Changeset 1891
- Timestamp:
- 02/18/08 12:51:51
- Files:
-
- trunk/cherrypy/lib/auth.py (modified) (3 diffs)
- trunk/cherrypy/lib/httpauth.py (modified) (2 diffs)
- trunk/cherrypy/test/test_httpauth.py (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/cherrypy/lib/auth.py
r1682 r1891 3 3 4 4 5 def check_auth(users, encrypt=None ):5 def check_auth(users, encrypt=None, realm=None): 6 6 """If an authorization header contains credentials, return True, else False.""" 7 7 if 'authorization' in cherrypy.request.headers: … … 37 37 # and compare it with what the user-agent provided 38 38 if httpauth.checkResponse(ah, password, method=cherrypy.request.method, 39 encrypt=encrypt ):39 encrypt=encrypt, realm=realm): 40 40 cherrypy.request.login = ah["username"] 41 41 return True … … 66 66 users: a dict of the form: {username: password} or a callable returning a dict. 67 67 """ 68 if check_auth(users ):68 if check_auth(users, realm=realm): 69 69 return 70 70 trunk/cherrypy/lib/httpauth.py
r1890 r1891 308 308 raw data you are going to send to the client (usually the 309 309 HTML page. 310 """ 310 request_uri - the uri from the request line compared with the 'uri' 311 directive of the authorization map. They must represent 312 the same resource (unused at this time). 313 """ 314 315 if auth_map['realm'] != kwargs.get('realm', None): 316 return False 311 317 312 318 response = _computeDigestResponse(auth_map, password, method, A1,**kwargs) … … 315 321 316 322 def _checkBasicResponse (auth_map, password, method='GET', encrypt=None, **kwargs): 323 # Note that the Basic response doesn't provide the realm value so we cannot 324 # test it 317 325 try: 318 326 return encrypt(auth_map["password"], auth_map["username"]) == password trunk/cherrypy/test/test_httpauth.py
r1787 r1891 130 130 self._handlewebError(bad_value_msg % ('qop', '"auth"', tokens['qop'])) 131 131 132 # now let's see if what 132 # Test a wrong 'realm' value 133 base_auth = 'Digest username="test", realm="wrong realm", nonce="%s", uri="/digest/", algorithm=MD5, response="%s", qop=auth, nc=%s, cnonce="1522e61005789929"' 134 135 auth = base_auth % (nonce, '', '00000001') 136 params = httpauth.parseAuthorization(auth) 137 response = httpauth._computeDigestResponse(params, 'test') 138 139 auth = base_auth % (nonce, response, '00000001') 140 self.getPage('/digest/', [('Authorization', auth)]) 141 self.assertStatus('401 Unauthorized') 142 143 # Test that must pass 133 144 base_auth = 'Digest username="test", realm="localhost", nonce="%s", uri="/digest/", algorithm=MD5, response="%s", qop=auth, nc=%s, cnonce="1522e61005789929"' 134 145 135 146 auth = base_auth % (nonce, '', '00000001') 136 137 147 params = httpauth.parseAuthorization(auth) 138 148 response = httpauth._computeDigestResponse(params, 'test')
