def test_nonce_validation(self): nm = SignedNonceManager(timeout=0.1) environ = make_environ(HTTP_USER_AGENT="good-user") # malformed nonces should be invalid self.failIf(nm.is_valid_nonce("", environ)) self.failIf(nm.is_valid_nonce("IHACKYOU", environ)) # immediately-generated nonces should be valid. nonce = nm.generate_nonce(environ) self.failUnless(nm.is_valid_nonce(nonce, environ)) # tampered-with nonces should be invalid self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", environ)) # nonces are only valid for specific user-agent environ2 = make_environ(HTTP_USER_AGENT="nasty-hacker") self.failIf(nm.is_valid_nonce(nonce, environ2)) # expired nonces should be invalid self.failUnless(nm.is_valid_nonce(nonce, environ)) time.sleep(0.1) self.failIf(nm.is_valid_nonce(nonce, environ))
def __init__(self, realm, nonce_manager=None, domain=None, qop=None, get_password=None, get_pwdhash=None): if nonce_manager is None: nonce_manager = SignedNonceManager() if qop is None: qop = "auth" self.realm = realm self.nonce_manager = nonce_manager self.domain = domain self.qop = qop self.get_password = get_password self.get_pwdhash = get_pwdhash
def test_next_nonce_generation(self): nm = SignedNonceManager(soft_timeout=0.1) environ = make_environ() nonce1 = nm.generate_nonce(environ) self.failUnless(nm.is_valid_nonce(nonce1, environ)) # next-nonce is not generated until the soft timeout expires. self.assertEquals(nm.get_next_nonce(nonce1, environ), None) time.sleep(0.1) nonce2 = nm.get_next_nonce(nonce1, environ) self.assertNotEquals(nonce2, None) self.assertNotEquals(nonce2, nonce1) self.failUnless(nm.is_valid_nonce(nonce1, environ)) self.failUnless(nm.is_valid_nonce(nonce2, environ))
def test_auto_purging_of_expired_nonces(self): nm = SignedNonceManager(timeout=0.2) environ = make_environ() nonce1 = nm.generate_nonce(environ) nm.record_nonce_count(nonce1, 1) time.sleep(0.1) # nonce1 hasn't expired, so adding a new one won't purge it nonce2 = nm.generate_nonce(environ) nm.record_nonce_count(nonce2, 1) self.assertEquals(nm.get_nonce_count(nonce1), 1) time.sleep(0.1) # nonce1 has expired, it should be purged when adding another. # nonce2 hasn't expired so it should remain in memory. nonce3 = nm.generate_nonce(environ) nm.record_nonce_count(nonce3, 1) self.assertEquals(nm.get_nonce_count(nonce1), None) self.assertEquals(nm.get_nonce_count(nonce2), 1)
def test_nonce_count_management(self): nm = SignedNonceManager(timeout=0.1) environ = make_environ() nonce1 = nm.generate_nonce(environ) self.assertEquals(nm.get_nonce_count(nonce1), None) nm.record_nonce_count(nonce1, 1) self.assertEquals(nm.get_nonce_count(nonce1), 1) # purging won't remove it until it has expired. nm._purge_expired_nonces() self.assertEquals(nm.get_nonce_count(nonce1), 1) time.sleep(0.1) nm._purge_expired_nonces() self.assertEquals(nm.get_nonce_count(nonce1), None)