def _get_digest_header(self, username, password, method, uri,
digest_challenge):
return python_digest.build_authorization_request(
username,
method.upper(),
uri,
1, # nonce_count
digest_challenge=digest_challenge,
password=password)
def _get_digest_header(self, username, password, method, uri, digest_challenge):
return python_digest.build_authorization_request(
username,
method.upper(),
uri,
1, # nonce_count
digest_challenge=digest_challenge,
password=password
)
def _get_http_auth_header(username, password, uri):
return build_authorization_request(
username,
'GET',
uri,
3,
nonce=calculate_nonce(time.time(), settings.SECRET_KEY),
realm='DJANGO',
opaque='myopaque',
password=password,
)
def _get_http_auth_header(username, password, uri):
return build_authorization_request(
username,
'GET',
uri,
3,
nonce=calculate_nonce(time.time(), settings.SECRET_KEY),
realm='DJANGO',
opaque='myopaque',
password=password,
)
def http_auth_digest_headers(self, **kwargs):
username, password = self.wsock.auth
yield 'Authorization', build_authorization_request(
username=username.encode('utf-8'),
method='GET',
uri=self.wsock.location,
nonce_count=0,
realm=kwargs['realm'],
nonce=kwargs['nonce'],
opaque=kwargs['opaque'],
password=password.encode('utf-8'))
def http_auth_digest_headers(self, **kwargs):
username, password = self.wsock.auth
yield 'Authorization', build_authorization_request(
username=username.encode('utf-8'),
method='GET',
uri=self.wsock.location,
nonce_count=0,
realm=kwargs['realm'],
nonce=kwargs['nonce'],
opaque=kwargs['opaque'],
password=password.encode('utf-8'))
def handle_digest_auth(self, response: str) -> None:
wsuri = self._wsuri
challenge = parse_digest_challenge(response)
if challenge is None:
raise AuthenticationRequest(response)
kd = build_authorization_request(wsuri.user_info[0],
'GET',
wsuri.resource_name,
1,
challenge,
password=wsuri.user_info[1])
return kd
def test_is_authenticated(self):
auth = DigestAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No HTTP Basic auth details should fail.
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# HttpUnauthorized with auth type and realm
self.assertEqual(auth_request['WWW-Authenticate'].find('Digest'), 0)
self.assertEqual(
auth_request['WWW-Authenticate'].find(' realm="django-tastypie"') >
0, True)
self.assertEqual(auth_request['WWW-Authenticate'].find(' opaque=') > 0,
True)
self.assertEqual(auth_request['WWW-Authenticate'].find('nonce=') > 0,
True)
# Wrong basic auth details.
request.META['HTTP_AUTHORIZATION'] = 'abcdefg'
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# No password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode('daniel')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Wrong user/password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode('daniel:pass')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Correct user/password.
john_doe = User.objects.get(username='******')
request.META[
'HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
john_doe.username,
request.method,
'/', # uri
1, # nonce_count
digest_challenge=auth_request['WWW-Authenticate'],
password=john_doe.api_key.key)
auth_request = auth.is_authenticated(request)
self.assertEqual(auth_request, True)
def test_is_authenticated(self):
auth = DigestAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No HTTP Basic auth details should fail.
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# HttpUnauthorized with auth type and realm
self.assertEqual(auth_request['WWW-Authenticate'].find('Digest'), 0)
self.assertEqual(auth_request['WWW-Authenticate'].find(' realm="django-tastypie"') > 0, True)
self.assertEqual(auth_request['WWW-Authenticate'].find(' opaque=') > 0, True)
self.assertEqual(auth_request['WWW-Authenticate'].find('nonce=') > 0, True)
# Wrong basic auth details.
request.META['HTTP_AUTHORIZATION'] = 'abcdefg'
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# No password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode('daniel')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Wrong user/password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode('daniel:pass')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Correct user/password.
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
john_doe.username,
request.method,
'/', # uri
1, # nonce_count
digest_challenge=auth_request['WWW-Authenticate'],
password=john_doe.api_key.key
)
auth_request = auth.is_authenticated(request)
self.assertEqual(auth_request, True)
def test_is_authenticated(self):
auth = DigestAuthentication()
request = HttpRequest()
# No HTTP Basic auth details should fail.
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# HttpUnauthorized with auth type and realm
self.assertEqual(auth_request["WWW-Authenticate"].find("Digest"), 0)
self.assertEqual(auth_request["WWW-Authenticate"].find(' realm="django-tastypie"') > 0, True)
self.assertEqual(auth_request["WWW-Authenticate"].find(" opaque=") > 0, True)
self.assertEqual(auth_request["WWW-Authenticate"].find("nonce=") > 0, True)
# Wrong basic auth details.
request.META["HTTP_AUTHORIZATION"] = "abcdefg"
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# No password.
request.META["HTTP_AUTHORIZATION"] = base64.b64encode("daniel")
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Wrong user/password.
request.META["HTTP_AUTHORIZATION"] = base64.b64encode("daniel:pass")
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Correct user/password.
john_doe = User.objects.get(username="******")
john_doe.set_password("pass")
create_api_key(User, instance=john_doe, created=True)
request.META["HTTP_AUTHORIZATION"] = python_digest.build_authorization_request(
john_doe.username,
request.method,
"/", # uri
1, # nonce_count
digest_challenge=auth_request["WWW-Authenticate"],
password=john_doe.api_key.key,
)
auth_request = auth.is_authenticated(request)
self.assertEqual(auth_request, True)
def create_mock_request(self, username='******', realm=None,
method='GET', uri='/dummy/uri', nonce=None, request_digest=None,
algorithm=None, opaque='dummy-opaque', qop='auth', nonce_count=1,
client_nonce=None, password='******', request_path=None):
if not realm:
realm = get_setting('DIGEST_REALM', DEFAULT_REALM)
if not nonce:
nonce=python_digest.calculate_nonce(time.time(), secret=settings.SECRET_KEY)
if not request_path:
request_path = uri
header = python_digest.build_authorization_request(
username=username, realm=realm, method=method, uri=uri, nonce=nonce, opaque=opaque,
nonce_count=nonce_count, password=password, request_digest=request_digest,
client_nonce=client_nonce)
request = self.create_mock_request_for_header(header)
expect(request.method).result(method)
expect(request.path).result(request_path)
return request
def create_mock_request(self, username='******', realm=None,
method='GET', uri='/dummy/uri', nonce=None, request_digest=None,
algorithm=None, opaque='dummy-opaque', qop='auth', nonce_count=1,
client_nonce=None, password='******', request_path=None):
if not realm:
realm = get_setting('DIGEST_REALM', DEFAULT_REALM)
if not nonce:
nonce=python_digest.calculate_nonce(time.time(), secret=settings.SECRET_KEY)
if not request_path:
request_path = uri
header = python_digest.build_authorization_request(
username=username, realm=realm, method=method, uri=uri, nonce=nonce, opaque=opaque,
nonce_count=nonce_count, password=password, request_digest=request_digest,
client_nonce=client_nonce)
request = self.create_mock_request_for_header(header)
expect(request.method).result(method)
expect(request.path).result(request_path)
return request
def authorization(self, request, response):
if response is not None:
challenges = self._authenticate_headers(response)
if 'Digest' not in challenges:
raise WWWAuthenticateError(
'Digest authentication unsupported for %s to %r.' %
(response.request['REQUEST_METHOD'],
response.request['PATH_INFO'])
)
self.digest_challenge = challenges['Digest']
elif self.digest_challenge is None:
return
self.nonce_count += 1
return build_authorization_request(
username=self.username,
method=request['REQUEST_METHOD'],
uri=quote(request['PATH_INFO']),
nonce_count=self.nonce_count,
digest_challenge=self.digest_challenge,
password=self.password
)
def authorization(self, request, response):
if response is not None:
challenges = self._authenticate_headers(response)
if 'Digest' not in challenges:
raise WWWAuthenticateError(
'Digest authentication unsupported for %s to %r.' %
(response.request['REQUEST_METHOD'],
response.request['PATH_INFO'])
)
self.digest_challenge = challenges['Digest']
elif self.digest_challenge is None:
return
self.nonce_count += 1
return build_authorization_request(
username=self.username,
method=request['REQUEST_METHOD'],
uri=quote(request['PATH_INFO']),
nonce_count=self.nonce_count,
digest_challenge=self.digest_challenge,
password=self.password
)
