get_nonce_count(nonce1), None)
self.assertEquals(nm.get_nonce_count(nonce2), 1)
def test_nonce_count_management(self):
nm = SignedNonceManager(timeout=0.1)
environ = make_environ()
nonce1 = nm.generate_nonce(environ)
self.assertEquals(nm.get_nonce_count(nonce1), None)
nm.record_nonce_count(nonce1, 1)
self.assertEquals(nm.get_nonce_count(nonce1), 1)
# purging won't remove it until it has expired.
nm._purge_expired_nonces()
self.assertEquals(nm.get_nonce_count(nonce1), 1)
time.sleep(0.1)
nm._purge_expired_nonces()
self.assertEquals(nm.get_nonce_count(nonce1), None)
def test_auto_purging_of_expired_nonces(self):
nm = SignedNonceManager(timeout=0.2)
environ = make_environ()
nonce1 = nm.generate_nonce(environ)
nm.record_nonce_count(nonce1, 1)
time.sleep(0.1)
# nonce1 hasn't expired, so adding a new one won't purge it
nonce2 = nm.generate_nonce(environ)
nm.record_nonce_count(nonce2, 1)
self.assertEquals(nm.get_nonce_count(nonce1), 1)
time.sleep(0.1)
# nonce1 has expired, it should be purged when adding another.
# nonce2 hasn't expired so it should remain in memory.
nonce3 = nm.generate_nonce(environ)
nm.record_nonce_count(nonce3, 1)
self.assertEquals(nm.get_nonce_count(nonce1), None)
self.assertEquals(nm.get_nonce_count(nonce2), 1)
def test_nonce_count_management(self):
nm = SignedNonceManager(timeout=0.1)
environ = make_environ()
nonce1 = nm.generate_nonce(environ)
self.assertEquals(nm.get_nonce_count(nonce1), None)
nm.record_nonce_count(nonce1, 1)
self.assertEquals(nm.get_nonce_count(nonce1), 1)
# purging won't remove it until it has expired.
nm._purge_expired_nonces()
self.assertEquals(nm.get_nonce_count(nonce1), 1)
time.sleep(0.1)
nm._purge_expired_nonces()
self.assertEquals(nm.get_nonce_count(nonce1), None)
