示例#1
0
文件: tests.py 项目: Lispython/httphq
    def test_Hx(self):
        cr = {'username': '******',
              'password': '******',
              'realm': 'Fake area',
              'nonce': "dcd98b7102dd2f0e8b11d0f600bfb0c093",
              'uri': "/dir/index.html",
              'nc': '00000001',
              'cnonce': "0a4f113b",
              'response': "e966c932a9242554e42c8ee200cec7f6",
              'opaque': "5ccc069c403ebaf9f0171e9517f40e41"}

        request = {'method': 'GET',
                   'uri': '/dir/index.html',
                   'body': 'request body'}
        self.assertEqual(HA1(cr['realm'], cr['username'], cr['password']),
                          H("%s:%s:%s" % (cr['username'], cr['realm'], cr['password'])))

        # test qop == auth
        cr['qop'] = 'auth'
        self.assertEqual(HA2(cr, request), H("%s:%s" % (request['method'], request['uri'])))

        # test qop == auth-int
        cr['qop'] = 'auth-int'
        self.assertEqual(HA2(cr, request), H("%s:%s:%s" % (request['method'], request['uri'], H(request['body']))))

        # test qop == 'bad-auth'
        cr['qop'] = 'bad-auth'
        self.assertRaises(ValueError, HA2, cr, request)


        # test qop == None
        cr['qop'] = None
        self.assertEqual(response(cr, cr['password'], request),
                          H(":".join([HA1(cr['realm'], cr['username'], cr['password']),
                                      cr.get('nonce'), HA2(cr, request)])))

        # test qop == auth
        cr['qop'] = 'auth'
        self.assertEqual(response(cr, cr['password'], request),
                          H(":".join([HA1(cr['realm'], cr['username'], cr['password']),
                                      cr.get('nonce'),
                                      cr.get('nc'),
                                      cr.get('cnonce'),
                                      cr.get('qop'),
                                      HA2(cr, request)])))
示例#2
0
文件: app.py 项目: Lispython/httphq
    def get(self, username, password, qop=None):
        if qop not in ('auth', 'auth-int'):
            qop = None
        ## Response no authenticated header
        ## WWW-Authenticate: Digest realm="*****@*****.**",
        ##                 qop="auth,auth-int",
        ##                 nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
        ##                 opaque="5ccc069c403ebaf9f0171e9517f40e41"
        ##
        ## HTTP Digest auth request header
        ## Authorization:Digest username="******",
        ##                 realm="mapbender_registry",
        ##                 nonce="1c6437cc7cba6c72df4d50c46cff2f15",
        ##                 uri="/http_auth/24150",
        ##                 response="6bd4212340a437c7486184d362c6e946",
        ##                 opaque="b28db91512b288b4a97030aa968487d5",
        ##                 qop=auth,
        ##                 nc=00000002,
        ##                 cnonce="8a2782a5b869595d"

        try:
            auth = self.request.headers.get("Authorization")
            if auth is None:
                return self._request_auth(qop)
            else:
                try:
                    authorization_info = Authorization.from_string(auth)
                except Exception:
                    self._request_auth(qop)
                else:
                    request_info = dict()
                    request_info['uri'] = self.request.uri
                    request_info['body'] = self.request.body
                    request_info['method'] = self.request.method
                    response_hash = response(authorization_info, password, request_info)
                    if response_hash == authorization_info['response']:
                        self.json_response({"authenticated": True,
                                            'password': password,
                                            'username': username,
                                            'auth-type': 'digest'})
                    else:
                        self.set_status(403)
                        self.finish()

        except Exception:
            print(sys.exc_info()[1])
            self._request_auth(qop)