def test_android_auth_workaround(self): # {{{ 'Test authentication workaround for Android' r = router() with TestServer(r.dispatch) as server: r.auth_controller.log = server.log conn = server.connect() # First check that unauth access fails conn.request('GET', '/android') r = conn.getresponse() self.ae(r.status, http_client.UNAUTHORIZED) auth_handler = HTTPDigestAuthHandler() url = 'http://localhost:%d%s' % (server.address[1], '/android') auth_handler.add_password(realm=REALM, uri=url, user='******', passwd='testpw') cj = CookieJar() cookie_handler = HTTPCookieProcessor(cj) r = build_opener(auth_handler, cookie_handler).open(url) self.ae(r.getcode(), http_client.OK) cookies = tuple(cj) self.ae(len(cookies), 1) cookie = cookies[0] self.assertIn(':', cookie.value) self.ae(cookie.path, '/android') r = build_opener(cookie_handler).open(url) self.ae(r.getcode(), http_client.OK) self.ae(r.read(), b'android') # Test that a replay attack against a different URL does not work try: build_opener(cookie_handler).open(url+'2') assert ('Replay attack succeeded') except HTTPError as e: self.ae(e.code, http_client.UNAUTHORIZED)
def urlopen(server, path='/closed', un='testuser', pw='testpw', method='digest'): auth_handler = HTTPBasicAuthHandler( ) if method == 'basic' else HTTPDigestAuthHandler() url = 'http://localhost:%d%s' % (server.address[1], path) auth_handler.add_password(realm=REALM, uri=url, user=un, passwd=pw) return build_opener(auth_handler).open(url)
def urlopen(server, path='/closed', un='testuser', pw='testpw', method='digest'): auth_handler = HTTPBasicAuthHandler() if method == 'basic' else HTTPDigestAuthHandler() url = 'http://localhost:%d%s' % (server.address[1], path) auth_handler.add_password(realm=REALM, uri=url, user=un, passwd=pw) return build_opener(auth_handler).open(url)