def test_android_auth_workaround(self): # {{{
'Test authentication workaround for Android'
r = router()
with TestServer(r.dispatch) as server:
r.auth_controller.log = server.log
conn = server.connect()
# First check that unauth access fails
conn.request('GET', '/android')
r = conn.getresponse()
self.ae(r.status, http_client.UNAUTHORIZED)
auth_handler = HTTPDigestAuthHandler()
url = 'http://localhost:%d%s' % (server.address[1], '/android')
auth_handler.add_password(realm=REALM, uri=url, user='******', passwd='testpw')
cj = CookieJar()
cookie_handler = HTTPCookieProcessor(cj)
r = build_opener(auth_handler, cookie_handler).open(url)
self.ae(r.getcode(), http_client.OK)
cookies = tuple(cj)
self.ae(len(cookies), 1)
cookie = cookies[0]
self.assertIn(':', cookie.value)
self.ae(cookie.path, '/android')
r = build_opener(cookie_handler).open(url)
self.ae(r.getcode(), http_client.OK)
self.ae(r.read(), b'android')
# Test that a replay attack against a different URL does not work
try:
build_opener(cookie_handler).open(url+'2')
assert ('Replay attack succeeded')
except HTTPError as e:
self.ae(e.code, http_client.UNAUTHORIZED)
def test_android_auth_workaround(self): # {{{
'Test authentication workaround for Android'
r = router()
with TestServer(r.dispatch) as server:
r.auth_controller.log = server.log
conn = server.connect()
# First check that unauth access fails
conn.request('GET', '/android')
r = conn.getresponse()
self.ae(r.status, http_client.UNAUTHORIZED)
auth_handler = HTTPDigestAuthHandler()
url = 'http://localhost:%d%s' % (server.address[1], '/android')
auth_handler.add_password(realm=REALM, uri=url, user='******', passwd='testpw')
cj = CookieJar()
cookie_handler = HTTPCookieProcessor(cj)
r = build_opener(auth_handler, cookie_handler).open(url)
self.ae(r.getcode(), http_client.OK)
cookies = tuple(cj)
self.ae(len(cookies), 1)
cookie = cookies[0]
self.assertIn(':', cookie.value)
self.ae(cookie.path, '/android')
r = build_opener(cookie_handler).open(url)
self.ae(r.getcode(), http_client.OK)
self.ae(r.read(), b'android')
# Test that a replay attack against a different URL does not work
try:
build_opener(cookie_handler).open(url+'2')
assert ('Replay attack succeeded')
except HTTPError as e:
self.ae(e.code, http_client.UNAUTHORIZED)
def urlopen(server,
path='/closed',
un='testuser',
pw='testpw',
method='digest'):
auth_handler = HTTPBasicAuthHandler(
) if method == 'basic' else HTTPDigestAuthHandler()
url = 'http://localhost:%d%s' % (server.address[1], path)
auth_handler.add_password(realm=REALM, uri=url, user=un, passwd=pw)
return build_opener(auth_handler).open(url)
def urlopen(server, path='/closed', un='testuser', pw='testpw', method='digest'):
auth_handler = HTTPBasicAuthHandler() if method == 'basic' else HTTPDigestAuthHandler()
url = 'http://localhost:%d%s' % (server.address[1], path)
auth_handler.add_password(realm=REALM, uri=url, user=un, passwd=pw)
return build_opener(auth_handler).open(url)
