def testAuth(self):
client = Client()
response = client.post('/udj/auth/', {'username': '******', 'password' : 'onetest'})
self.assertEqual(response.status_code, 200)
self.assertTrue(response.has_header(getTicketHeader()))
self.assertTrue(response.has_header(getUserIdHeader()))
testUser = User.objects.filter(username='******')
self.assertEqual(
int(response.__getitem__(getUserIdHeader())), testUser[0].id)
ticket = Ticket.objects.filter(user=testUser)
self.assertEqual(response.__getitem__(getTicketHeader()), ticket[0].ticket_hash)
def wrapper(*args, **kwargs):
request = args[0]
if getDjangoTicketHeader() not in request.META:
responseString = "Must provide the " + getTicketHeader() + " header. "
return HttpResponseBadRequest(responseString)
elif not isValidTicket(request.META[getDjangoTicketHeader()]):
return HttpResponseForbidden("Invalid ticket")
else:
return function(*args, **kwargs)
def authenticate(request):
if not validAuthRequest(request):
return HttpResponseBadRequest()
userToAuth = get_object_or_404(User, username=request.POST['username'])
if userToAuth.check_password(request.POST['password']):
ticket = getTicketForUser(userToAuth, request.META['REMOTE_ADDR'])
response = HttpResponse()
response[getTicketHeader()] = ticket.ticket_hash
response[getUserIdHeader()] = userToAuth.id
return response
else:
return HttpResponseForbidden()
def testDoubleTicket(self):
client = Client()
response = client.post(
'/udj/auth', {'username': '******', 'password' : 'twotest'})
self.assertEqual(response.status_code, 200)
self.assertTrue(response.has_header(getTicketHeader()))
self.assertTrue(response.has_header(getUserIdHeader()))
testUser = User.objects.filter(username='******')
self.assertEqual(
int(response.__getitem__(getUserIdHeader())), testUser[0].id)
ticket = Ticket.objects.get(user=testUser)
firstTicket = response[getTicketHeader()]
firstTime = ticket.time_issued
self.assertEqual(firstTicket, ticket.ticket_hash)
response = client.post(
'/udj/auth', {'username': '******', 'password' : 'twotest'})
ticket = Ticket.objects.get(user=testUser)
secondTicket = response[getTicketHeader()]
secondTime = ticket.time_issued
self.assertNotEqual(firstTicket, secondTicket)
self.assertEqual(secondTicket, ticket.ticket_hash)
self.assertTrue(secondTime > firstTime)
def authenticate(request):
logging.debug("in authenticate, checking for valid auth request")
if not validAuthRequest(request):
return HttpResponseBadRequest()
userToAuth = get_object_or_404(User, username=request.POST['username'])
logging.debug("In auth, past getting user")
if userToAuth.check_password(request.POST['password']):
logging.debug("password checked")
ticket = getTicketForUser(userToAuth, request.META['REMOTE_ADDR'])
response = HttpResponse()
response[getTicketHeader()] = ticket.ticket_hash
response[getUserIdHeader()] = userToAuth.id
return response
else:
return HttpResponseForbidden()
def wrapper(*args, **kwargs):
request = args[0]
user_id = kwargs['user_id']
if getDjangoTicketHeader() not in request.META:
responseString = "Must provide the " + getTicketHeader() + " header. "
return HttpResponseBadRequest(responseString)
elif not isValidTicket(
request.META[getDjangoTicketHeader()],
request.META['REMOTE_ADDR']):
return HttpResponseForbidden("Invalid ticket: \"" +
request.META[getDjangoTicketHeader()] + "\"")
elif not ticketMatchesUser(request, user_id):
return HttpResponseForbidden("The ticket doesn't match the given user\n" +
"Give Ticket: \"" + request.META[getDjangoTicketHeader()] + "\"\n" +
"Given User id: \"" + user_id + "\"")
else:
return function(*args, **kwargs)
def setUp(self):
response = self.client.post(
'/udj/auth', {'username': self.username, 'password' : self.userpass})
self.assertEqual(response.status_code, 200)
self.ticket_hash = response.__getitem__(getTicketHeader())
self.user_id = response.__getitem__(getUserIdHeader())
def setUp(self):
response = self.client.post(
'/udj/auth/', {'username': self.username, 'password' : self.userpass})
self.ticket_hash = response.__getitem__(getTicketHeader())
self.user_id = response.__getitem__(getUserIdHeader())