OPSI.web2.test.test_httpauth module

class OPSI.web2.test.test_httpauth.BasicAuthTestCase(methodName='runTest')

Bases: twisted.trial._asynctest.TestCase

setUp()

testIncorrectPadding()

testIncorrectPassword()

testInvalidCredentials()

testUsernamePassword()

class OPSI.web2.test.test_httpauth.DigestAuthTestCase(methodName='runTest')

Bases: twisted.trial._asynctest.TestCase

Test the behavior of DigestCredentialFactory

getDigestResponse(challenge, ncount)

Calculate the response for the given challenge

setUp()

Create a DigestCredentialFactory for testing

test_checkHash()

Check that given a hash of the form ‘username:realm:password’ we can verify the digest challenge

test_failsWithDifferentMethod()

Test that the response fails if made for a different request method than it is being issued for.

test_getChallenge()

Test that all the required fields exist in the challenge, and that the information matches what we put into our DigestCredentialFactory

test_incompatibleCalcHA1Options()

Test that the appropriate error is raised when any of the pszUsername, pszRealm, or pszPassword arguments are specified with the preHA1 keyword argument.

test_incompatibleClientIp()

Test that the login fails when the request comes from a client ip other than what is encoded in the opaque.

test_incompatibleNonce()

Test that login fails when the given nonce from the response, does not match the nonce encoded in the opaque.

test_invalidOpaque()

Test that login fails when the opaque does not contain all the required parts.

test_mismatchedOpaqueChecksum()

Test that login fails when the opaque checksum fails verification

test_multiResponse()

Test that multiple responses to to a single challenge are handled successfully.

test_noNonce()

Test that login fails when our response does not contain a nonce

test_noOpaque()

Test that login fails when our response does not contain a nonce

test_noUsername()

Test that login fails when our response does not contain a username, or the username field is empty.

test_oldNonce()

Test that the login fails when the given opaque is older than DigestCredentialFactory.CHALLENGE_LIFETIME_SECS

test_response()

Test that we can decode a valid response to our challenge

class OPSI.web2.test.test_httpauth.FakeDigestCredentialFactory(*args, **kwargs)

Bases: OPSI.web2.auth.digest.DigestCredentialFactory

A Fake Digest Credential Factory that generates a predictable nonce and opaque

generateNonce()

Generate a static nonce

class OPSI.web2.test.test_httpauth.HTTPAuthResourceTest(methodName='runTest')

Bases: OPSI.web2.test.test_server.BaseCase

Tests for the HTTPAuthWrapper Resource

setUp()

Create a portal and add an in memory checker to it.

Then set up a protectedResource that will be wrapped in each test.

tearDown()

Clean up by getting rid of the portal, credentialFactory, and protected resource

test_allowedMethods()

Test that unknown methods result in a 401 instead of a 405 when authentication hasn’t been completed.

test_anonymousAuthentication()

If our portal has a credentials checker for IAnonymous credentials authentication succeeds if no Authorization header is present

test_authenticatedRequest()

Test that after successful authentication the request provides IAuthenticatedRequest and that the request.avatar implements the proper interfaces for this realm and has the proper values for this request.

test_authorizationAgainstMultipleSchemes()

Test that we can successfully authenticate when presented with multiple WWW-Authenticate headers

test_badCredentials()

Test that a request with bad credentials results in a valid Unauthorized response

test_forceAuthentication()

Test that if an HTTPError with an Unauthorized status code is raised from within our protected resource, we add the WWW-Authenticate headers if they do not already exist.

test_invalidCredentials()

Malformed or otherwise invalid credentials (as determined by the credential factory) should result in an Unauthorized response

test_multipleWWWAuthenticateSchemes()

Test that our unauthorized response can contain challenges for multiple authentication schemes.

test_renderHTTP()

Test that if the renderHTTP method is ever called we authenticate the request and delegate rendering to the wrapper.

test_responseFilterDoesntClobberHeaders()

Test that if an UNAUTHORIZED response is returned and already has ‘WWW-Authenticate’ headers we don’t add them.

test_successfulLogin()

Test that a request with good credentials results in the appropriate response from the protected resource

test_unauthorizedResponse()

Test that a request with no credentials results in a valid Unauthorized response.

test_wrappedResourceGetsFullSegments()

Test that the wrapped resource gets all the URL segments in it’s locateChild.

test_wrongScheme()

Test that a request with credentials for a scheme that is not advertised by this resource results in the appropriate unauthorized response.

class OPSI.web2.test.test_httpauth.NonAnonymousResource(children=[])

Bases: OPSI.web2.test.test_server.BaseTestResource

A resource that forces authentication by raising an HTTPError with an UNAUTHORIZED code if the request is an anonymous one.

addSlash = True

render(req)

sendOwnHeaders = False

class OPSI.web2.test.test_httpauth.ProtectedResource(children=[])

Bases: OPSI.web2.test.test_server.BaseTestResource

A test resource for use with HTTPAuthWrapper that holds on to it’s request and segments so we can assert things about them.

addSlash = True

locateChild(req, segments)

render(req)

request = None

segments = None

class OPSI.web2.test.test_httpauth.TestAuthRealm

Bases: object

Test realm that supports the IHTTPUser interface

requestAvatar(avatarId, mind, *interfaces)

class OPSI.web2.test.test_httpauth.TestHTTPUser(username)

Bases: object

Test avatar implementation for http auth with cred

username = None