def test_identify_with_mismatched_realm(self): plugin = DigestAuthPlugin("test") environ = make_environ() params = get_challenge(plugin, environ) params["realm"] = "SomeOtherRealm" build_response(environ, params, "tester", "testing") self.assertEquals(plugin.identify(environ), None)
def test_remember_with_next_nonce(self): plugin = DigestAuthPlugin("test", nonce_manager=EasyNonceManager()) environ = make_environ() params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing") headers = plugin.remember(environ, params) self.assertEquals(headers[0][0], "Authentication-Info")
def test_auth_good_legacy_mode(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/legacy") params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing", qop=None) self.failIf("qop" in params) self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_challenge_with_other_status(self): plugin = DigestAuthPlugin("test") environ = make_environ() app = plugin.challenge(environ, "200 OK", [], []) self.assertNotEqual(app, None) response = get_response(app, environ) self.failUnless(response.startswith("401 Unauthorized"))
def test_auth_with_failed_password_lookup(self): plugin = DigestAuthPlugin("test", get_pwdhash=lambda u, r: None) environ = make_environ() params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing") self.assertNotEquals(plugin.identify(environ), None) self.assertRaises(ValueError, plugin.authenticate, environ, params)
def test_auth_good_get_with_vars(self): pwdhash = calculate_pwdhash("tester", "testing", "test") plugin = DigestAuthPlugin("test", get_pwdhash=lambda u, r: pwdhash) environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/hi?who=me") params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing") self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_auth_with_bad_digest_response(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ() params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing") params["response"] += "WRONG" self.assertEquals(plugin.authenticate(environ, params), None)
def test_auth_with_different_realm(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ() params = get_challenge(plugin, environ) params["realm"] = "other-realm" params = build_response(environ, params, "tester", "testing") self.assertEquals(plugin.authenticate(environ, params), None)
def test_rfc2617_example(self): plugin = DigestAuthPlugin("*****@*****.**", nonce_manager=EasyNonceManager()) # Calculate the response according to the RFC example parameters. password = "******" params = { "username": "******", "realm": "*****@*****.**", "nonce": "dcd98b7102dd2f0e8b11d0f600bfb0c093", "uri": "/dir/index.html", "qop": "auth", "nc": "00000001", "cnonce": "0a4f113b", "opaque": "5ccc069c403ebaf9f0171e9517f40e41", "request-method": "GET", } resp = calculate_digest_response(params, password=password) # Check that it's as expected self.assertEquals(resp, "6629fae49393a05397450978507c4ef1") # Check that we can auth using it. params["response"] = resp authz = ",".join('%s="%s"' % v for v in params.iteritems()) environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/dir/index.html", HTTP_AUTHORIZATION="Digest " + authz) identity = plugin.identify(environ) self.assertEquals(identity["username"], "Mufasa")
def test_auth_with_missing_nonce(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ() params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing") del params["nonce"] self.assertNotEquals(plugin.identify(environ), None) self.assertRaises(KeyError, plugin.authenticate, environ, params)
def test_identify_with_mismatched_uri(self): plugin = DigestAuthPlugin("test") environ = make_environ(PATH_INFO="/path_one") params = get_challenge(plugin, environ) build_response(environ, params, "tester", "testing") self.assertNotEquals(plugin.identify(environ), None) environ["PATH_INFO"] = "/path_two" self.assertEquals(plugin.identify(environ), None)
def test_challenge_with_extra_domains(self): plugin = DigestAuthPlugin("test", domain="http://example.com") environ = make_environ() app = plugin.challenge(environ, "200 OK", [], []) self.assertNotEqual(app, None) response = get_response(app, environ) self.failUnless(response.startswith("401 Unauthorized")) self.failUnless("http://example.com" in response)
def test_challenge(self): plugin = DigestAuthPlugin("test") environ = make_environ() app = plugin.challenge(environ, "401 Unauthorized", [], []) self.assertNotEqual(app, None) response = get_response(app, environ) self.failUnless(response.startswith("401 Unauthorized")) self.failUnless("WWW-Authenticate: Digest" in response)
def test_identify_with_non_digest_authz(self): plugin = DigestAuthPlugin("test") environ = make_environ(HTTP_AUTHORIZATION="Basic lalalala") identity = plugin.identify(environ) self.assertEquals(identity, None) environ = make_environ(HTTP_AUTHORIZATION="BrowserID assertion=1234") identity = plugin.identify(environ) self.assertEquals(identity, None)
def test_auth_with_invalid_content_md5(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/authint", HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==") params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing", qop="auth-int") params["content-md5"] = "8baNZjN6gc+g0gdhccuiqA==" self.assertNotEquals(plugin.identify(environ), None) self.assertEquals(plugin.authenticate(environ, params), None)
def test_auth_with_unknown_qop(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ() params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing") authz = environ["HTTP_AUTHORIZATION"].replace("auth", "super-duper") environ["HTTP_AUTHORIZATION"] = authz self.assertEquals(plugin.identify(environ), None) params["qop"] = "super-duper" self.assertRaises(ValueError, plugin.authenticate, environ, params)
def test_identify_with_bad_noncecount(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/one") # Do an initial auth to get the nonce. params = get_challenge(plugin, environ) build_response(environ, params, "tester", "testing", nc="01") identity = plugin.identify(environ) self.assertNotEquals(identity, None) plugin.remember(environ, identity) # Authing without increasing nc will fail. environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(environ, params, "tester", "testing", nc="01") self.assertEquals(plugin.identify(environ), None) # Authing with a badly-formed nc will fail environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(environ, params, "tester", "testing", nc="02XXX") self.assertEquals(plugin.identify(environ), None) # Authing with a badly-formed nc will fail environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(environ, params, "tester", "testing", nc="02XXX") self.assertEquals(plugin.identify(environ), None) # Authing with increasing nc will succeed. environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/two") build_response(environ, params, "tester", "testing", nc="02") self.assertNotEquals(plugin.identify(environ), None)
def test_auth_good_authint_mode(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ(REQUEST_METHOD="GET", PATH_INFO="/authint", HTTP_CONTENT_MD5="1B2M2Y8AsgTpgAmY7PhCfg==") params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing", qop="auth-int") self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_challenge_with_stale_nonce(self): plugin = DigestAuthPlugin("test") environ = make_environ() # Identify with a bad nonce to mark it as stale. params = get_challenge(plugin, environ) params["nonce"] += "STALE" params = build_response(environ, params, "tester", "testing") self.assertEquals(plugin.identify(environ), None) # The challenge should then include stale=TRUE app = plugin.challenge(environ, "200 OK", [], []) self.assertNotEqual(app, None) response = get_response(app, environ) self.failUnless(response.startswith("401 Unauthorized")) self.failUnless('stale="TRUE"' in response)
def test_challenge_with_extra_headers(self): plugin = DigestAuthPlugin("test") environ = make_environ() app_headers = [("X-Test-One", "test1")] forget_headers = [("X-Test-Two", "test2")] app = plugin.challenge(environ, "401 Unauthorized", app_headers, forget_headers) self.assertNotEqual(app, None) response = get_response(app, environ) self.failUnless(response.startswith("401 Unauthorized")) self.failUnless("WWW-Authenticate: Digest" in response) self.failUnless("X-Test-One" in response) self.failUnless("test1" in response) self.failUnless("X-Test-Two" in response) self.failUnless("test2" in response)
def test_remember_with_no_next_nonce(self): plugin = DigestAuthPlugin("test") environ = make_environ() params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing") self.assertEquals(plugin.remember(environ, params), None)
def test_remember_with_no_identity(self): plugin = DigestAuthPlugin("test") environ = make_environ() self.assertEquals(plugin.remember(environ, {}), None)
def test_identify_with_invalid_params(self): plugin = DigestAuthPlugin("test") environ = make_environ(HTTP_AUTHORIZATION="Digest realm=Sync") self.assertEquals(plugin.identify(environ), None)
def test_auth_good_post(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ(REQUEST_METHOD="POST", PATH_INFO="/do/stuff") params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing") self.assertNotEquals(plugin.authenticate(environ, params), None)
def test_auth_with_no_password_callbacks(self): plugin = DigestAuthPlugin("test") environ = make_environ() params = get_challenge(plugin, environ) params = build_response(environ, params, "tester", "testing") self.assertEquals(plugin.authenticate(environ, params), None)
def test_auth_with_no_identity(self): plugin = DigestAuthPlugin("test", get_password=lambda u: "testing") environ = make_environ() self.assertEquals(plugin.authenticate(environ, {}), None)
def test_identify_with_no_authz(self): plugin = DigestAuthPlugin("test") environ = make_environ() identity = plugin.identify(environ) self.assertEquals(identity, None)