Changeset Navigation

Changeset 1892

Timestamp:

02/18/08 12:54:21

Author:

lawouach

Message:

Fix for #787 only for digest though as basic responses don't provide the realm

Files:

r1681	r1892
3	3
4	4
5		def check_auth(users, encrypt=None):
	5	def check_auth(users, encrypt=None, realm=None):
6	6	"""If an authorization header contains credentials, return True, else False."""
7	7	if 'authorization' in cherrypy.request.headers:
…	…
37	37	# and compare it with what the user-agent provided
38	38	if httpauth.checkResponse(ah, password, method=cherrypy.request.method,
39		encrypt=encrypt):
	39	encrypt=encrypt, realm=realm):
40	40	cherrypy.request.login = ah["username"]
41	41	return True
…	…
66	66	users: a dict of the form: {username: password} or a callable returning a dict.
67	67	"""
68		if check_auth(users):
	68	if check_auth(users, realm=realm):
69	69	return
70	70

r1889	r1892
310	310	"""
311	311
	312	if auth_map['realm'] != kwargs.get('realm', None):
	313	return False
	314
312	315	response = _computeDigestResponse(auth_map, password, method, A1,**kwargs)
313	316

r1681	r1892
129	129	self._handlewebError(bad_value_msg % ('qop', '"auth"', tokens['qop']))
130	130
131		# now let's see if what
	131	# Test a wrong 'realm' value
	132	base_auth = 'Digest username="test", realm="wrong realm", nonce="%s", uri="/digest/", algorithm=MD5, response="%s", qop=auth, nc=%s, cnonce="1522e61005789929"'
	133
	134	auth = base_auth % (nonce, '', '00000001')
	135	params = httpauth.parseAuthorization(auth)
	136	response = httpauth._computeDigestResponse(params, 'test')
	137
	138	auth = base_auth % (nonce, response, '00000001')
	139	self.getPage('/digest/', [('Authorization', auth)])
	140	self.assertStatus('401 Unauthorized')
	141
	142	# Test that must pass
132	143	base_auth = 'Digest username="test", realm="localhost", nonce="%s", uri="/digest/", algorithm=MD5, response="%s", qop=auth, nc=%s, cnonce="1522e61005789929"'
133	144