OPSI.web2.test.test_httpauth module¶
-
class
OPSI.web2.test.test_httpauth.
BasicAuthTestCase
(methodName='runTest')¶ Bases:
twisted.trial._asynctest.TestCase
-
setUp
()¶
-
testIncorrectPadding
()¶
-
testIncorrectPassword
()¶
-
testInvalidCredentials
()¶
-
testUsernamePassword
()¶
-
-
class
OPSI.web2.test.test_httpauth.
DigestAuthTestCase
(methodName='runTest')¶ Bases:
twisted.trial._asynctest.TestCase
Test the behavior of DigestCredentialFactory
-
getDigestResponse
(challenge, ncount)¶ Calculate the response for the given challenge
-
setUp
()¶ Create a DigestCredentialFactory for testing
-
test_checkHash
()¶ Check that given a hash of the form ‘username:realm:password’ we can verify the digest challenge
-
test_failsWithDifferentMethod
()¶ Test that the response fails if made for a different request method than it is being issued for.
-
test_getChallenge
()¶ Test that all the required fields exist in the challenge, and that the information matches what we put into our DigestCredentialFactory
-
test_incompatibleCalcHA1Options
()¶ Test that the appropriate error is raised when any of the pszUsername, pszRealm, or pszPassword arguments are specified with the preHA1 keyword argument.
-
test_incompatibleClientIp
()¶ Test that the login fails when the request comes from a client ip other than what is encoded in the opaque.
-
test_incompatibleNonce
()¶ Test that login fails when the given nonce from the response, does not match the nonce encoded in the opaque.
-
test_invalidOpaque
()¶ Test that login fails when the opaque does not contain all the required parts.
-
test_mismatchedOpaqueChecksum
()¶ Test that login fails when the opaque checksum fails verification
-
test_multiResponse
()¶ Test that multiple responses to to a single challenge are handled successfully.
-
test_noNonce
()¶ Test that login fails when our response does not contain a nonce
-
test_noOpaque
()¶ Test that login fails when our response does not contain a nonce
-
test_noUsername
()¶ Test that login fails when our response does not contain a username, or the username field is empty.
-
test_oldNonce
()¶ Test that the login fails when the given opaque is older than DigestCredentialFactory.CHALLENGE_LIFETIME_SECS
-
test_response
()¶ Test that we can decode a valid response to our challenge
-
-
class
OPSI.web2.test.test_httpauth.
FakeDigestCredentialFactory
(*args, **kwargs)¶ Bases:
OPSI.web2.auth.digest.DigestCredentialFactory
A Fake Digest Credential Factory that generates a predictable nonce and opaque
-
generateNonce
()¶ Generate a static nonce
-
-
class
OPSI.web2.test.test_httpauth.
HTTPAuthResourceTest
(methodName='runTest')¶ Bases:
OPSI.web2.test.test_server.BaseCase
Tests for the HTTPAuthWrapper Resource
-
setUp
()¶ Create a portal and add an in memory checker to it.
Then set up a protectedResource that will be wrapped in each test.
-
tearDown
()¶ Clean up by getting rid of the portal, credentialFactory, and protected resource
-
test_allowedMethods
()¶ Test that unknown methods result in a 401 instead of a 405 when authentication hasn’t been completed.
-
test_anonymousAuthentication
()¶ If our portal has a credentials checker for IAnonymous credentials authentication succeeds if no Authorization header is present
-
test_authenticatedRequest
()¶ Test that after successful authentication the request provides IAuthenticatedRequest and that the request.avatar implements the proper interfaces for this realm and has the proper values for this request.
Test that we can successfully authenticate when presented with multiple WWW-Authenticate headers
-
test_badCredentials
()¶ Test that a request with bad credentials results in a valid Unauthorized response
-
test_forceAuthentication
()¶ Test that if an HTTPError with an Unauthorized status code is raised from within our protected resource, we add the WWW-Authenticate headers if they do not already exist.
-
test_invalidCredentials
()¶ Malformed or otherwise invalid credentials (as determined by the credential factory) should result in an Unauthorized response
-
test_multipleWWWAuthenticateSchemes
()¶ Test that our unauthorized response can contain challenges for multiple authentication schemes.
-
test_renderHTTP
()¶ Test that if the renderHTTP method is ever called we authenticate the request and delegate rendering to the wrapper.
-
test_responseFilterDoesntClobberHeaders
()¶ Test that if an UNAUTHORIZED response is returned and already has ‘WWW-Authenticate’ headers we don’t add them.
-
test_successfulLogin
()¶ Test that a request with good credentials results in the appropriate response from the protected resource
Test that a request with no credentials results in a valid Unauthorized response.
-
test_wrappedResourceGetsFullSegments
()¶ Test that the wrapped resource gets all the URL segments in it’s locateChild.
-
test_wrongScheme
()¶ Test that a request with credentials for a scheme that is not advertised by this resource results in the appropriate unauthorized response.
-
-
class
OPSI.web2.test.test_httpauth.
NonAnonymousResource
(children=[])¶ Bases:
OPSI.web2.test.test_server.BaseTestResource
A resource that forces authentication by raising an HTTPError with an UNAUTHORIZED code if the request is an anonymous one.
-
addSlash
= True¶
-
render
(req)¶
-
sendOwnHeaders
= False¶
-
-
class
OPSI.web2.test.test_httpauth.
ProtectedResource
(children=[])¶ Bases:
OPSI.web2.test.test_server.BaseTestResource
A test resource for use with HTTPAuthWrapper that holds on to it’s request and segments so we can assert things about them.
-
addSlash
= True¶
-
locateChild
(req, segments)¶
-
render
(req)¶
-
request
= None¶
-
segments
= None¶
-