def test_auth_with_no_password_callbacks(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest') scheme = HttpDigestScheme(http_auth_policy) request = make_request() params = get_challenge(scheme, request) build_response(params, request, "tester", "testing") self.assertEquals(scheme.authenticated_userid(request), None)
def test_rfc2617_example(self): password = "******" params = { "username": "******", "realm": "*****@*****.**", "nonce": "dcd98b7102dd2f0e8b11d0f600bfb0c093", "uri": "/dir/index.html", "qop": "auth", "nc": "00000001", "cnonce": "0a4f113b", "opaque": "5ccc069c403ebaf9f0171e9517f40e41" } http_auth_policy = HttpAuthPolicy( "*****@*****.**", 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy, nonce_manager=EasyNonceManager()) # Calculate the response according to the RFC example parameters. request = make_request(REQUEST_METHOD="GET", PATH_INFO="/dir/index.html") resp = utils.calculate_digest_response(params, request, password=password) # Check that it's as expected from the RFC example section. self.assertEquals(resp, "6629fae49393a05397450978507c4ef1") # Check that we can auth using it. params["response"] = resp set_authz_header(request, params) self.assertEquals(scheme.unauthenticated_userid(request), "Mufasa") self.assertEquals(scheme.authenticated_userid(request), "Mufasa")
def test_identify_with_bad_noncecount(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy) request = make_request(REQUEST_METHOD="GET", PATH_INFO="/one") # Do an initial auth to get the nonce. params = get_challenge(scheme, request) build_response(params, request, "tester", "testing", nc="01") self.assertNotEquals(scheme.unauthenticated_userid(request), None) # Authing without increasing nc will fail. request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="01") self.assertEquals(scheme.unauthenticated_userid(request), None) # Authing with a badly-formed nc will fail request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="02XXX") self.assertEquals(scheme.unauthenticated_userid(request), None) # Authing with increasing nc will succeed. request = make_request(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(params, request, "tester", "testing", nc="02") self.assertEquals(scheme.unauthenticated_userid(request), 'tester') self.assertEquals(scheme.authenticated_userid(request), 'tester')
def test_with_incorrect_password(self): http_auth_policy = HttpAuthPolicy('TestHttpBasicScheme', 'basic', get_password=lambda usr: usr + 'xx') scheme = HttpBasicScheme(http_auth_policy) request = make_request( HTTP_AUTHORIZATION='Basic dXNyOk3hu5l0IGNvbiB24buLdA==') self.assertEqual(scheme.unauthenticated_userid(request), 'usr') self.assertIsNone(scheme.authenticated_userid(request))
def test_login_required(self): http_auth_policy = HttpAuthPolicy('TestHttpBasicScheme', 'basic') scheme = HttpBasicScheme(http_auth_policy) request = make_request() res = scheme.login_required(request) self.assertEqual(res.status_code, 401) www_authenticate = res.headers.get('www-authenticate') www_authenticate = www_authenticate.lower() self.assertTrue(www_authenticate.startswith('basic'))
def test_auth_good_get_with_vars(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy) request = make_request(REQUEST_METHOD="GET", PATH_INFO="/hi?who=me") params = get_challenge(scheme, request) build_response(params, request, "tester", "testing") self.assertEquals(scheme.authenticated_userid(request), 'tester')
def test_with_wrong_authorization_header(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest') scheme = HttpDigestScheme(http_auth_policy) request = make_request(HTTP_AUTHORIZATION='Digest ha ha ha') self.assertIsNone(scheme.unauthenticated_userid(request)) self.assertIsNone(scheme.authenticated_userid(request)) request = make_request(HTTP_AUTHORIZATION='Digest realm=Sync') self.assertIsNone(scheme.unauthenticated_userid(request)) self.assertIsNone(scheme.authenticated_userid(request))
def test_auth_with_failed_password_lookup(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: None) scheme = HttpDigestScheme(http_auth_policy) request = make_request() params = get_challenge(scheme, request) build_response(params, request, "tester", "testing") self.assertEquals(scheme.unauthenticated_userid(request), "tester") self.assertEquals(scheme.authenticated_userid(request), None)
def test_auth_good_legacy_mode(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy) request = make_request(REQUEST_METHOD="GET", PATH_INFO="/legacy") params = get_challenge(scheme, request) params = build_response(params, request, "tester", "testing", qop=None) self.failIf("qop" in params) self.assertTrue(scheme._authenticate(request, params))
def test_with_correct_password(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy) request = make_request() params = get_challenge(scheme, request) build_response(params, request, "tester", "testing") self.assertEqual(scheme.unauthenticated_userid(request), 'tester') self.assertEqual(scheme.authenticated_userid(request), 'tester')
def test_auth_with_unknown_qop(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy) request = make_request() params = get_challenge(scheme, request) params = build_response(params, request, "tester", "testing") params["qop"] = "super-duper" self.assertRaises(ValueError, scheme._authenticate, request, params)
def test_auth_with_different_realm(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy) request = make_request() params = get_challenge(scheme, request) params["realm"] = "other-realm" build_response(params, request, "tester", "testing") self.assertEquals(scheme.unauthenticated_userid(request), None) self.assertEquals(scheme.authenticated_userid(request), None)
def test_identify_with_mismatched_uri(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest') scheme = HttpDigestScheme(http_auth_policy) request = make_request(PATH_INFO="/path_one") params = get_challenge(scheme, request) build_response(params, request, "tester", "testing") self.assertNotEqual(scheme.unauthenticated_userid(request), None) request = make_request(PATH_INFO="/path_one") params = get_challenge(scheme, request) build_response(params, request, "tester", "testing") request.PATH_INFO = '/path_two' self.assertEquals(scheme.unauthenticated_userid(request), None)
def test_auth_with_missing_nonce(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy) request = make_request() params = get_challenge(scheme, request) build_response(params, request, "tester", "testing") authz = request.environ["HTTP_AUTHORIZATION"] authz = authz.replace("nonce", " notanonce") request.environ["HTTP_AUTHORIZATION"] = authz self.assertEquals(scheme.unauthenticated_userid(request), None) self.assertEquals(scheme.authenticated_userid(request), None)
def test_with_correct_password(self): if six.PY3: pwd = 'Một con vịt' else: pwd = u'Một con vịt' http_auth_policy = HttpAuthPolicy('TestHttpBasicScheme', 'basic', get_password=lambda usr: pwd) scheme = HttpBasicScheme(http_auth_policy) request = make_request( HTTP_AUTHORIZATION='Basic dXNyOk3hu5l0IGNvbiB24buLdA==') # usr:pwd self.assertEqual(scheme.unauthenticated_userid(request), 'usr') self.assertEqual(scheme.authenticated_userid(request), 'usr')
def test_from_settings(self): def ref(class_name): return __name__ + ":" + class_name policy = HttpAuthPolicy.create_from_settings( realm="test", nonce_manager=ref("EasyNonceManager"), domain="http://example.com", get_password=ref("sampleapp_get_password"), ) scheme = policy._get_scheme('digest') self.assertEquals(scheme.realm, "test") self.assertEquals(scheme.domain, "http://example.com") self.failUnless(isinstance(scheme.nonce_manager, EasyNonceManager)) self.failUnless(policy.get_password is sampleapp_get_password)
def test_auth_good_authint_mode(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy) request = make_request(REQUEST_METHOD="GET", PATH_INFO="/authint", HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==") params = get_challenge(scheme, request) params = build_response(params, request, "tester", "testing", qop="auth-int") self.assertTrue(scheme._authenticate(request, params))
def test_auth_with_invalid_content_md5(self): http_auth_policy = HttpAuthPolicy('TestHttpDigestScheme', 'digest', get_password=lambda usr: '******') scheme = HttpDigestScheme(http_auth_policy) request = make_request(REQUEST_METHOD="GET", PATH_INFO="/authint", HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==") params = get_challenge(scheme, request) params = build_response(params, request, "tester", "testing", qop="auth-int") request.environ["HTTP_CONTENT_MD5"] = "8baNZjN6gc+g0gdhccuiqA==" self.assertEquals(scheme._authenticate(request, params), False)
def test_without_authorization_header(self): http_auth_policy = HttpAuthPolicy('TestHttpBasicScheme', 'basic') scheme = HttpBasicScheme(http_auth_policy) request = make_request() self.assertIsNone(scheme.unauthenticated_userid(request)) self.assertIsNone(scheme.authenticated_userid(request))