示例#1
0
    def test_forbidden_custom_content_type(self, clean, name, response, step,
                                           init):
        '''
        Ensure that when the client sends an incorrect authorization token,
        they receive a 403 Forbidden response. If configured, they should
        receive customized content and content-type.
        '''
        state = object()
        init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
        step.side_effect = kerberos.GSSError("FAILURE")
        app = TestApp(
            KerberosAuthMiddleware(index,
                                   hostname='example.org',
                                   forbidden=('CUSTOM', 'text/html')))

        r = app.get('/',
                    headers={'Authorization': 'Negotiate CTOKEN'},
                    expect_errors=True)

        self.assertEqual(r.status, '403 Forbidden')
        self.assertEqual(r.status_int, 403)
        self.assertEqual(r.body, 'CUSTOM')
        self.assertEqual(r.headers['content-type'], 'text/html')

        self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')])
        self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
        self.assertEqual(name.mock_calls, [])
        self.assertEqual(response.mock_calls, [])
        self.assertEqual(clean.mock_calls, [mock.call(state)])
示例#2
0
    def test_authentication_invalid_but_not_required(self, clean, name, response, step, init):
        '''
        Ensure that when a user's auth_required_callback returns False,
        and the request includes an invalid auth token,
        the invalid auth is ignored and the request
        is allowed through to the app.
        '''
        state = object()
        init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
        step.side_effect = kerberos.GSSError("FAILURE")
        false = lambda x: False
        app = TestApp(KerberosAuthMiddleware(index,
                                             hostname='example.org',
                                             auth_required_callback=false))
        r = app.get('/', headers={'Authorization': 'Negotiate CTOKEN'})
        self.assertEqual(r.status, '200 OK')
        self.assertEqual(r.status_int, 200)
        self.assertEqual(r.body, b'Hello ANONYMOUS')
        self.assertEqual(r.headers.get('WWW-Authenticate'), None)
        self.assertEqual(r.headers['content-type'], 'text/plain')

        self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')])
        self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
        self.assertEqual(name.mock_calls, [])
        self.assertEqual(response.mock_calls, [])
        self.assertEqual(clean.mock_calls, [mock.call(state)])
示例#3
0
 def get_host_info(self, host):
     host, extra_headers, x509 = xmlrpclib.Transport.get_host_info(self, host)
     
     # Set the remote host principal
     h = host
     hostinfo = h.split(':')
     service = "HTTP@" + hostinfo[0]
     
     try:
         rc, vc = kerberos.authGSSClientInit(service);
     except kerberos.GSSError, e:
         raise kerberos.GSSError(e)
示例#4
0
 def test_forbidden(self, clean, name, response, step, init):
     '''
     Ensure that when the client sends an incorrect authorization token,
     they receive a 403 Forbidden response.
     '''
     state = object()
     init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
     step.side_effect = kerberos.GSSError("FAILURE")
     c = self.app.test_client()
     r = c.get('/', headers={'Authorization': 'Negotiate CTOKEN'})
     self.assertEqual(r.status_code, 403)
     self.assertEqual(init.mock_calls, [mock.call('*****@*****.**')])
     self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
     self.assertEqual(name.mock_calls, [])
     self.assertEqual(response.mock_calls, [])
     self.assertEqual(clean.mock_calls, [mock.call(state)])
示例#5
0
class KerbTransport(SafeCookieTransport):
    """Handles Kerberos Negotiation authentication to an XML-RPC server."""
    
    def get_host_info(self, host):
        host, extra_headers, x509 = xmlrpclib.Transport.get_host_info(self, host)
        
        # Set the remote host principal
        h = host
        hostinfo = h.split(':')
        service = "HTTP@" + hostinfo[0]
        
        try:
            rc, vc = kerberos.authGSSClientInit(service);
        except kerberos.GSSError, e:
            raise kerberos.GSSError(e)
        
        try:
            kerberos.authGSSClientStep(vc, "");
        except kerberos.GSSError, e:
            raise kerberos.GSSError(e)
示例#6
0
    def test_forbidden(self, clean, name, response, step, init):
        '''
        Ensure that when the client sends an incorrect authorization token,
        they receive a 403 Forbidden response.
        '''
        state = object()
        init.return_value = (kerberos.AUTH_GSS_COMPLETE, state)
        step.side_effect = kerberos.GSSError("FAILURE")
        app = TestApp(KerberosAuthMiddleware(index))

        r = app.get('/',
                    headers={'Authorization': 'Negotiate CTOKEN'},
                    expect_errors=True)

        self.assertEqual(r.status, '403 Forbidden')
        self.assertEqual(r.status_int, 403)
        self.assertEqual(r.body, b'Forbidden')
        self.assertEqual(r.headers['content-type'], 'text/plain')

        self.assertEqual(init.mock_calls, [mock.call('')])
        self.assertEqual(step.mock_calls, [mock.call(state, 'CTOKEN')])
        self.assertEqual(name.mock_calls, [])
        self.assertEqual(response.mock_calls, [])
        self.assertEqual(clean.mock_calls, [mock.call(state)])