def test_validate_digest_uri(self):
request = make_request(SCRIPT_NAME="/my", PATH_INFO="/page")
params = dict(scheme="Digest", realm="testrealm", username="******",
nonce="abcdef", response="123456", qop="auth",
uri="/my/page", cnonce="98765", nc="0001")
self.failUnless(validate_digest_uri(params, request))
# Using full URI still works
params["uri"] = "http://localhost/my/page"
self.failUnless(validate_digest_uri(params, request))
# Check that query-string is taken into account.
params["uri"] = "http://localhost/my/page?test=one"
self.failIf(validate_digest_uri(params, request))
request["QUERY_STRING"] = "test=one"
self.failUnless(validate_digest_uri(params, request))
params["uri"] = "/my/page?test=one"
self.failUnless(validate_digest_uri(params, request))
# Check that only MSIE is allow to fudge on the query-string.
params["uri"] = "/my/page"
request["HTTP_USER_AGENT"] = "I AM FIREFOX I HAVE TO DO IT PROPERLY"
self.failIf(validate_digest_uri(params, request))
request["HTTP_USER_AGENT"] = "I AM ANCIENT MSIE PLZ HELP KTHXBYE"
self.failUnless(validate_digest_uri(params, request))
self.failIf(validate_digest_uri(params, request, msie_hack=False))
params["uri"] = "/wrong/page"
self.failIf(validate_digest_uri(params, request))
def test_validate_digest_uri(self):
request = make_request(SCRIPT_NAME="/my", PATH_INFO="/page")
params = dict(
scheme="Digest",
realm="testrealm",
username="******",
nonce="abcdef",
response="123456",
qop="auth",
uri="/my/page",
cnonce="98765",
nc="0001",
)
self.failUnless(validate_digest_uri(params, request))
# Using full URI still works
params["uri"] = "http://localhost/my/page"
self.failUnless(validate_digest_uri(params, request))
# Check that query-string is taken into account.
params["uri"] = "http://localhost/my/page?test=one"
self.failIf(validate_digest_uri(params, request))
request["QUERY_STRING"] = "test=one"
self.failUnless(validate_digest_uri(params, request))
params["uri"] = "/my/page?test=one"
self.failUnless(validate_digest_uri(params, request))
# Check that only MSIE is allow to fudge on the query-string.
params["uri"] = "/my/page"
request["HTTP_USER_AGENT"] = "I AM FIREFOX I HAVE TO DO IT PROPERLY"
self.failIf(validate_digest_uri(params, request))
request["HTTP_USER_AGENT"] = "I AM ANCIENT MSIE PLZ HELP KTHXBYE"
self.failUnless(validate_digest_uri(params, request))
self.failIf(validate_digest_uri(params, request, msie_hack=False))
params["uri"] = "/wrong/page"
self.failIf(validate_digest_uri(params, request))
def _get_auth_params(self, request):
"""Extract digest-auth parameters from the request.
This method extracts digest-auth parameters from the Authorization
header and returns them as a dict. If they are missing then None
is returned.
"""
# Parse the Authorization header, using cached version if possible.
if _ENVKEY_PARSED_AUTHZ in request.environ:
params = request.environ[_ENVKEY_PARSED_AUTHZ]
else:
try:
params = parse_authz_header(request)
except ValueError:
params = None
request.environ[_ENVKEY_PARSED_AUTHZ] = params
# Check that they're valid digest-auth parameters.
if params is None:
return None
if params["scheme"].lower() != "digest":
return None
if not validate_digest_parameters(params, self.realm):
return None
# Check that the digest is applied to the correct URI.
if not validate_digest_uri(params, request):
return None
# Check that the provided nonce is valid.
# If this looks like a stale request, mark it in the request
# so we can include that information in the challenge.
if not validate_digest_nonce(params, request, self.nonce_manager):
request.environ[_ENVKEY_STALE_NONCE] = True
return None
return params
