def test_digest_auth_login_valid(self, generate_random_mock):
generate_random_mock.side_effect = [
"9549bf6d4fd6206e2945e8501481ddd5",
"47c67cc7bedf6bc754f044f77f32b99e"
]
req, response = self.client.get("/digest")
self.assertTrue(response.status_code == 401)
header = response.headers.get("WWW-Authenticate")
auth_type, auth_info = header.split(None, 1)
d = parse_dict_header(auth_info)
auth_response = "21ca18e29c5dcc5c418d95fe8bef9477"
req, response = self.client.get(
"/digest",
headers={
"Authorization":
'Digest username="******",realm="{0}",'
'nonce="{1}",uri="/digest",response="{2}",'
'opaque="{3}", nc="00000001",cnonce="5fd0a782"'.format(
d["realm"], d["nonce"], auth_response, d["opaque"])
},
)
print(response.content)
self.assertEqual(response.content, b"digest_auth:john")
def test_digest_auth_login_bad_realm(self):
req, response = self.client.get("/digest")
self.assertTrue(response.status_code == 401)
self.assertTrue(response.cookies is not None)
header = response.headers.get("WWW-Authenticate")
auth_type, auth_info = header.split(None, 1)
d = parse_dict_header(auth_info)
auth_response = md5("Authentication").hexdigest()
req, response = self.client.get(
"/digest",
headers={
"Authorization":
'Digest username="******",realm="{0}",'
'nonce="{1}",qop= "auth",uri="/digest",response="{2}",'
'opaque="{3}"'.format(d["realm"], d["nonce"], auth_response,
d["opaque"])
},
)
self.assertEqual(response.status_code, 401)
self.assertTrue("WWW-Authenticate" in response.headers)
self.assertTrue(
re.match(
r'^Digest realm="Authentication Required", '
r'nonce="[0-9a-f]+", qop="auth", opaque="[0-9a-f]+"$',
response.headers["WWW-Authenticate"],
))
def test_digest_ha1_pw_auth_login_valid(self):
req, response = self.client.get("/digest_ha1_pw")
self.assertTrue(response.status_code == 401)
header = response.headers.get("WWW-Authenticate")
auth_type, auth_info = header.split(None, 1)
d = parse_dict_header(auth_info)
a1 = "john:" + d["realm"] + ":bye"
ha1 = md5(a1).hexdigest()
a2 = "GET:/digest_ha1_pw"
ha2 = md5(a2).hexdigest()
a3 = ha1 + ":" + d["nonce"] + ":" + ha2
auth_response = md5(a3).hexdigest()
req, response = self.client.get(
"/digest_ha1_pw",
headers={
"Authorization":
'Digest username="******",realm="{0}",'
'nonce="{1}",uri="/digest_ha1_pw",'
'response="{2}",'
'opaque="{3}"'.format(d["realm"], d["nonce"], auth_response,
d["opaque"])
},
cookies={"test_session": response.cookies.get("test_session")},
)
self.assertEqual(response.content, b"digest_auth_ha1_pw:john")
def test_digest_auth_login_invalid2(self):
req, response = self.client.get("/digest")
self.assertEqual(response.status_code, 401)
self.assertTrue(response.cookies.get("test_session") is not None)
header = response.headers.get("WWW-Authenticate")
auth_type, auth_info = header.split(None, 1)
d = parse_dict_header(auth_info)
a1 = "david:" + "Authentication Required" + ":bye"
ha1 = md5(a1).hexdigest()
a2 = "GET:/digest"
ha2 = md5(a2).hexdigest()
a3 = ha1 + ":" + d["nonce"] + ":" + ha2
auth_response = md5(a3).hexdigest()
req, response = self.client.get(
"/digest",
headers={
"Authorization":
'Digest username="******",realm="{0}",'
'nonce="{1}",uri="/digest",response="{2}",'
'opaque="{3}"'.format(d["realm"], d["nonce"], auth_response,
d["opaque"])
},
cookies={"test_session": response.cookies.get("test_session")},
)
self.assertEqual(response.status_code, 401)
self.assertTrue("WWW-Authenticate" in response.headers)
self.assertTrue(
re.match(
r'^Digest realm="Authentication Required", '
r'nonce="[0-9a-f]+", qop="auth", opaque="[0-9a-f]+"$',
response.headers["WWW-Authenticate"],
))
def test_digest_auth_login_bad_realm(self):
req, response = self.client.get("/digest")
self.assertTrue(response.status_code == 401)
self.assertTrue(response.cookies.get("test_session") is not None)
header = (f'Digest realm="Wrong Realm", '
f'nonce="9549bf6d4fd6206e2945e8501481ddd5", qop="auth", '
f'nc="00000001", cnonce="5fd0a782", '
f'opaque="47c67cc7bedf6bc754f044f77f32b99e"')
response.headers["WWW-Authenticate"] = header
auth_type, auth_info = header.split(None, 1)
d = parse_dict_header(auth_info)
auth_response = ""
req, response = self.client.get(
"/digest",
headers={
"Authorization":
'Digest username="******",realm="{0}",'
'nonce="{1}",uri="/digest",response="{2}",'
'opaque="{3}"'.format(d["realm"], d["nonce"], auth_response,
d["opaque"])
},
cookies={"test_session": response.cookies.get("test_session")},
)
self.assertEqual(response.status_code, 401)
self.assertTrue("WWW-Authenticate" in response.headers)
self.assertTrue(
re.match(
r'^Digest realm="Authentication Required", '
r'nonce="[0-9a-f]+", qop="auth", opaque="[0-9a-f]+"$',
response.headers["WWW-Authenticate"],
))
def test_digest_custom_nonce_checker(self):
@self.digest_auth.generate_nonce
def noncemaker(request):
return "not a good nonce"
@self.digest_auth.generate_opaque
def opaquemaker(request):
return "some opaque"
verify_nonce_called = []
@self.digest_auth.verify_nonce
def verify_nonce(request, provided_nonce):
verify_nonce_called.append(provided_nonce)
return True
verify_opaque_called = []
@self.digest_auth.verify_opaque
def verify_opaque(request, provided_opaque):
verify_opaque_called.append(provided_opaque)
return True
req, response = self.client.get("/digest")
self.assertEqual(response.status_code, 401)
header = response.headers.get("WWW-Authenticate")
auth_type, auth_info = header.split(None, 1)
d = parse_dict_header(auth_info)
self.assertEqual(d["nonce"], "not a good nonce")
self.assertEqual(d["opaque"], "some opaque")
a1 = "john:" + d["realm"] + ":bye"
ha1 = md5(a1).hexdigest()
a2 = "GET:/digest"
ha2 = md5(a2).hexdigest()
a3 = ha1 + ":" + d["nonce"] + ":" + ha2
auth_response = md5(a3).hexdigest()
req, response = self.client.get(
"/digest",
headers={
"Authorization":
'Digest username="******",realm="{0}",'
'nonce="{1}",uri="/digest",response="{2}",'
'opaque="{3}"'.format(d["realm"], d["nonce"], auth_response,
d["opaque"])
},
cookies={"test_session": response.cookies.get("test_session")},
)
self.assertEqual(response.content, b"digest_auth:john")
self.assertEqual(verify_nonce_called, ["not a good nonce"],
"Should have verified the nonce.")
self.assertEqual(verify_opaque_called, ["some opaque"],
"Should have verified the opaque.")
def test_digest_custom_nonce_checker(self):
@self.digest_auth.generate_nonce
def noncemaker(request):
return "not a good nonce"
@self.digest_auth.generate_opaque
def opaquemaker(request):
return "some opaque"
verify_nonce_called = []
@self.digest_auth.verify_nonce
def verify_nonce(request, provided_nonce):
verify_nonce_called.append(provided_nonce)
return True
verify_opaque_called = []
@self.digest_auth.verify_opaque
def verify_opaque(request, provided_opaque):
verify_opaque_called.append(provided_opaque)
return True
req, response = self.client.get("/digest")
self.assertEqual(response.status_code, 401)
header = response.headers["WWW-Authenticate"]
auth_type, auth_info = header.split(None, 1)
d = parse_dict_header(auth_info)
self.assertEqual(d["nonce"], "not a good nonce")
self.assertEqual(d["opaque"], "some opaque")
auth_response = "648057b3e2e2cfeb838d03dba6bce576"
req, response = self.client.get(
"/digest",
headers={
"Authorization":
'Digest username="******",realm="{0}",'
'nonce="{1}",qop="auth",uri="/digest",response="{2}",'
'opaque="{3}",nc="00000001",cnonce="5fd0a782"'.format(
d["realm"], d["nonce"], auth_response, d["opaque"])
},
cookies={"test_session": response.cookies.get("test_session")},
)
self.assertEqual(response.content, b"digest_auth:john")
self.assertEqual(verify_nonce_called, ["not a good nonce"],
"Should have verified the nonce.")
self.assertEqual(verify_opaque_called, ["some opaque"],
"Should have verified the opaque.")
def test_digest_ha1_pw_auth_login_valid(self):
req, response = self.client.get("/digest_ha1_pw")
self.assertTrue(response.status_code == 401)
header = (f'Digest realm="Authentication Required", '
f'nonce="9549bf6d4fd6206e2945e8501481ddd5", qop="None", '
f'opaque="47c67cc7bedf6bc754f044f77f32b99e"')
response.headers["WWW-Authenticate"] = header
auth_type, auth_info = header.split(None, 1)
d = parse_dict_header(auth_info)
auth_response = "7afa823fb21430c8acb89ed054a5add6"
req, response = self.client.get(
"/digest_ha1_pw",
headers={
"Authorization":
'Digest username="******",realm="{0}",'
'nonce="{1}",uri="/digest_ha1_pw",'
'response="{2}",'
'opaque="{3}"'.format(d["realm"], d["nonce"], auth_response,
d["opaque"])
},
cookies={"test_session": response.cookies.get("test_session")},
)
self.assertEqual(response.content, b"digest_auth_ha1_pw:john")