def test_no_content_length_or_transfer_encoding_headers_002(self):
request = mock.Mock()
request.headers = {}
value_if_not_found = "bindle"
self.assertEqual(
trhutil.get_request_body_if_exists(request, value_if_not_found),
value_if_not_found)
def test_all_good_001(self):
request = mock.Mock()
request.headers = {"Content-Length": 10}
request.body = "dave was here"
self.assertEqual(
trhutil.get_request_body_if_exists(request),
request.body)
def test_all_good_002(self):
request = mock.Mock()
request.headers = {"Transfer-Encoding": 10}
request.body = "dave was here"
self.assertEqual(
trhutil.get_request_body_if_exists(request),
request.body)
def test_content_length_in_headers_but_no_body_002(self):
request = mock.Mock()
request.headers = {"Content-Length": 10}
request.body = None
value_if_not_found = "bindle"
self.assertEqual(
trhutil.get_request_body_if_exists(request, value_if_not_found),
value_if_not_found)
def test_content_length_in_headers_but_no_body_001(self):
request = mock.Mock()
request.headers = {"Content-Length": 10}
request.body = None
self.assertIsNone(trhutil.get_request_body_if_exists(request))
def test_no_content_length_or_transfer_encoding_headers_001(self):
request = mock.Mock()
request.headers = {}
self.assertIsNone(trhutil.get_request_body_if_exists(request))
def _on_async_mac_creds_retriever_done(
self,
is_ok,
mac_key_identifier,
mac_algorithm=None,
mac_key=None,
principal=None):
if not is_ok:
_logger.info(
"No MAC credentials found for '%s'",
self._request.full_url())
self._on_auth_done(False, AUTH_FAILURE_DETAIL_CREDS_NOT_FOUND)
return
(host, port) = get_request_host_and_port(
self._request,
"127.0.0.1",
80)
content_type = self._request.headers.get("Content-type", None)
body = get_request_body_if_exists(self._request, None)
ext = mac.Ext.generate(content_type, body)
normalized_request_string = mac.NormalizedRequestString.generate(
self._auth_hdr_val.ts,
self._auth_hdr_val.nonce,
self._request.method,
self._request.uri,
host,
port,
ext)
macs_equal = self._auth_hdr_val.mac.verify(
mac_key,
mac_algorithm,
normalized_request_string)
if not macs_equal:
fmt = (
"For '%s' using MAC key identifier '%s' "
"MAC in request '%s' doesn't match computed MAC"
)
_logger.info(
fmt,
self._request.full_url(),
mac_key_identifier,
self._auth_hdr_val.mac)
# When an authentication failure occurs it can be super hard
# to figure out the root cause of the error. This method is called
# on authentication failure and, if logging is set to at least
# debug, a whole series of HTTP headers are set to return the
# core elements that are used to generate the MAC.
auth_failure_debug_details = {}
if body:
sha1_of_body = hashlib.sha1(body).hexdigest()
auth_failure_debug_details["BODY-SHA1"] = sha1_of_body
auth_failure_debug_details["BODY-LEN"] = len(body)
auth_failure_debug_details["MAC-KEY-IDENTIFIER"] = mac_key_identifier
auth_failure_debug_details["MAC-KEY"] = mac_key
auth_failure_debug_details["MAC-ALGORITHM"] = mac_algorithm
auth_failure_debug_details["HOST"] = host
auth_failure_debug_details["PORT"] = port
auth_failure_debug_details["CONTENT-TYPE"] = content_type
auth_failure_debug_details["REQUEST-METHOD"] = self._request.method
auth_failure_debug_details["URI"] = self._request.uri
auth_failure_debug_details["TIMESTAMP"] = self._auth_hdr_val.ts
auth_failure_debug_details["NONCE"] = self._auth_hdr_val.nonce
auth_failure_debug_details["EXT"] = ext
auth_failure_debug_details["MAC"] = mac.MAC.generate(
mac_key,
mac_algorithm,
normalized_request_string)
sha1_of_nrs = hashlib.sha1(normalized_request_string).hexdigest()
auth_failure_debug_details["NRS-SHA1"] = sha1_of_nrs
# end of pumping out debug headers - returning to regular headers
self._on_auth_done(
False,
auth_failure_detail=AUTH_FAILURE_DETAIL_MACS_DO_NOT_MATCH,
auth_failure_debug_details=auth_failure_debug_details)
return
_logger.info(
"Authorization successful for '%s' and MAC '%s'",
self._request.full_url(),
self._auth_hdr_val.mac)
self._on_auth_done(True, principal=principal)
