def test_digest_next_nonce_nc(): # Test that if the server sets nextnonce that we reset # the nonce count back to 1 http = httplib2.Http() password = tests.gen_password() grenew_nonce = [None] handler = tests.http_reflect_with_auth( allow_scheme="digest", allow_credentials=(("joe", password),), out_renew_nonce=grenew_nonce, ) with tests.server_request(handler, request_count=5) as uri: http.add_credentials("joe", password) response1, _ = http.request(uri, "GET") info = httplib2.auth._parse_authentication_info(response1) print("debug: response1 authentication-info: {}\nparsed: {}".format(response1.get("authentication-info"), info)) assert response1.status == 200 assert info.get("nc") == "00000001", info assert not info.get("digest", {}).get("nextnonce"), info response2, _ = http.request(uri, "GET") info2 = httplib2.auth._parse_authentication_info(response2) assert info2.get("nc") == "00000002", info2 grenew_nonce[0]() response3, content = http.request(uri, "GET") info3 = httplib2.auth._parse_authentication_info(response3) assert response3.status == 200 assert info3.get("nc") == "00000001", info3
def test_digest_next_nonce_nc(): # Test that if the server sets nextnonce that we reset # the nonce count back to 1 http = httplib2.Http() password = tests.gen_password() grenew_nonce = [None] handler = tests.http_reflect_with_auth( allow_scheme='digest', allow_credentials=(('joe', password), ), out_renew_nonce=grenew_nonce, ) with tests.server_request(handler, request_count=5) as uri: http.add_credentials('joe', password) response1, _ = http.request(uri, 'GET') info = httplib2._parse_www_authenticate(response1, 'authentication-info') assert response1.status == 200 assert info.get('digest', {}).get('nc') == '00000001', info assert not info.get('digest', {}).get('nextnonce'), info response2, _ = http.request(uri, 'GET') info2 = httplib2._parse_www_authenticate(response2, 'authentication-info') assert info2.get('digest', {}).get('nc') == '00000002', info2 grenew_nonce[0]() response3, content = http.request(uri, 'GET') info3 = httplib2._parse_www_authenticate(response3, 'authentication-info') assert response3.status == 200 assert info3.get('digest', {}).get('nc') == '00000001', info3
def test_digest_auth_stale(): # Test that we can handle a nonce becoming stale http = httplib2.Http() password = tests.gen_password() grenew_nonce = [None] requests = [] handler = tests.http_reflect_with_auth( allow_scheme='digest', allow_credentials=(('joe', password), ), out_renew_nonce=grenew_nonce, out_requests=requests, ) with tests.server_request(handler, request_count=4) as uri: http.add_credentials('joe', password) response, _ = http.request(uri, 'GET') assert response.status == 200 info = httplib2._parse_www_authenticate(requests[0][1].headers, 'www-authenticate') grenew_nonce[0]() response, _ = http.request(uri, 'GET') assert response.status == 200 assert not response.fromcache assert getattr(response, '_stale_digest', False) info2 = httplib2._parse_www_authenticate(requests[2][1].headers, 'www-authenticate') nonce1 = info.get('digest', {}).get('nonce', '') nonce2 = info2.get('digest', {}).get('nonce', '') assert nonce1 != '' assert nonce2 != '' assert nonce1 != nonce2, (nonce1, nonce2)
def test_digest_next_nonce_nc(): # Test that if the server sets nextnonce that we reset # the nonce count back to 1 http = httplib2.Http() password = tests.gen_password() grenew_nonce = [None] handler = tests.http_reflect_with_auth( allow_scheme="digest", allow_credentials=(("joe", password),), out_renew_nonce=grenew_nonce, ) with tests.server_request(handler, request_count=5) as uri: http.add_credentials("joe", password) response1, _ = http.request(uri, "GET") info = httplib2._parse_www_authenticate(response1, "authentication-info") assert response1.status == 200 assert info.get("digest", {}).get("nc") == "00000001", info assert not info.get("digest", {}).get("nextnonce"), info response2, _ = http.request(uri, "GET") info2 = httplib2._parse_www_authenticate(response2, "authentication-info") assert info2.get("digest", {}).get("nc") == "00000002", info2 grenew_nonce[0]() response3, content = http.request(uri, "GET") info3 = httplib2._parse_www_authenticate(response3, "authentication-info") assert response3.status == 200 assert info3.get("digest", {}).get("nc") == "00000001", info3
def test_digest_auth_stale(): # Test that we can handle a nonce becoming stale http = httplib2.Http() password = tests.gen_password() grenew_nonce = [None] requests = [] handler = tests.http_reflect_with_auth( allow_scheme="digest", allow_credentials=(("joe", password),), out_renew_nonce=grenew_nonce, out_requests=requests, ) with tests.server_request(handler, request_count=4) as uri: http.add_credentials("joe", password) response, _ = http.request(uri, "GET") assert response.status == 200 info = httplib2._parse_www_authenticate( requests[0][1].headers, "www-authenticate" ) grenew_nonce[0]() response, _ = http.request(uri, "GET") assert response.status == 200 assert not response.fromcache assert getattr(response, "_stale_digest", False) info2 = httplib2._parse_www_authenticate( requests[2][1].headers, "www-authenticate" ) nonce1 = info.get("digest", {}).get("nonce", "") nonce2 = info2.get("digest", {}).get("nonce", "") assert nonce1 != "" assert nonce2 != "" assert nonce1 != nonce2, (nonce1, nonce2)
def test_basic_two_credentials(): # Test Basic Authentication with multiple sets of credentials http = httplib2.Http() password1 = tests.gen_password() password2 = tests.gen_password() allowed = [("joe", password1)] # exploit shared mutable list handler = tests.http_reflect_with_auth(allow_scheme="basic", allow_credentials=allowed) with tests.server_request(handler, request_count=7) as uri: http.add_credentials("fred", password2) response, content = http.request(uri, "GET") assert response.status == 401 http.add_credentials("joe", password1) response, content = http.request(uri, "GET") assert response.status == 200 allowed[0] = ("fred", password2) response, content = http.request(uri, "GET") assert response.status == 200
def test_basic_two_credentials(): # Test Basic Authentication with multiple sets of credentials http = httplib2.Http() password1 = tests.gen_password() password2 = tests.gen_password() allowed = [("joe", password1)] # exploit shared mutable list handler = tests.http_reflect_with_auth( allow_scheme="basic", allow_credentials=allowed ) with tests.server_request(handler, request_count=7) as uri: http.add_credentials("fred", password2) response, content = http.request(uri, "GET") assert response.status == 401 http.add_credentials("joe", password1) response, content = http.request(uri, "GET") assert response.status == 200 allowed[0] = ("fred", password2) response, content = http.request(uri, "GET") assert response.status == 200
def test_digest(): # Test that we support Digest Authentication http = httplib2.Http() password = tests.gen_password() handler = tests.http_reflect_with_auth(allow_scheme="digest", allow_credentials=(("joe", password),)) with tests.server_request(handler, request_count=3) as uri: response, content = http.request(uri, "GET") assert response.status == 401 http.add_credentials("joe", password) response, content = http.request(uri, "GET") assert response.status == 200, content.decode()
def test_basic(): # Test Basic Authentication http = httplib2.Http() password = tests.gen_password() handler = tests.http_reflect_with_auth(allow_scheme='basic', allow_credentials=(('joe', password), )) with tests.server_request(handler, request_count=3) as uri: response, content = http.request(uri, 'GET') assert response.status == 401 http.add_credentials('joe', password) response, content = http.request(uri, 'GET') assert response.status == 200
def test_digest(): # Test that we support Digest Authentication http = httplib2.Http() password = tests.gen_password() handler = tests.http_reflect_with_auth( allow_scheme="digest", allow_credentials=(("joe", password),) ) with tests.server_request(handler, request_count=3) as uri: response, content = http.request(uri, "GET") assert response.status == 401 http.add_credentials("joe", password) response, content = http.request(uri, "GET") assert response.status == 200, content.decode()
def test_basic_for_domain(): # Test Basic Authentication http = httplib2.Http() password = tests.gen_password() handler = tests.http_reflect_with_auth(allow_scheme="basic", allow_credentials=(("joe", password),)) with tests.server_request(handler, request_count=4) as uri: response, content = http.request(uri, "GET") assert response.status == 401 http.add_credentials("joe", password, "example.org") response, content = http.request(uri, "GET") assert response.status == 401 domain = urllib.parse.urlparse(uri)[1] http.add_credentials("joe", password, domain) response, content = http.request(uri, "GET") assert response.status == 200
def test_basic_for_domain(): # Test Basic Authentication http = httplib2.Http() password = tests.gen_password() handler = tests.http_reflect_with_auth( allow_scheme="basic", allow_credentials=(("joe", password),) ) with tests.server_request(handler, request_count=4) as uri: response, content = http.request(uri, "GET") assert response.status == 401 http.add_credentials("joe", password, "example.org") response, content = http.request(uri, "GET") assert response.status == 401 domain = urllib.parse.urlparse(uri)[1] http.add_credentials("joe", password, domain) response, content = http.request(uri, "GET") assert response.status == 200
def test_wsse_ok(): http = httplib2.Http() username = "******" password = tests.gen_password() grenew_nonce = [None] requests = [] handler = tests.http_reflect_with_auth( allow_scheme="wsse", allow_credentials=((username, password),), out_renew_nonce=grenew_nonce, out_requests=requests, ) http.add_credentials(username, password) with tests.server_request(handler, request_count=2) as uri: response, _ = http.request(uri) assert requests[0][1].status == 401 assert requests[1][0].headers["authorization"] == 'WSSE profile="UsernameToken"' assert response.status == 200