def test_Hx(self):
cr = {'username': '******',
'password': '******',
'realm': 'Fake area',
'nonce': "dcd98b7102dd2f0e8b11d0f600bfb0c093",
'uri': "/dir/index.html",
'nc': '00000001',
'cnonce': "0a4f113b",
'response': "e966c932a9242554e42c8ee200cec7f6",
'opaque': "5ccc069c403ebaf9f0171e9517f40e41"}
request = {'method': 'GET',
'uri': '/dir/index.html',
'body': 'request body'}
self.assertEqual(HA1(cr['realm'], cr['username'], cr['password']),
H("%s:%s:%s" % (cr['username'], cr['realm'], cr['password'])))
# test qop == auth
cr['qop'] = 'auth'
self.assertEqual(HA2(cr, request), H("%s:%s" % (request['method'], request['uri'])))
# test qop == auth-int
cr['qop'] = 'auth-int'
self.assertEqual(HA2(cr, request), H("%s:%s:%s" % (request['method'], request['uri'], H(request['body']))))
# test qop == 'bad-auth'
cr['qop'] = 'bad-auth'
self.assertRaises(ValueError, HA2, cr, request)
# test qop == None
cr['qop'] = None
self.assertEqual(response(cr, cr['password'], request),
H(":".join([HA1(cr['realm'], cr['username'], cr['password']),
cr.get('nonce'), HA2(cr, request)])))
# test qop == auth
cr['qop'] = 'auth'
self.assertEqual(response(cr, cr['password'], request),
H(":".join([HA1(cr['realm'], cr['username'], cr['password']),
cr.get('nonce'),
cr.get('nc'),
cr.get('cnonce'),
cr.get('qop'),
HA2(cr, request)])))
def get(self, username, password, qop=None):
if qop not in ('auth', 'auth-int'):
qop = None
## Response no authenticated header
## WWW-Authenticate: Digest realm="*****@*****.**",
## qop="auth,auth-int",
## nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
## opaque="5ccc069c403ebaf9f0171e9517f40e41"
##
## HTTP Digest auth request header
## Authorization:Digest username="******",
## realm="mapbender_registry",
## nonce="1c6437cc7cba6c72df4d50c46cff2f15",
## uri="/http_auth/24150",
## response="6bd4212340a437c7486184d362c6e946",
## opaque="b28db91512b288b4a97030aa968487d5",
## qop=auth,
## nc=00000002,
## cnonce="8a2782a5b869595d"
try:
auth = self.request.headers.get("Authorization")
if auth is None:
return self._request_auth(qop)
else:
try:
authorization_info = Authorization.from_string(auth)
except Exception:
self._request_auth(qop)
else:
request_info = dict()
request_info['uri'] = self.request.uri
request_info['body'] = self.request.body
request_info['method'] = self.request.method
response_hash = response(authorization_info, password, request_info)
if response_hash == authorization_info['response']:
self.json_response({"authenticated": True,
'password': password,
'username': username,
'auth-type': 'digest'})
else:
self.set_status(403)
self.finish()
except Exception:
print(sys.exc_info()[1])
self._request_auth(qop)