def test_authorization_header(self): a = http.parse_authorization_header("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==") assert a.type == "basic" assert a.username == "Aladdin" assert a.password == "open sesame" a = http.parse_authorization_header( "Basic 0YDRg9GB0YHQutC40IE60JHRg9C60LLRiw==" ) assert a.type == "basic" assert a.username == "русскиЁ" assert a.password == "Буквы" a = http.parse_authorization_header("Basic 5pmu6YCa6K+dOuS4reaWhw==") assert a.type == "basic" assert a.username == "普通话" assert a.password == "中文" a = http.parse_authorization_header( '''Digest username="******", realm="*****@*****.**", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41"''' ) assert a.type == "digest" assert a.username == "Mufasa" assert a.realm == "*****@*****.**" assert a.nonce == "dcd98b7102dd2f0e8b11d0f600bfb0c093" assert a.uri == "/dir/index.html" assert a.qop == "auth" assert a.nc == "00000001" assert a.cnonce == "0a4f113b" assert a.response == "6629fae49393a05397450978507c4ef1" assert a.opaque == "5ccc069c403ebaf9f0171e9517f40e41" a = http.parse_authorization_header( '''Digest username="******", realm="*****@*****.**", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", response="e257afa1414a3340d93d30955171dd0e", opaque="5ccc069c403ebaf9f0171e9517f40e41"''' ) assert a.type == "digest" assert a.username == "Mufasa" assert a.realm == "*****@*****.**" assert a.nonce == "dcd98b7102dd2f0e8b11d0f600bfb0c093" assert a.uri == "/dir/index.html" assert a.response == "e257afa1414a3340d93d30955171dd0e" assert a.opaque == "5ccc069c403ebaf9f0171e9517f40e41" assert http.parse_authorization_header("") is None assert http.parse_authorization_header(None) is None assert http.parse_authorization_header("foo") is None
def test_authorization_header(self): a = http.parse_authorization_header("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==") assert a.type == "basic" assert a.username == u"Aladdin" assert a.password == u"open sesame" a = http.parse_authorization_header( "Basic 0YDRg9GB0YHQutC40IE60JHRg9C60LLRiw==" ) assert a.type == "basic" assert a.username == u"русскиЁ" assert a.password == u"Буквы" a = http.parse_authorization_header("Basic 5pmu6YCa6K+dOuS4reaWhw==") assert a.type == "basic" assert a.username == u"普通话" assert a.password == u"中文" a = http.parse_authorization_header( '''Digest username="******", realm="*****@*****.**", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41"''' ) assert a.type == "digest" assert a.username == "Mufasa" assert a.realm == "*****@*****.**" assert a.nonce == "dcd98b7102dd2f0e8b11d0f600bfb0c093" assert a.uri == "/dir/index.html" assert a.qop == "auth" assert a.nc == "00000001" assert a.cnonce == "0a4f113b" assert a.response == "6629fae49393a05397450978507c4ef1" assert a.opaque == "5ccc069c403ebaf9f0171e9517f40e41" a = http.parse_authorization_header( '''Digest username="******", realm="*****@*****.**", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", response="e257afa1414a3340d93d30955171dd0e", opaque="5ccc069c403ebaf9f0171e9517f40e41"''' ) assert a.type == "digest" assert a.username == "Mufasa" assert a.realm == "*****@*****.**" assert a.nonce == "dcd98b7102dd2f0e8b11d0f600bfb0c093" assert a.uri == "/dir/index.html" assert a.response == "e257afa1414a3340d93d30955171dd0e" assert a.opaque == "5ccc069c403ebaf9f0171e9517f40e41" assert http.parse_authorization_header("") is None assert http.parse_authorization_header(None) is None assert http.parse_authorization_header("foo") is None
def parse(region, service, headers): if 'Authorization' not in headers: raise exceptions.Unsigned() auth_header = headers.get('Authorization') if not auth_header.startswith('Basic '): raise exceptions.Unsigned() auth = parse_authorization_header(auth_header) if not auth: raise exceptions.InvalidSignature() date = datetime.datetime.utcnow() key = current_app.auth_backend.get_access_key( 'basic-auth', region, service, date.date(), auth.username, ) secret = make_basic_auth_key( region, service, date, auth.username, auth.password, ) if not hmac.compare_digest(key['key'], secret): raise exceptions.InvalidSignature() return key['identity'], False
def _authorize_login(region, service, action, resource, headers, context): if 'Authorization' not in headers: return { 'Authorized': False, 'ErrorCode': 'NoSuchKey', 'Status': 401, } auth = parse_authorization_header(headers.get('Authorization')) if not auth: return { 'Authorized': False, 'ErrorCode': 'NoSuchKey', 'Status': 401, } user = User.query.filter(User.username == auth.username).first() if not user or not user.password: return { 'Authorized': False, 'ErrorCode': 'NoSuchKey', 'Status': 401, } if not user.is_valid_password(auth.password): return { 'Authorized': False, 'ErrorCode': 'InvalidSecretKey', 'Status': 401, } return _authorize_user(region, service, user.username, action, resource, headers, context)
def actual_token(cls) -> str: """Gets the **unhashed** token. Use `hash_token` to hash it.""" x = request.headers.environ['HTTP_AUTHORIZATION'] header = parse_authorization_header(x) if header is None: raise StandardError('The Authorization header is not well written: ' + x, 400) return header['username']
def _get_token_from_headers(self, request: Request) -> Optional[str]: """Extract JWT token from HTTP Authorization header This will first try to obtain a Bearer token. If none is found but we have a 'Basic' Authorization header, and basic auth JWT payload has not been disabled, and the provided username matches the configured JWT token username, we will try to use the provided password as if it was a JWT token. """ header = request.headers.get('Authorization') if not header: return None try: authz_type, payload = header.split(" ", 1) except ValueError: return None if authz_type.lower() == 'bearer': self._log.debug("Found token in Authorization: Bearer header") return payload elif authz_type.lower() == 'basic' and self.basic_auth_user: parsed_header = parse_authorization_header(header) if parsed_header and parsed_header.username == self.basic_auth_user: self._log.debug("Found token in Authorization: Basic header") return parsed_header.password return None
def actual_token(cls) -> str: """Gets the **unhashed** token. Use `hash_token` to hash it.""" x = request.headers.environ['HTTP_AUTHORIZATION'] header = parse_authorization_header(x) if header is None: raise Exception( 'The Authorization header is not well written: ' + x, 400) return header['username']
def digest_auth(qop=None, user='******', passwd='passwd', algorithm='MD5', stale_after='never'): """Prompts the user for authorization using HTTP Digest auth""" require_cookie_handling = (request.args.get('require-cookie', '').lower() in ('1', 't', 'true')) if algorithm not in ('MD5', 'SHA-256', 'SHA-512'): algorithm = 'MD5' if qop not in ('auth', 'auth-int'): qop = None authorization = request.headers.get('Authorization') credentials = None if authorization: credentials = parse_authorization_header(authorization) if (not authorization or not credentials or (require_cookie_handling and 'Cookie' not in request.headers)): response = digest_challenge_response(app, qop, algorithm) response.set_cookie('stale_after', value=stale_after) response.set_cookie('fake', value='fake_value') return response if (require_cookie_handling and request.cookies.get('fake') != 'fake_value'): response = jsonify({'errors': ['missing cookie set on challenge']}) response.set_cookie('fake', value='fake_value') response.status_code = 403 return response current_nonce = credentials.get('nonce') stale_after_value = None if 'stale_after' in request.cookies: stale_after_value = request.cookies.get('stale_after') if ('last_nonce' in request.cookies and current_nonce == request.cookies.get('last_nonce') or stale_after_value == '0'): response = digest_challenge_response(app, qop, algorithm, True) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) response.set_cookie('fake', value='fake_value') return response if not check_digest_auth(user, passwd): response = digest_challenge_response(app, qop, algorithm, False) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) response.set_cookie('fake', value='fake_value') return response response = jsonify(authenticated=True, user=user) response.set_cookie('fake', value='fake_value') if stale_after_value : response.set_cookie('stale_after', value=next_stale_after_value(stale_after_value)) return response
def test_authorization_header(self): a = http.parse_authorization_header( 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==') assert a.type == 'basic' assert a.username == u'Aladdin' assert a.password == u'open sesame' a = http.parse_authorization_header( 'Basic 0YDRg9GB0YHQutC40IE60JHRg9C60LLRiw==') assert a.type == 'basic' assert a.username == u'русскиЁ' assert a.password == u'Буквы' a = http.parse_authorization_header('Basic 5pmu6YCa6K+dOuS4reaWhw==') assert a.type == 'basic' assert a.username == u'普通话' assert a.password == u'中文' a = http.parse_authorization_header('''Digest username="******", realm="*****@*****.**", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41"''') assert a.type == 'digest' assert a.username == 'Mufasa' assert a.realm == '*****@*****.**' assert a.nonce == 'dcd98b7102dd2f0e8b11d0f600bfb0c093' assert a.uri == '/dir/index.html' assert a.qop == 'auth' assert a.nc == '00000001' assert a.cnonce == '0a4f113b' assert a.response == '6629fae49393a05397450978507c4ef1' assert a.opaque == '5ccc069c403ebaf9f0171e9517f40e41' a = http.parse_authorization_header('''Digest username="******", realm="*****@*****.**", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", response="e257afa1414a3340d93d30955171dd0e", opaque="5ccc069c403ebaf9f0171e9517f40e41"''') assert a.type == 'digest' assert a.username == 'Mufasa' assert a.realm == '*****@*****.**' assert a.nonce == 'dcd98b7102dd2f0e8b11d0f600bfb0c093' assert a.uri == '/dir/index.html' assert a.response == 'e257afa1414a3340d93d30955171dd0e' assert a.opaque == '5ccc069c403ebaf9f0171e9517f40e41' assert http.parse_authorization_header('') is None assert http.parse_authorization_header(None) is None assert http.parse_authorization_header('foo') is None
def _authorize(request): if request.headers.get('Authorization'): credentials = parse_authorization_header( request.headers.get('Authorization')) if not credentials or not \ (credentials.type == 'basic' and credentials.password == users[credentials.username]): abort(403) return credentials else: abort(403)
def check_digest_auth(user, passwd): """Check user authentication using HTTP Digest auth""" if request.headers.get("Authorization"): credentails = parse_authorization_header(request.headers.get("Authorization")) if not credentails: return response_hash = response(credentails, passwd, dict(uri=request.path, body=request.data, method=request.method)) if credentails["response"] == response_hash: return True return False
def check_digest_auth(user, passwd): """Check user authentication using HTTP Digest auth""" if request.headers.get('Authorization'): credentails = parse_authorization_header(request.headers.get('Authorization')) if not credentails: return response_hash = response(credentails, passwd, dict(uri=request.path, body=request.data, method=request.method)) if credentails['response'] == response_hash: return True return False
def digest_auth(qop=None, user='******', passwd='passwd', algorithm='MD5', stale_after='never'): """Prompts the user for authorization using HTTP Digest auth""" if algorithm not in ('MD5', 'SHA-256'): algorithm = 'MD5' if qop not in ('auth', 'auth-int'): qop = None if 'Authorization' not in request.headers or \ 'Cookie' not in request.headers: response = digest_challenge_response(app, qop, algorithm) response.set_cookie('stale_after', value=stale_after) return response credentails = parse_authorization_header( request.headers.get('Authorization')) if not credentails: response = digest_challenge_response(app, qop, algorithm) response.set_cookie('stale_after', value=stale_after) return response current_nonce = credentails.get('nonce') stale_after_value = None if 'stale_after' in request.cookies: stale_after_value = request.cookies.get('stale_after') if 'last_nonce' in request.cookies and current_nonce == request.cookies.get('last_nonce') or \ stale_after_value == '0' : response = digest_challenge_response(app, qop, algorithm, True) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) return response if not check_digest_auth(user, passwd): response = digest_challenge_response(app, qop, algorithm, False) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) return response response = jsonify(authenticated=True, user=user) if stale_after_value: response.set_cookie('stale_after', value=next_stale_after_value(stale_after_value)) return response
def check_digest_auth(user, passwd): """Check user authentication using HTTP Digest auth""" if request.headers.get('Authorization'): credentials = parse_authorization_header(request.headers.get('Authorization')) if not credentials: return request_uri = request.script_root + request.path if request.query_string: request_uri += '?' + request.query_string response_hash = response(credentials, passwd, dict(uri=request_uri, body=request.data, method=request.method)) if credentials.get('response') == response_hash: return True return False
def check_auth(self, environ, *args, **kwargs): LOCKS_AUTH = os.environ.get('LOCKS_AUTH', '') if ':' in LOCKS_AUTH: allowed = False auth = parse_authorization_header(environ.get('HTTP_AUTHORIZATION')) username, password = LOCKS_AUTH.split(':', 1) if auth and auth.username == username and auth.password == password: allowed = True else: allowed = True if allowed: return func(self, environ, *args, **kwargs) else: raise UpstreamException(401, '', 'not-authorized')
def basic_auth_mock(self, request, **values): example = { "name": "Wow! You got in a restricted area with security level 1 (Basic auth)", "status": 200, "requested_at": str(datetime.datetime.now()), "body": json.dumps(request.form) } if 'Authorization' in request.headers: auth = parse_authorization_header(request.headers['Authorization']) try: if auth['username'] == 'dev' and auth['password'] == 'example': return Response(json.dumps(example)) except KeyError: pass raise Unauthorized
def digest_auth(qop=None, user='******', passwd='passwd', algorithm='MD5', stale_after='never'): """Prompts the user for authorization using HTTP Digest auth""" if algorithm not in ('MD5', 'SHA-256'): algorithm = 'MD5' if qop not in ('auth', 'auth-int'): qop = None if 'Authorization' not in request.headers or \ 'Cookie' not in request.headers: response = digest_challenge_response(app, qop, algorithm) response.set_cookie('stale_after', value=stale_after) return response credentails = parse_authorization_header(request.headers.get('Authorization')) if not credentails : response = digest_challenge_response(app, qop, algorithm) response.set_cookie('stale_after', value=stale_after) return response current_nonce = credentails.get('nonce') stale_after_value = None if 'stale_after' in request.cookies : stale_after_value = request.cookies.get('stale_after') if 'last_nonce' in request.cookies and current_nonce == request.cookies.get('last_nonce') or \ stale_after_value == '0' : response = digest_challenge_response(app, qop, algorithm, True) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) return response if not check_digest_auth(user, passwd) : response = digest_challenge_response(app, qop, algorithm, False) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) return response response = jsonify(authenticated=True, user=user) if stale_after_value : response.set_cookie('stale_after', value=next_stale_after_value(stale_after_value)) return response
def test_authorization_header(self): a = http.parse_authorization_header('Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==') assert a.type == 'basic' assert a.username == 'Aladdin' assert a.password == 'open sesame' a = http.parse_authorization_header('''Digest username="******", realm="*****@*****.**", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41"''') assert a.type == 'digest' assert a.username == 'Mufasa' assert a.realm == '*****@*****.**' assert a.nonce == 'dcd98b7102dd2f0e8b11d0f600bfb0c093' assert a.uri == '/dir/index.html' assert 'auth' in a.qop assert a.nc == '00000001' assert a.cnonce == '0a4f113b' assert a.response == '6629fae49393a05397450978507c4ef1' assert a.opaque == '5ccc069c403ebaf9f0171e9517f40e41' a = http.parse_authorization_header('''Digest username="******", realm="*****@*****.**", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", response="e257afa1414a3340d93d30955171dd0e", opaque="5ccc069c403ebaf9f0171e9517f40e41"''') assert a.type == 'digest' assert a.username == 'Mufasa' assert a.realm == '*****@*****.**' assert a.nonce == 'dcd98b7102dd2f0e8b11d0f600bfb0c093' assert a.uri == '/dir/index.html' assert a.response == 'e257afa1414a3340d93d30955171dd0e' assert a.opaque == '5ccc069c403ebaf9f0171e9517f40e41' assert http.parse_authorization_header('') is None assert http.parse_authorization_header(None) is None assert http.parse_authorization_header('foo') is None
def test_authorization_to_header(value: str) -> None: assert http.parse_authorization_header(value).to_header() == value
def digest_auth(qop=None, user='******', passwd='passwd', algorithm='MD5', stale_after='never'): """"Prompts the user for authorization using Digest Auth + Algorithm. allow settings the stale_after argument. --- tags: - Auth parameters: - in: path name: qop type: string description: auth or auth-int - in: path name: user type: string - in: path name: passwd type: string - in: path name: algorithm type: string description: MD5, SHA-256, SHA-512 default: MD5 - in: path name: stale_after type: string default: never produces: - application/json responses: 200: description: Sucessful authentication. 401: description: Unsuccessful authentication. """ require_cookie_handling = (request.args.get('require-cookie', '').lower() in ('1', 't', 'true')) if algorithm not in ('MD5', 'SHA-256', 'SHA-512'): algorithm = 'MD5' if qop not in ('auth', 'auth-int'): qop = None authorization = request.headers.get('Authorization') credentials = None if authorization: credentials = parse_authorization_header(authorization) if (not authorization or not credentials or credentials.type.lower() != 'digest' or (require_cookie_handling and 'Cookie' not in request.headers)): response = digest_challenge_response(app, qop, algorithm) response.set_cookie('stale_after', value=stale_after) response.set_cookie('fake', value='fake_value') return response if (require_cookie_handling and request.cookies.get('fake') != 'fake_value'): response = jsonify({'errors': ['missing cookie set on challenge']}) response.set_cookie('fake', value='fake_value') response.status_code = 403 return response current_nonce = credentials.get('nonce') stale_after_value = None if 'stale_after' in request.cookies: stale_after_value = request.cookies.get('stale_after') if ('last_nonce' in request.cookies and current_nonce == request.cookies.get('last_nonce') or stale_after_value == '0'): response = digest_challenge_response(app, qop, algorithm, True) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) response.set_cookie('fake', value='fake_value') return response if not check_digest_auth(user, passwd): response = digest_challenge_response(app, qop, algorithm, False) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) response.set_cookie('fake', value='fake_value') return response response = jsonify(authenticated=True, user=user) response.set_cookie('fake', value='fake_value') if stale_after_value: response.set_cookie('stale_after', value=next_stale_after_value(stale_after_value)) return response
def test_register_report(client, github_auth_header): responses.add(responses.GET, 'https://api.github.com/user', status=200, json={'login': '******'}) responses.add(responses.GET, 'https://api.github.com/user/orgs', status=200, json=[{ 'login': '******' }]) responses.add(responses.GET, 'https://keeper.lsst.codes/token', status=200, json={'token': 'ltdtoken'}) # Initial product registration responses.add( responses.POST, 'https://keeper.lsst.codes/products/', status=201, json={}, headers={'Location': 'https://keeper.lsst.codes/products/testr-000'}) # Getting info about the product resource responses.add(responses.GET, 'https://keeper.lsst.codes/products/testr-000', status=200, json={ 'slug': 'testr-000', 'published_url': 'https://testr-000.lsst.io', 'self_url': 'https://keeper.lsst.codes/products/testr-000' }) with client: headers = dict(github_auth_header) headers['Content-Type'] = 'application/json' response = client.post('/nbreport/reports/', headers=headers, data=json.dumps({ 'handle': 'TESTR-000', 'title': 'Demo report', 'git_repo': 'https://github.com/lsst-sqre/nbreport' })) assert response.status_code == 201 response_data = json.loads(response.data.decode('utf-8')) assert g.ltd_user == current_app.config['KEEPER_USERNAME'] assert g.ltd_token == 'ltdtoken' assert response_data['product'] == 'testr-000' # Test the call to POST keeper.lsst.codes/products/ post_products_request_data = json.loads( responses.calls[3].request.body.decode('utf-8')) assert post_products_request_data['slug'] == 'testr-000' assert post_products_request_data['title'] == 'Demo report' assert post_products_request_data['main_mode'] == 'manual' # Test authorization header auth = parse_authorization_header( responses.calls[3].request.headers['Authorization']) assert auth is not None assert auth.username == 'ltdtoken' assert auth.password == '' # Test the call to GET /products/testr-000 assert responses.calls[4].request.url \ == 'https://keeper.lsst.codes/products/testr-000'
def authorization(self) -> Optional[Authorization]: return parse_authorization_header(self.headers.get("Authorization"))
def test_basic_auth(): builder = EnvironBuilder(auth=("username", "password")) request = builder.get_request() auth = parse_authorization_header(request.headers["Authorization"]) assert auth.username == "username" assert auth.password == "password"
def test_bad_authorization_header_encoding(self): """If the base64 encoded bytes can't be decoded as UTF-8""" content = base64.b64encode(b"\xffser:pass").decode() assert http.parse_authorization_header(f"Basic {content}") is None
def digest_auth( qop=None, user="******", passwd="passwd", algorithm="MD5", stale_after="never" ): """Prompts the user for authorization using Digest Auth + Algorithm. allow settings the stale_after argument. --- tags: - Auth parameters: - in: path name: qop type: string description: auth or auth-int - in: path name: user type: string - in: path name: passwd type: string - in: path name: algorithm type: string description: MD5, SHA-256, SHA-512 default: MD5 - in: path name: stale_after type: string default: never produces: - application/json responses: 200: description: Sucessful authentication. 401: description: Unsuccessful authentication. """ require_cookie_handling = request.args.get("require-cookie", "").lower() in ( "1", "t", "true", ) if algorithm not in ("MD5", "SHA-256", "SHA-512"): algorithm = "MD5" if qop not in ("auth", "auth-int"): qop = None authorization = request.headers.get("Authorization") credentials = None if authorization: credentials = parse_authorization_header(authorization) if ( not authorization or not credentials or credentials.type.lower() != "digest" or (require_cookie_handling and "Cookie" not in request.headers) ): response = digest_challenge_response(app, qop, algorithm) response.set_cookie("stale_after", value=stale_after) response.set_cookie("fake", value="fake_value") return response if require_cookie_handling and request.cookies.get("fake") != "fake_value": response = jsonify({"errors": ["missing cookie set on challenge"]}) response.set_cookie("fake", value="fake_value") response.status_code = 403 return response current_nonce = credentials.get("nonce") stale_after_value = None if "stale_after" in request.cookies: stale_after_value = request.cookies.get("stale_after") if ( "last_nonce" in request.cookies and current_nonce == request.cookies.get("last_nonce") or stale_after_value == "0" ): response = digest_challenge_response(app, qop, algorithm, True) response.set_cookie("stale_after", value=stale_after) response.set_cookie("last_nonce", value=current_nonce) response.set_cookie("fake", value="fake_value") return response if not check_digest_auth(user, passwd): response = digest_challenge_response(app, qop, algorithm, False) response.set_cookie("stale_after", value=stale_after) response.set_cookie("last_nonce", value=current_nonce) response.set_cookie("fake", value="fake_value") return response response = jsonify(authenticated=True, user=user) response.set_cookie("fake", value="fake_value") if stale_after_value: response.set_cookie( "stale_after", value=next_stale_after_value(stale_after_value) ) return response
def basicAuthSession(request): result = parse_authorization_header(request.headers.get('authorization')) return result.password
def authorization(self): """The `Authorization` object in parsed form.""" header = self.headers.get('Authorization', '') return parse_authorization_header(header)
def digest_auth(qop=None, user='******', passwd='passwd', algorithm='MD5', stale_after='never'): """"Prompts the user for authorization using Digest Auth + Algorithm. allow settings the stale_after argument. --- tags: - Auth parameters: - in: path name: qop type: string description: auth or auth-int - in: path name: user type: string - in: path name: passwd type: string - in: path name: algorithm type: string description: MD5, SHA-256, SHA-512 default: MD5 - in: path name: stale_after type: string default: never produces: - application/json responses: 200: description: Sucessful authentication. 401: description: Unsuccessful authentication. """ require_cookie_handling = (request.args.get('require-cookie', '').lower() in ('1', 't', 'true')) if algorithm not in ('MD5', 'SHA-256', 'SHA-512'): algorithm = 'MD5' if qop not in ('auth', 'auth-int'): qop = None authorization = request.headers.get('Authorization') credentials = None if authorization: credentials = parse_authorization_header(authorization) if (not authorization or not credentials or credentials.type.lower() != 'digest' or (require_cookie_handling and 'Cookie' not in request.headers)): response = digest_challenge_response(app, qop, algorithm) response.set_cookie('stale_after', value=stale_after) response.set_cookie('fake', value='fake_value') return response if (require_cookie_handling and request.cookies.get('fake') != 'fake_value'): response = jsonify({'errors': ['missing cookie set on challenge']}) response.set_cookie('fake', value='fake_value') response.status_code = 403 return response current_nonce = credentials.get('nonce') stale_after_value = None if 'stale_after' in request.cookies: stale_after_value = request.cookies.get('stale_after') if ('last_nonce' in request.cookies and current_nonce == request.cookies.get('last_nonce') or stale_after_value == '0'): response = digest_challenge_response(app, qop, algorithm, True) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) response.set_cookie('fake', value='fake_value') return response if not check_digest_auth(user, passwd): response = digest_challenge_response(app, qop, algorithm, False) response.set_cookie('stale_after', value=stale_after) response.set_cookie('last_nonce', value=current_nonce) response.set_cookie('fake', value='fake_value') return response response = jsonify(authenticated=True, user=user) response.set_cookie('fake', value='fake_value') if stale_after_value : response.set_cookie('stale_after', value=next_stale_after_value(stale_after_value)) return response
def authorization(self): """The `Authorization` object in parsed form.""" header = self.environ.get('HTTP_AUTHORIZATION') return parse_authorization_header(header)
def authorization_header_value_matcher(actual: Optional[str], expected: str) -> bool: return parse_authorization_header( actual) == parse_authorization_header(expected)
def test_reserve_instance(client, github_auth_header): responses.add( responses.GET, 'https://api.github.com/user', status=200, json={ 'login': '******' } ) responses.add( responses.GET, 'https://api.github.com/user/orgs', status=200, json=[ { 'login': '******' } ] ) responses.add( responses.GET, 'https://keeper.lsst.codes/token', status=200, json={'token': 'ltdtoken'} ) # Initial reservation of the edition with LTD Keeper responses.add( responses.POST, 'https://keeper.lsst.codes/products/testr-000/editions/', status=201, json={}, headers={'Location': 'https://keeper.lsst.codes/editions/1'} ) # Request to obtain the full edition resource responses.add( responses.GET, 'https://keeper.lsst.codes/editions/1', status=200, json={ 'slug': '1', 'published_url': 'https://testr-000.lsst.io/v/1', 'self_url': 'https://keeper.lsst.codes/editions/1'}, headers={'Location': 'https://keeper.lsst.codes/editions/1'} ) with client: headers = dict(github_auth_header) headers['Content-Type'] = 'application/json' response = client.post( '/nbreport/reports/testr-000/instances/', headers=headers, ) assert response.status_code == 201 response_data = json.loads(response.data.decode('utf-8')) assert response_data['instance_id'] == '1' # Test the POST /products/<slug>/editions/ request post_editions_request_data = json.loads( responses.calls[3].request.body.decode('utf-8')) assert post_editions_request_data['autoincrement'] is True assert post_editions_request_data['mode'] == 'manual' # Test authorization header auth = parse_authorization_header( responses.calls[3].request.headers['Authorization']) assert auth is not None assert auth.username == 'ltdtoken' assert auth.password == ''
def test_authorization_to_header(value: str) -> None: parsed = http.parse_authorization_header(value) assert parsed is not None assert parsed.to_header() == value
def authorization(self): header = self.environ.get('HTTP_AUTHORIZATION') return parse_authorization_header(header)