~bzr-pqm/bzr/bzr.dev

2052.3.2 by John Arbash Meinel
Change Copyright .. by Canonical to Copyright ... Canonical
1
# Copyright (C) 2005 Canonical Ltd
1887.1.1 by Adeodato Simó
Do not separate paragraphs in the copyright statement with blank lines,
2
#
1185.1.18 by Robert Collins
Lalo Martins remotebranch patch
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
1887.1.1 by Adeodato Simó
Do not separate paragraphs in the copyright statement with blank lines,
7
#
1185.1.18 by Robert Collins
Lalo Martins remotebranch patch
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11
# GNU General Public License for more details.
1887.1.1 by Adeodato Simó
Do not separate paragraphs in the copyright statement with blank lines,
12
#
1185.1.18 by Robert Collins
Lalo Martins remotebranch patch
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
16
2004.1.28 by v.ladeuil+lp at free
Merge bzr.dev. Including http modifications by "smart" related code
17
from cStringIO import StringIO
2004.1.25 by v.ladeuil+lp at free
Shuffle http related test code. Hopefully it ends up at the right place :)
18
import errno
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
19
import md5
2004.1.29 by v.ladeuil+lp at free
New tests for http range requests handling.
20
from SimpleHTTPServer import SimpleHTTPRequestHandler
2164.2.29 by Vincent Ladeuil
Test the http redirection at the request level even if it's not
21
import re
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
22
import sha
2004.1.25 by v.ladeuil+lp at free
Shuffle http related test code. Hopefully it ends up at the right place :)
23
import socket
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
24
import time
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
25
import urllib2
2213.1.1 by v.ladeuil+lp at free
Workaround SimpleHTTPRequestHandler.translate_path limitation in
26
import urlparse
1530.1.14 by Robert Collins
Remove duplicate web server from HTTPTestUtil.
27
2018.5.150 by Andrew Bennetts
Tidy imports in HTTPTestUtil.py
28
from bzrlib.smart import protocol
1534.4.50 by Robert Collins
Got the bzrdir api straightened out, plenty of refactoring to use it pending, but the api is up and running.
29
from bzrlib.tests import TestCaseWithTransport
2004.1.25 by v.ladeuil+lp at free
Shuffle http related test code. Hopefully it ends up at the right place :)
30
from bzrlib.tests.HttpServer import (
31
    HttpServer,
32
    TestingHTTPRequestHandler,
33
    )
2004.1.28 by v.ladeuil+lp at free
Merge bzr.dev. Including http modifications by "smart" related code
34
from bzrlib.transport import (
35
    get_transport,
36
    )
2004.1.25 by v.ladeuil+lp at free
Shuffle http related test code. Hopefully it ends up at the right place :)
37
38
39
class WallRequestHandler(TestingHTTPRequestHandler):
40
    """Whatever request comes in, close the connection"""
41
42
    def handle_one_request(self):
43
        """Handle a single HTTP request, by abruptly closing the connection"""
44
        self.close_connection = 1
45
46
47
class BadStatusRequestHandler(TestingHTTPRequestHandler):
48
    """Whatever request comes in, returns a bad status"""
49
50
    def parse_request(self):
51
        """Fakes handling a single HTTP request, returns a bad status"""
52
        ignored = TestingHTTPRequestHandler.parse_request(self)
53
        try:
54
            self.send_response(0, "Bad status")
55
            self.end_headers()
56
        except socket.error, e:
2158.2.1 by v.ladeuil+lp at free
Windows tests cleanup.
57
            # We don't want to pollute the test results with
58
            # spurious server errors while test succeed. In our
2188.1.1 by Aaron Bentley
Windows tests cleanup. (Vincent Ladeuil)
59
            # case, it may occur that the test has already read
2158.2.1 by v.ladeuil+lp at free
Windows tests cleanup.
60
            # the 'Bad Status' and closed the socket while we are
61
            # still trying to send some headers... So the test is
2188.1.1 by Aaron Bentley
Windows tests cleanup. (Vincent Ladeuil)
62
            # ok, but if we raise the exception, the output is
2158.2.1 by v.ladeuil+lp at free
Windows tests cleanup.
63
            # dirty. So we don't raise, but we close the
64
            # connection, just to be safe :)
65
            spurious = [errno.EPIPE,
66
                        errno.ECONNRESET,
67
                        errno.ECONNABORTED,
68
                        ]
69
            if (len(e.args) > 0) and (e.args[0] in spurious):
2004.1.25 by v.ladeuil+lp at free
Shuffle http related test code. Hopefully it ends up at the right place :)
70
                self.close_connection = 1
71
                pass
72
            else:
73
                raise
74
        return False
75
76
77
class InvalidStatusRequestHandler(TestingHTTPRequestHandler):
78
    """Whatever request comes in, returns am invalid status"""
79
80
    def parse_request(self):
81
        """Fakes handling a single HTTP request, returns a bad status"""
82
        ignored = TestingHTTPRequestHandler.parse_request(self)
83
        self.wfile.write("Invalid status line\r\n")
84
        return False
85
86
87
class BadProtocolRequestHandler(TestingHTTPRequestHandler):
88
    """Whatever request comes in, returns a bad protocol version"""
89
90
    def parse_request(self):
91
        """Fakes handling a single HTTP request, returns a bad status"""
92
        ignored = TestingHTTPRequestHandler.parse_request(self)
93
        # Returns an invalid protocol version, but curl just
94
        # ignores it and those cannot be tested.
95
        self.wfile.write("%s %d %s\r\n" % ('HTTP/0.0',
96
                                           404,
97
                                           'Look at my protocol version'))
98
        return False
1534.4.50 by Robert Collins
Got the bzrdir api straightened out, plenty of refactoring to use it pending, but the api is up and running.
99
100
2004.1.27 by v.ladeuil+lp at free
Fix bug #57644 by issuing an explicit error message.
101
class ForbiddenRequestHandler(TestingHTTPRequestHandler):
102
    """Whatever request comes in, returns a 403 code"""
103
104
    def parse_request(self):
105
        """Handle a single HTTP request, by replying we cannot handle it"""
106
        ignored = TestingHTTPRequestHandler.parse_request(self)
107
        self.send_error(403)
108
        return False
109
110
2004.1.28 by v.ladeuil+lp at free
Merge bzr.dev. Including http modifications by "smart" related code
111
class HTTPServerWithSmarts(HttpServer):
112
    """HTTPServerWithSmarts extends the HttpServer with POST methods that will
113
    trigger a smart server to execute with a transport rooted at the rootdir of
114
    the HTTP server.
115
    """
116
117
    def __init__(self):
118
        HttpServer.__init__(self, SmartRequestHandler)
119
120
121
class SmartRequestHandler(TestingHTTPRequestHandler):
122
    """Extend TestingHTTPRequestHandler to support smart client POSTs."""
123
124
    def do_POST(self):
125
        """Hand the request off to a smart server instance."""
126
        self.send_response(200)
127
        self.send_header("Content-type", "application/octet-stream")
2164.2.28 by Vincent Ladeuil
TestingHTTPServer.test_case_server renamed from test_case to avoid confusions.
128
        transport = get_transport(self.server.test_case_server._home_dir)
2004.1.28 by v.ladeuil+lp at free
Merge bzr.dev. Including http modifications by "smart" related code
129
        # TODO: We might like to support streaming responses.  1.0 allows no
130
        # Content-length in this case, so for integrity we should perform our
131
        # own chunking within the stream.
132
        # 1.1 allows chunked responses, and in this case we could chunk using
133
        # the HTTP chunking as this will allow HTTP persistence safely, even if
134
        # we have to stop early due to error, but we would also have to use the
135
        # HTTP trailer facility which may not be widely available.
136
        out_buffer = StringIO()
2018.5.150 by Andrew Bennetts
Tidy imports in HTTPTestUtil.py
137
        smart_protocol_request = protocol.SmartServerRequestProtocolOne(
2004.1.28 by v.ladeuil+lp at free
Merge bzr.dev. Including http modifications by "smart" related code
138
                transport, out_buffer.write)
139
        # if this fails, we should return 400 bad request, but failure is
140
        # failure for now - RBC 20060919
141
        data_length = int(self.headers['Content-Length'])
142
        # Perhaps there should be a SmartServerHTTPMedium that takes care of
143
        # feeding the bytes in the http request to the smart_protocol_request,
144
        # but for now it's simpler to just feed the bytes directly.
145
        smart_protocol_request.accept_bytes(self.rfile.read(data_length))
146
        assert smart_protocol_request.next_read_size() == 0, (
147
            "not finished reading, but all data sent to protocol.")
148
        self.send_header("Content-Length", str(len(out_buffer.getvalue())))
149
        self.end_headers()
150
        self.wfile.write(out_buffer.getvalue())
151
152
2520.2.2 by Vincent Ladeuil
Fix #115209 by issuing a single range request on 400: Bad Request
153
class LimitedRangeRequestHandler(TestingHTTPRequestHandler):
154
    """Errors out when range specifiers exceed the limit"""
155
156
    def get_multiple_ranges(self, file, file_size, ranges):
157
        """Refuses the multiple ranges request"""
158
        tcs = self.server.test_case_server
159
        if tcs.range_limit is not None and len(ranges) > tcs.range_limit:
160
            file.close()
161
            # Emulate apache behavior
162
            self.send_error(400, "Bad Request")
163
            return
164
        return TestingHTTPRequestHandler.get_multiple_ranges(self, file,
165
                                                             file_size, ranges)
166
167
    def do_GET(self):
168
        tcs = self.server.test_case_server
169
        tcs.GET_request_nb += 1
170
        return TestingHTTPRequestHandler.do_GET(self)
171
172
173
class LimitedRangeHTTPServer(HttpServer):
174
    """An HttpServer erroring out on requests with too much range specifiers"""
175
176
    def __init__(self, request_handler=LimitedRangeRequestHandler,
177
                 range_limit=None):
178
        HttpServer.__init__(self, request_handler)
179
        self.range_limit = range_limit
180
        self.GET_request_nb = 0
181
182
2004.1.29 by v.ladeuil+lp at free
New tests for http range requests handling.
183
class SingleRangeRequestHandler(TestingHTTPRequestHandler):
184
    """Always reply to range request as if they were single.
185
186
    Don't be explicit about it, just to annoy the clients.
187
    """
188
189
    def get_multiple_ranges(self, file, file_size, ranges):
190
        """Answer as if it was a single range request and ignores the rest"""
191
        (start, end) = ranges[0]
192
        return self.get_single_range(file, file_size, start, end)
193
194
2481.3.1 by Vincent Ladeuil
Fix bug #112719 by using the right range header.
195
class SingleOnlyRangeRequestHandler(TestingHTTPRequestHandler):
196
    """Only reply to simple range requests, errors out on multiple"""
197
198
    def get_multiple_ranges(self, file, file_size, ranges):
199
        """Refuses the multiple ranges request"""
200
        if len(ranges) > 1:
201
            file.close()
202
            self.send_error(416, "Requested range not satisfiable")
203
            return
204
        (start, end) = ranges[0]
205
        return self.get_single_range(file, file_size, start, end)
206
207
2004.1.29 by v.ladeuil+lp at free
New tests for http range requests handling.
208
class NoRangeRequestHandler(TestingHTTPRequestHandler):
209
    """Ignore range requests without notice"""
210
211
    # Just bypass the range handling done by TestingHTTPRequestHandler
212
    do_GET = SimpleHTTPRequestHandler.do_GET
213
214
1534.4.50 by Robert Collins
Got the bzrdir api straightened out, plenty of refactoring to use it pending, but the api is up and running.
215
class TestCaseWithWebserver(TestCaseWithTransport):
216
    """A support class that provides readonly urls that are http://.
217
2004.3.3 by vila
Better (but still incomplete) design for bogus servers.
218
    This is done by forcing the readonly server to be an http
219
    one. This will currently fail if the primary transport is not
220
    backed by regular disk files.
1185.1.18 by Robert Collins
Lalo Martins remotebranch patch
221
    """
222
    def setUp(self):
1530.1.14 by Robert Collins
Remove duplicate web server from HTTPTestUtil.
223
        super(TestCaseWithWebserver, self).setUp()
2004.1.25 by v.ladeuil+lp at free
Shuffle http related test code. Hopefully it ends up at the right place :)
224
        self.transport_readonly_server = HttpServer
2167.3.5 by v.ladeuil+lp at free
Tests for proxies, covering #74759.
225
226
227
class TestCaseWithTwoWebservers(TestCaseWithWebserver):
2164.2.13 by v.ladeuil+lp at free
Add tests for redirection. Preserve transport decorations.
228
    """A support class providing readonly urls on two servers that are http://.
2167.3.5 by v.ladeuil+lp at free
Tests for proxies, covering #74759.
229
2164.2.25 by Vincent Ladeuil
Fix typos noticed by Aaron.
230
    We set up two webservers to allows various tests involving
2167.3.5 by v.ladeuil+lp at free
Tests for proxies, covering #74759.
231
    proxies or redirections from one server to the other.
232
    """
233
    def setUp(self):
234
        super(TestCaseWithTwoWebservers, self).setUp()
235
        self.transport_secondary_server = HttpServer
236
        self.__secondary_server = None
237
238
    def create_transport_secondary_server(self):
239
        """Create a transport server from class defined at init.
240
241
        This is mostly a hook for daughter classes.
242
        """
243
        return self.transport_secondary_server()
244
245
    def get_secondary_server(self):
246
        """Get the server instance for the secondary transport."""
247
        if self.__secondary_server is None:
248
            self.__secondary_server = self.create_transport_secondary_server()
249
            self.__secondary_server.setUp()
250
            self.addCleanup(self.__secondary_server.tearDown)
251
        return self.__secondary_server
252
253
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
254
class ProxyServer(HttpServer):
255
    """A proxy test server for http transports."""
256
257
    proxy_requests = True
2213.1.1 by v.ladeuil+lp at free
Workaround SimpleHTTPRequestHandler.translate_path limitation in
258
2167.3.5 by v.ladeuil+lp at free
Tests for proxies, covering #74759.
259
2164.2.13 by v.ladeuil+lp at free
Add tests for redirection. Preserve transport decorations.
260
class RedirectRequestHandler(TestingHTTPRequestHandler):
261
    """Redirect all request to the specified server"""
262
263
    def parse_request(self):
264
        """Redirect a single HTTP request to another host"""
265
        valid = TestingHTTPRequestHandler.parse_request(self)
266
        if valid:
2164.2.29 by Vincent Ladeuil
Test the http redirection at the request level even if it's not
267
            tcs = self.server.test_case_server
268
            code, target = tcs.is_redirected(self.path)
269
            if code is not None and target is not None:
270
                # Redirect as instructed
271
                self.send_response(code)
2164.2.16 by Vincent Ladeuil
Add tests.
272
                self.send_header('Location', target)
273
                self.end_headers()
274
                return False # The job is done
2164.2.29 by Vincent Ladeuil
Test the http redirection at the request level even if it's not
275
            else:
276
                # We leave the parent class serve the request
277
                pass
2164.2.13 by v.ladeuil+lp at free
Add tests for redirection. Preserve transport decorations.
278
        return valid
279
280
281
class HTTPServerRedirecting(HttpServer):
282
    """An HttpServer redirecting to another server """
283
2164.2.16 by Vincent Ladeuil
Add tests.
284
    def __init__(self, request_handler=RedirectRequestHandler):
2164.2.13 by v.ladeuil+lp at free
Add tests for redirection. Preserve transport decorations.
285
        HttpServer.__init__(self, request_handler)
2164.2.29 by Vincent Ladeuil
Test the http redirection at the request level even if it's not
286
        # redirections is a list of tuples (source, target, code)
287
        # - source is a regexp for the paths requested
288
        # - target is a replacement for re.sub describing where
289
        #   the request will be redirected
290
        # - code is the http error code associated to the
291
        #   redirection (301 permanent, 302 temporarry, etc
292
        self.redirections = []
293
294
    def redirect_to(self, host, port):
295
        """Redirect all requests to a specific host:port"""
296
        self.redirections = [('(.*)',
297
                              r'http://%s:%s\1' % (host, port) ,
298
                              301)]
299
300
    def is_redirected(self, path):
301
        """Is the path redirected by this server.
302
303
        :param path: the requested relative path
304
305
        :returns: a tuple (code, target) if a matching
306
             redirection is found, (None, None) otherwise.
307
        """
308
        code = None
309
        target = None
310
        for (rsource, rtarget, rcode) in self.redirections:
311
            target, match = re.subn(rsource, rtarget, path)
312
            if match:
313
                code = rcode
314
                break # The first match wins
315
            else:
316
                target = None
317
        return code, target
2164.2.13 by v.ladeuil+lp at free
Add tests for redirection. Preserve transport decorations.
318
2167.3.5 by v.ladeuil+lp at free
Tests for proxies, covering #74759.
319
2164.2.22 by Vincent Ladeuil
Take Aaron's review comments into account.
320
class TestCaseWithRedirectedWebserver(TestCaseWithTwoWebservers):
321
   """A support class providing redirections from one server to another.
322
2164.2.25 by Vincent Ladeuil
Fix typos noticed by Aaron.
323
   We set up two webservers to allows various tests involving
2164.2.22 by Vincent Ladeuil
Take Aaron's review comments into account.
324
   redirections.
325
   The 'old' server is redirected to the 'new' server.
326
   """
327
328
   def create_transport_secondary_server(self):
329
       """Create the secondary server redirecting to the primary server"""
330
       new = self.get_readonly_server()
331
       redirecting = HTTPServerRedirecting()
332
       redirecting.redirect_to(new.host, new.port)
333
       return redirecting
334
335
   def setUp(self):
336
       super(TestCaseWithRedirectedWebserver, self).setUp()
337
       # The redirections will point to the new server
338
       self.new_server = self.get_readonly_server()
339
       # The requests to the old server will be redirected
340
       self.old_server = self.get_secondary_server()
341
342
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
343
class AuthRequestHandler(TestingHTTPRequestHandler):
344
    """Requires an authentication to process requests.
2363.4.12 by Vincent Ladeuil
Take jam's review comments into account. Fix typos, give better
345
346
    This is intended to be used with a server that always and
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
347
    only use one authentication scheme (implemented by daughter
348
    classes).
2363.4.12 by Vincent Ladeuil
Take jam's review comments into account. Fix typos, give better
349
    """
2363.4.8 by Vincent Ladeuil
Implement a basic auth HTTP server, rewrite tests accordingly.
350
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
351
    # The following attributes should be defined in the server
2420.1.10 by Vincent Ladeuil
Doc fixes.
352
    # - auth_header_sent: the header name sent to require auth
353
    # - auth_header_recv: the header received containing auth
354
    # - auth_error_code: the error code to indicate auth required
2420.1.2 by Vincent Ladeuil
Define tests for http proxy basic authentication. They fail.
355
2363.4.8 by Vincent Ladeuil
Implement a basic auth HTTP server, rewrite tests accordingly.
356
    def do_GET(self):
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
357
        if self.authorized():
358
            return TestingHTTPRequestHandler.do_GET(self)
359
        else:
360
            # Note that we must update test_case_server *before*
361
            # sending the error or the client may try to read it
362
            # before we have sent the whole error back.
363
            tcs = self.server.test_case_server
364
            tcs.auth_required_errors += 1
365
            self.send_response(tcs.auth_error_code)
366
            self.send_header_auth_reqed()
367
            self.end_headers()
368
            return
2363.4.8 by Vincent Ladeuil
Implement a basic auth HTTP server, rewrite tests accordingly.
369
2363.4.12 by Vincent Ladeuil
Take jam's review comments into account. Fix typos, give better
370
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
371
class BasicAuthRequestHandler(AuthRequestHandler):
372
    """Implements the basic authentication of a request"""
373
374
    def authorized(self):
375
        tcs = self.server.test_case_server
376
        if tcs.auth_scheme != 'basic':
377
            return False
378
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
379
        auth_header = self.headers.get(tcs.auth_header_recv, None)
380
        if auth_header:
381
            scheme, raw_auth = auth_header.split(' ', 1)
382
            if scheme.lower() == tcs.auth_scheme:
383
                user, password = raw_auth.decode('base64').split(':')
384
                return tcs.authorized(user, password)
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
385
386
        return False
387
388
    def send_header_auth_reqed(self):
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
389
        tcs = self.server.test_case_server
390
        self.send_header(tcs.auth_header_sent,
391
                         'Basic realm="%s"' % tcs.auth_realm)
392
393
2420.1.19 by Vincent Ladeuil
Cosmetic changes.
394
# FIXME: We could send an Authentication-Info header too when
395
# the authentication is succesful
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
396
397
class DigestAuthRequestHandler(AuthRequestHandler):
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
398
    """Implements the digest authentication of a request.
399
400
    We need persistence for some attributes and that can't be
401
    achieved here since we get instantiated for each request. We
402
    rely on the DigestAuthServer to take care of them.
403
    """
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
404
405
    def authorized(self):
406
        tcs = self.server.test_case_server
407
        if tcs.auth_scheme != 'digest':
408
            return False
409
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
410
        auth_header = self.headers.get(tcs.auth_header_recv, None)
411
        if auth_header is None:
412
            return False
413
        scheme, auth = auth_header.split(None, 1)
414
        if scheme.lower() == tcs.auth_scheme:
415
            auth_dict = urllib2.parse_keqv_list(urllib2.parse_http_list(auth))
416
417
            return tcs.digest_authorized(auth_dict, self.command)
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
418
419
        return False
420
421
    def send_header_auth_reqed(self):
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
422
        tcs = self.server.test_case_server
423
        header = 'Digest realm="%s", ' % tcs.auth_realm
2545.2.1 by Vincent Ladeuil
Fix 121889 by working around urllib2 bug.
424
        header += 'nonce="%s", algorithm="%s", qop="auth"' % (tcs.auth_nonce,
425
                                                              'MD5')
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
426
        self.send_header(tcs.auth_header_sent,header)
427
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
428
429
class AuthServer(HttpServer):
430
    """Extends HttpServer with a dictionary of passwords.
431
432
    This is used as a base class for various schemes which should
433
    all use or redefined the associated AuthRequestHandler.
2363.4.12 by Vincent Ladeuil
Take jam's review comments into account. Fix typos, give better
434
435
    Note that no users are defined by default, so add_user should
436
    be called before issuing the first request.
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
437
    """
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
438
439
    # The following attributes should be set dy daughter classes
440
    # and are used by AuthRequestHandler.
441
    auth_header_sent = None
442
    auth_header_recv = None
443
    auth_error_code = None
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
444
    auth_realm = "Thou should not pass"
2363.4.12 by Vincent Ladeuil
Take jam's review comments into account. Fix typos, give better
445
446
    def __init__(self, request_handler, auth_scheme):
2363.4.8 by Vincent Ladeuil
Implement a basic auth HTTP server, rewrite tests accordingly.
447
        HttpServer.__init__(self, request_handler)
2363.4.12 by Vincent Ladeuil
Take jam's review comments into account. Fix typos, give better
448
        self.auth_scheme = auth_scheme
2363.4.8 by Vincent Ladeuil
Implement a basic auth HTTP server, rewrite tests accordingly.
449
        self.password_of = {}
2420.1.4 by Vincent Ladeuil
Add test checking the number of roundtrips due to 401 or 407 errors.
450
        self.auth_required_errors = 0
2363.4.8 by Vincent Ladeuil
Implement a basic auth HTTP server, rewrite tests accordingly.
451
452
    def add_user(self, user, password):
2363.4.12 by Vincent Ladeuil
Take jam's review comments into account. Fix typos, give better
453
        """Declare a user with an associated password.
454
455
        password can be empty, use an empty string ('') in that
456
        case, not None.
457
        """
2363.4.8 by Vincent Ladeuil
Implement a basic auth HTTP server, rewrite tests accordingly.
458
        self.password_of[user] = password
459
460
    def authorized(self, user, password):
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
461
        """Check that the given user provided the right password"""
2363.4.12 by Vincent Ladeuil
Take jam's review comments into account. Fix typos, give better
462
        expected_password = self.password_of.get(user, None)
463
        return expected_password is not None and password == expected_password
464
465
2420.1.19 by Vincent Ladeuil
Cosmetic changes.
466
# FIXME: There is some code duplication with
467
# _urllib2_wrappers.py.DigestAuthHandler. If that duplciation
468
# grows, it may require a refactoring. Also, we don't implement
469
# SHA algorithm nor MD5-sess here, but that does not seem worth
470
# it.
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
471
class DigestAuthServer(AuthServer):
472
    """A digest authentication server"""
473
2420.1.16 by Vincent Ladeuil
Handle nonce changes. Fix a nasty bug breaking the auth parameters sharing.
474
    auth_nonce = 'now!'
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
475
476
    def __init__(self, request_handler, auth_scheme):
477
        AuthServer.__init__(self, request_handler, auth_scheme)
478
479
    def digest_authorized(self, auth, command):
2420.1.16 by Vincent Ladeuil
Handle nonce changes. Fix a nasty bug breaking the auth parameters sharing.
480
        nonce = auth['nonce']
481
        if nonce != self.auth_nonce:
482
            return False
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
483
        realm = auth['realm']
484
        if realm != self.auth_realm:
485
            return False
486
        user = auth['username']
487
        if not self.password_of.has_key(user):
488
            return False
489
        algorithm= auth['algorithm']
490
        if algorithm != 'MD5':
491
            return False
492
        qop = auth['qop']
493
        if qop != 'auth':
494
            return False
495
496
        password = self.password_of[user]
497
498
        # Recalculate the response_digest to compare with the one
499
        # sent by the client
500
        A1 = '%s:%s:%s' % (user, realm, password)
501
        A2 = '%s:%s' % (command, auth['uri'])
502
503
        H = lambda x: md5.new(x).hexdigest()
504
        KD = lambda secret, data: H("%s:%s" % (secret, data))
505
506
        nonce_count = int(auth['nc'], 16)
507
508
        ncvalue = '%08x' % nonce_count
509
510
        cnonce = auth['cnonce']
511
        noncebit = '%s:%s:%s:%s:%s' % (nonce, ncvalue, cnonce, qop, H(A2))
512
        response_digest = KD(H(A1), noncebit)
513
514
        return response_digest == auth['response']
515
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
516
class HTTPAuthServer(AuthServer):
517
    """An HTTP server requiring authentication"""
518
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
519
    def init_http_auth(self):
520
        self.auth_header_sent = 'WWW-Authenticate'
521
        self.auth_header_recv = 'Authorization'
522
        self.auth_error_code = 401
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
523
524
525
class ProxyAuthServer(AuthServer):
526
    """A proxy server requiring authentication"""
527
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
528
    def init_proxy_auth(self):
529
        self.proxy_requests = True
530
        self.auth_header_sent = 'Proxy-Authenticate'
531
        self.auth_header_recv = 'Proxy-Authorization'
532
        self.auth_error_code = 407
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
533
534
535
class HTTPBasicAuthServer(HTTPAuthServer):
536
    """An HTTP server requiring basic authentication"""
537
538
    def __init__(self):
539
        HTTPAuthServer.__init__(self, BasicAuthRequestHandler, 'basic')
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
540
        self.init_http_auth()
541
542
543
class HTTPDigestAuthServer(DigestAuthServer, HTTPAuthServer):
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
544
    """An HTTP server requiring digest authentication"""
545
546
    def __init__(self):
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
547
        DigestAuthServer.__init__(self, DigestAuthRequestHandler, 'digest')
548
        self.init_http_auth()
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
549
550
551
class ProxyBasicAuthServer(ProxyAuthServer):
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
552
    """A proxy server requiring basic authentication"""
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
553
554
    def __init__(self):
555
        ProxyAuthServer.__init__(self, BasicAuthRequestHandler, 'basic')
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
556
        self.init_proxy_auth()
557
558
559
class ProxyDigestAuthServer(DigestAuthServer, ProxyAuthServer):
560
    """A proxy server requiring basic authentication"""
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
561
562
    def __init__(self):
563
        ProxyAuthServer.__init__(self, DigestAuthRequestHandler, 'digest')
2420.1.11 by Vincent Ladeuil
Implement digest authentication. Test suite passes. Tested against apache-2.x.
564
        self.init_proxy_auth()
2420.1.9 by Vincent Ladeuil
Refactor proxy and auth test classes. Tests failing for digest auth.
565
566