def test_forceAuthentication(self):
"""
Test that if an HTTPError with an Unauthorized status code is raised
from within our protected resource, we add the WWW-Authenticate
headers if they do not already exist.
"""
self.portal.registerChecker(checkers.AllowAnonymousAccess())
nonAnonResource = NonAnonymousResource()
nonAnonResource.responseText = "We don't like anonymous users"
root = wrapper.HTTPAuthResource(nonAnonResource, [self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
def _tryAuthenticate(result):
credentials = base64.encodestring('username:password')
d2 = self.assertResponse((root, 'http://localhost/', {
'authorization': ('basic', credentials)
}), (200, {}, "We don't like anonymous users"))
return d2
d = self.assertResponse((root, 'http://localhost/', {}), (401, {
'WWW-Authenticate': [('basic', {
'realm': "test realm"
})]
}, None))
d.addCallback(_tryAuthenticate)
return d
def test_unauthorizedResponse(self):
"""
Test that a request with no credentials results in a
valid Unauthorized response.
"""
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
def makeDeepRequest(res):
return self.assertResponse(
(root, 'http://localhost/foo/bar/baz/bax'), (401, {
'WWW-Authenticate': [('basic', {
'realm': "test realm"
})]
}, None))
d = self.assertResponse((root, 'http://localhost/'), (401, {
'WWW-Authenticate': [('basic', {
'realm': "test realm"
})]
}, None))
return d.addCallback(makeDeepRequest)
def test_wrappedResourceGetsFullSegments(self):
"""
Test that the wrapped resource gets all the URL segments in it's
locateChild.
"""
self.protectedResource.responseText = "I hope you can see me."
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
credentials = base64.encodestring('username:password')
d = self.assertResponse((root, 'http://localhost/foo/bar/baz/bax', {
'authorization': ('basic', credentials)
}), (404, {}, None))
def checkSegments(ign):
resource = self.protectedResource
self.assertEquals(resource.segments, ['foo', 'bar', 'baz', 'bax'])
d.addCallback(checkSegments)
return d
def require_digest_auth(resource):
p = portal.Portal(TestAuthRealm())
c = checkers.InMemoryUsernamePasswordDatabaseDontUse()
c.addUser("digestuser", "digestuser")
p.registerChecker(c)
cred_factory = DigestCredFactory("MD5", "Digest Auth protected area")
return wrapper.HTTPAuthResource(resource, [cred_factory],
p,
interfaces=(IHTTPUser, ))
def require_basic_auth(resource):
p = portal.Portal(TestAuthRealm())
c = checkers.InMemoryUsernamePasswordDatabaseDontUse()
c.addUser("john", "john")
p.registerChecker(c)
cred_factory = basic.BasicCredentialFactory("Basic Auth protected area")
return wrapper.HTTPAuthResource(resource, [cred_factory],
p,
interfaces=(IHTTPUser, ))
def test_renderHTTP(self):
"""
Test that if the renderHTTP method is ever called we authenticate
the request and delegate rendering to the wrapper.
"""
self.protectedResource.responseText = "I hope you can see me."
self.protectedResource.addSlash = True
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
request = SimpleRequest(None, "GET", "/")
request.prepath = ['']
def _gotSecondResponse(response):
self.assertEquals(response.code, 200)
self.assertEquals(str(response.stream.read()),
"I hope you can see me.")
def _gotResponse(exception):
response = exception.response
self.assertEquals(response.code, 401)
self.failUnless(response.headers.hasHeader('WWW-Authenticate'))
self.assertEquals(response.headers.getHeader('WWW-Authenticate'),
[('basic', {
'realm': "test realm"
})])
credentials = base64.encodestring('username:password')
request.headers.setHeader('authorization', ['basic', credentials])
d = root.renderHTTP(request)
d.addCallback(_gotSecondResponse)
d = self.assertFailure(root.renderHTTP(request), http.HTTPError)
d.addCallback(_gotResponse)
return d
def test_successfulLogin(self):
"""
Test that a request with good credentials results in the
appropriate response from the protected resource
"""
self.protectedResource.responseText = "I hope you can see me."
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
credentials = base64.encodestring('username:password')
d = self.assertResponse((root, 'http://localhost/', {
'authorization': ('basic', credentials)
}), (200, {}, 'I hope you can see me.'))
return d
def test_multipleWWWAuthenticateSchemes(self):
"""
Test that our unauthorized response can contain challenges for
multiple authentication schemes.
"""
root = wrapper.HTTPAuthResource(
self.protectedResource,
(basic.BasicCredentialFactory('test realm'),
FakeDigestCredentialFactory('md5', 'test realm')),
self.portal,
interfaces=(IHTTPUser, ))
d = self.assertResponse((root, 'http://localhost/', {}), (401, {
'www-authenticate':
[challengeResponse, ('basic', {
'realm': 'test realm'
})]
}, None))
return d
def test_wrongScheme(self):
"""
Test that a request with credentials for a scheme that is not
advertised by this resource results in the appropriate
unauthorized response.
"""
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
d = self.assertResponse((root, 'http://localhost/', {
'authorization': [('digest', 'realm="foo", response="crap"')]
}), (401, {
'www-authenticate': [('basic', {
'realm': 'test realm'
})]
}, None))
return d
def test_invalidCredentials(self):
"""
Malformed or otherwise invalid credentials (as determined by
the credential factory) should result in an Unauthorized response
"""
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
credentials = base64.encodestring('Not Good Credentials')
d = self.assertResponse((root, 'http://localhost/', {
'authorization': ('basic', credentials)
}), (401, {
'WWW-Authenticate': [('basic', {
'realm': "test realm"
})]
}, None))
return d
def test_badCredentials(self):
"""
Test that a request with bad credentials results in a valid
Unauthorized response
"""
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
credentials = base64.encodestring('bad:credentials')
d = self.assertResponse((root, 'http://localhost/', {
'authorization': [('basic', credentials)]
}), (401, {
'WWW-Authenticate': [('basic', {
'realm': "test realm"
})]
}, None))
return d
def test_allowedMethods(self):
"""
Test that unknown methods result in a 401 instead of a 405 when
authentication hasn't been completed.
"""
self.method = 'PROPFIND'
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
d = self.assertResponse((root, 'http://localhost/'), (401, {
'WWW-Authenticate': [('basic', {
'realm': "test realm"
})]
}, None))
self.method = 'GET'
return d
def test_responseFilterDoesntClobberHeaders(self):
"""
Test that if an UNAUTHORIZED response is returned and
already has 'WWW-Authenticate' headers we don't add them.
"""
self.portal.registerChecker(checkers.AllowAnonymousAccess())
nonAnonResource = NonAnonymousResource()
nonAnonResource.responseText = "We don't like anonymous users"
nonAnonResource.sendOwnHeaders = True
root = wrapper.HTTPAuthResource(nonAnonResource, [self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
d = self.assertResponse((root, 'http://localhost/', {}), (401, {
'WWW-Authenticate': [('basic', {
'realm': "foo"
})]
}, None))
return d
def test_anonymousAuthentication(self):
"""
If our portal has a credentials checker for IAnonymous credentials
authentication succeeds if no Authorization header is present
"""
self.portal.registerChecker(checkers.AllowAnonymousAccess())
self.protectedResource.responseText = "Anonymous access allowed"
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
def _checkRequest(ign):
self.assertEquals(self.protectedResource.request.avatar.username,
'anonymous')
d = self.assertResponse((root, 'http://localhost/', {}),
(200, {}, "Anonymous access allowed"))
d.addCallback(_checkRequest)
return d
def test_authorizationAgainstMultipleSchemes(self):
"""
Test that we can successfully authenticate when presented
with multiple WWW-Authenticate headers
"""
root = wrapper.HTTPAuthResource(
self.protectedResource,
(basic.BasicCredentialFactory('test realm'),
FakeDigestCredentialFactory('md5', 'test realm')),
self.portal,
interfaces=(IHTTPUser, ))
def respondBasic(ign):
credentials = base64.encodestring('username:password')
d = self.assertResponse((root, 'http://localhost/', {
'authorization': ('basic', credentials)
}), (200, {}, None))
return d
def respond(ign):
d = self.assertResponse((root, 'http://localhost/', {
'authorization': authRequest1
}), (200, {}, None))
return d.addCallback(respondBasic)
d = self.assertResponse((root, 'http://localhost/', {}), (401, {
'www-authenticate':
[challengeResponse, ('basic', {
'realm': 'test realm'
})]
}, None))
return d
def test_authenticatedRequest(self):
"""
Test that after successful authentication the request provides
IAuthenticatedRequest and that the request.avatar implements
the proper interfaces for this realm and has the proper values
for this request.
"""
self.protectedResource.responseText = "I hope you can see me."
root = wrapper.HTTPAuthResource(self.protectedResource,
[self.credFactory],
self.portal,
interfaces=(IHTTPUser, ))
credentials = base64.encodestring('username:password')
d = self.assertResponse((root, 'http://localhost/', {
'authorization': ('basic', credentials)
}), (200, {}, 'I hope you can see me.'))
def checkRequest(result):
resource = self.protectedResource
self.failUnless(hasattr(resource, "request"))
request = resource.request
self.failUnless(IAuthenticatedRequest.providedBy(request))
self.failUnless(hasattr(request, "avatar"))
self.failUnless(IHTTPUser.providedBy(request.avatar))
self.failUnless(hasattr(request, "avatarInterface"))
self.assertEquals(request.avatarInterface, IHTTPUser)
self.assertEquals(request.avatar.username, 'username')
d.addCallback(checkRequest)
return d