13
13
# You should have received a copy of the GNU General Public License
14
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
15
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17
17
from cStringIO import StringIO
19
from SimpleHTTPServer import SimpleHTTPRequestHandler
24
from bzrlib.tests import TestCaseWithTransport
25
from bzrlib.tests.HttpServer import (
27
TestingHTTPRequestHandler,
32
from bzrlib.smart import medium, protocol
33
from bzrlib.tests import http_server
29
34
from bzrlib.transport import (
32
from bzrlib.smart import protocol
35
class WallRequestHandler(TestingHTTPRequestHandler):
36
"""Whatever request comes in, close the connection"""
38
def handle_one_request(self):
39
"""Handle a single HTTP request, by abruptly closing the connection"""
40
self.close_connection = 1
43
class BadStatusRequestHandler(TestingHTTPRequestHandler):
44
"""Whatever request comes in, returns a bad status"""
46
def parse_request(self):
47
"""Fakes handling a single HTTP request, returns a bad status"""
48
ignored = TestingHTTPRequestHandler.parse_request(self)
50
self.send_response(0, "Bad status")
52
except socket.error, e:
53
# We don't want to pollute the test results with
54
# spurious server errors while test succeed. In our
55
# case, it may occur that the test has already read
56
# the 'Bad Status' and closed the socket while we are
57
# still trying to send some headers... So the test is
58
# ok, but if we raise the exception, the output is
59
# dirty. So we don't raise, but we close the
60
# connection, just to be safe :)
61
spurious = [errno.EPIPE,
65
if (len(e.args) > 0) and (e.args[0] in spurious):
66
self.close_connection = 1
73
class InvalidStatusRequestHandler(TestingHTTPRequestHandler):
74
"""Whatever request comes in, returns am invalid status"""
76
def parse_request(self):
77
"""Fakes handling a single HTTP request, returns a bad status"""
78
ignored = TestingHTTPRequestHandler.parse_request(self)
79
self.wfile.write("Invalid status line\r\n")
83
class BadProtocolRequestHandler(TestingHTTPRequestHandler):
84
"""Whatever request comes in, returns a bad protocol version"""
86
def parse_request(self):
87
"""Fakes handling a single HTTP request, returns a bad status"""
88
ignored = TestingHTTPRequestHandler.parse_request(self)
89
# Returns an invalid protocol version, but curl just
90
# ignores it and those cannot be tested.
91
self.wfile.write("%s %d %s\r\n" % ('HTTP/0.0',
93
'Look at my protocol version'))
97
class ForbiddenRequestHandler(TestingHTTPRequestHandler):
98
"""Whatever request comes in, returns a 403 code"""
100
def parse_request(self):
101
"""Handle a single HTTP request, by replying we cannot handle it"""
102
ignored = TestingHTTPRequestHandler.parse_request(self)
107
class HTTPServerWithSmarts(HttpServer):
40
class HTTPServerWithSmarts(http_server.HttpServer):
108
41
"""HTTPServerWithSmarts extends the HttpServer with POST methods that will
109
42
trigger a smart server to execute with a transport rooted at the rootdir of
114
HttpServer.__init__(self, SmartRequestHandler)
117
class SmartRequestHandler(TestingHTTPRequestHandler):
118
"""Extend TestingHTTPRequestHandler to support smart client POSTs."""
46
def __init__(self, protocol_version=None):
47
http_server.HttpServer.__init__(self, SmartRequestHandler,
48
protocol_version=protocol_version)
51
class SmartRequestHandler(http_server.TestingHTTPRequestHandler):
52
"""Extend TestingHTTPRequestHandler to support smart client POSTs.
54
XXX: This duplicates a fair bit of the logic in bzrlib.transport.http.wsgi.
120
57
def do_POST(self):
121
58
"""Hand the request off to a smart server instance."""
59
backing = get_transport(self.server.test_case_server._home_dir)
60
chroot_server = chroot.ChrootServer(backing)
61
chroot_server.start_server()
63
t = get_transport(chroot_server.get_url())
66
chroot_server.stop_server()
68
def do_POST_inner(self, chrooted_transport):
122
69
self.send_response(200)
123
70
self.send_header("Content-type", "application/octet-stream")
124
transport = get_transport(self.server.test_case_server._home_dir)
71
if not self.path.endswith('.bzr/smart'):
73
'POST to path not ending in .bzr/smart: %r' % (self.path,))
74
t = chrooted_transport.clone(self.path[:-len('.bzr/smart')])
75
# if this fails, we should return 400 bad request, but failure is
76
# failure for now - RBC 20060919
77
data_length = int(self.headers['Content-Length'])
125
78
# TODO: We might like to support streaming responses. 1.0 allows no
126
79
# Content-length in this case, so for integrity we should perform our
127
80
# own chunking within the stream.
129
82
# the HTTP chunking as this will allow HTTP persistence safely, even if
130
83
# we have to stop early due to error, but we would also have to use the
131
84
# HTTP trailer facility which may not be widely available.
85
request_bytes = self.rfile.read(data_length)
86
protocol_factory, unused_bytes = medium._get_protocol_factory_for_bytes(
132
88
out_buffer = StringIO()
133
smart_protocol_request = protocol.SmartServerRequestProtocolOne(
134
transport, out_buffer.write)
135
# if this fails, we should return 400 bad request, but failure is
136
# failure for now - RBC 20060919
137
data_length = int(self.headers['Content-Length'])
89
smart_protocol_request = protocol_factory(t, out_buffer.write, '/')
138
90
# Perhaps there should be a SmartServerHTTPMedium that takes care of
139
91
# feeding the bytes in the http request to the smart_protocol_request,
140
92
# but for now it's simpler to just feed the bytes directly.
141
smart_protocol_request.accept_bytes(self.rfile.read(data_length))
142
assert smart_protocol_request.next_read_size() == 0, (
143
"not finished reading, but all data sent to protocol.")
93
smart_protocol_request.accept_bytes(unused_bytes)
94
if not (smart_protocol_request.next_read_size() == 0):
95
raise errors.SmartProtocolError(
96
"not finished reading, but all data sent to protocol.")
144
97
self.send_header("Content-Length", str(len(out_buffer.getvalue())))
145
98
self.end_headers()
146
99
self.wfile.write(out_buffer.getvalue())
149
class SingleRangeRequestHandler(TestingHTTPRequestHandler):
150
"""Always reply to range request as if they were single.
152
Don't be explicit about it, just to annoy the clients.
155
def get_multiple_ranges(self, file, file_size, ranges):
156
"""Answer as if it was a single range request and ignores the rest"""
157
(start, end) = ranges[0]
158
return self.get_single_range(file, file_size, start, end)
161
class NoRangeRequestHandler(TestingHTTPRequestHandler):
162
"""Ignore range requests without notice"""
164
# Just bypass the range handling done by TestingHTTPRequestHandler
165
do_GET = SimpleHTTPRequestHandler.do_GET
168
class TestCaseWithWebserver(TestCaseWithTransport):
102
class TestCaseWithWebserver(tests.TestCaseWithTransport):
169
103
"""A support class that provides readonly urls that are http://.
171
105
This is done by forcing the readonly server to be an http
199
133
"""Get the server instance for the secondary transport."""
200
134
if self.__secondary_server is None:
201
135
self.__secondary_server = self.create_transport_secondary_server()
202
self.__secondary_server.setUp()
203
self.addCleanup(self.__secondary_server.tearDown)
136
self.start_server(self.__secondary_server)
204
137
return self.__secondary_server
207
class FakeProxyRequestHandler(TestingHTTPRequestHandler):
208
"""Append a '-proxied' suffix to file served"""
210
def translate_path(self, path):
211
# We need to act as a proxy and accept absolute urls,
212
# which SimpleHTTPRequestHandler (grand parent) is not
213
# ready for. So we just drop the protocol://host:port
214
# part in front of the request-url (because we know we
215
# would not forward the request to *another* proxy).
217
# So we do what SimpleHTTPRequestHandler.translate_path
218
# do beginning with python 2.4.3: abandon query
219
# parameters, scheme, host port, etc (which ensure we
220
# provide the right behaviour on all python versions).
221
path = urlparse.urlparse(path)[2]
222
# And now, we can apply *our* trick to proxy files
223
self.path += '-proxied'
224
# An finally we leave our mother class do whatever it
225
# wants with the path
226
return TestingHTTPRequestHandler.translate_path(self, path)
229
class RedirectRequestHandler(TestingHTTPRequestHandler):
140
class ProxyServer(http_server.HttpServer):
141
"""A proxy test server for http transports."""
143
proxy_requests = True
146
class RedirectRequestHandler(http_server.TestingHTTPRequestHandler):
230
147
"""Redirect all request to the specified server"""
232
149
def parse_request(self):
233
150
"""Redirect a single HTTP request to another host"""
234
valid = TestingHTTPRequestHandler.parse_request(self)
151
valid = http_server.TestingHTTPRequestHandler.parse_request(self)
236
153
tcs = self.server.test_case_server
237
154
code, target = tcs.is_redirected(self.path)
309
230
self.old_server = self.get_secondary_server()
233
class AuthRequestHandler(http_server.TestingHTTPRequestHandler):
234
"""Requires an authentication to process requests.
236
This is intended to be used with a server that always and
237
only use one authentication scheme (implemented by daughter
241
# The following attributes should be defined in the server
242
# - auth_header_sent: the header name sent to require auth
243
# - auth_header_recv: the header received containing auth
244
# - auth_error_code: the error code to indicate auth required
247
if self.authorized():
248
return http_server.TestingHTTPRequestHandler.do_GET(self)
250
# Note that we must update test_case_server *before*
251
# sending the error or the client may try to read it
252
# before we have sent the whole error back.
253
tcs = self.server.test_case_server
254
tcs.auth_required_errors += 1
255
self.send_response(tcs.auth_error_code)
256
self.send_header_auth_reqed()
257
# We do not send a body
258
self.send_header('Content-Length', '0')
263
class BasicAuthRequestHandler(AuthRequestHandler):
264
"""Implements the basic authentication of a request"""
266
def authorized(self):
267
tcs = self.server.test_case_server
268
if tcs.auth_scheme != 'basic':
271
auth_header = self.headers.get(tcs.auth_header_recv, None)
273
scheme, raw_auth = auth_header.split(' ', 1)
274
if scheme.lower() == tcs.auth_scheme:
275
user, password = raw_auth.decode('base64').split(':')
276
return tcs.authorized(user, password)
280
def send_header_auth_reqed(self):
281
tcs = self.server.test_case_server
282
self.send_header(tcs.auth_header_sent,
283
'Basic realm="%s"' % tcs.auth_realm)
286
# FIXME: We could send an Authentication-Info header too when
287
# the authentication is succesful
289
class DigestAuthRequestHandler(AuthRequestHandler):
290
"""Implements the digest authentication of a request.
292
We need persistence for some attributes and that can't be
293
achieved here since we get instantiated for each request. We
294
rely on the DigestAuthServer to take care of them.
297
def authorized(self):
298
tcs = self.server.test_case_server
300
auth_header = self.headers.get(tcs.auth_header_recv, None)
301
if auth_header is None:
303
scheme, auth = auth_header.split(None, 1)
304
if scheme.lower() == tcs.auth_scheme:
305
auth_dict = urllib2.parse_keqv_list(urllib2.parse_http_list(auth))
307
return tcs.digest_authorized(auth_dict, self.command)
311
def send_header_auth_reqed(self):
312
tcs = self.server.test_case_server
313
header = 'Digest realm="%s", ' % tcs.auth_realm
314
header += 'nonce="%s", algorithm="%s", qop="auth"' % (tcs.auth_nonce,
316
self.send_header(tcs.auth_header_sent,header)
319
class DigestAndBasicAuthRequestHandler(DigestAuthRequestHandler):
320
"""Implements a digest and basic authentication of a request.
322
I.e. the server proposes both schemes and the client should choose the best
323
one it can handle, which, in that case, should be digest, the only scheme
327
def send_header_auth_reqed(self):
328
tcs = self.server.test_case_server
329
self.send_header(tcs.auth_header_sent,
330
'Basic realm="%s"' % tcs.auth_realm)
331
header = 'Digest realm="%s", ' % tcs.auth_realm
332
header += 'nonce="%s", algorithm="%s", qop="auth"' % (tcs.auth_nonce,
334
self.send_header(tcs.auth_header_sent,header)
337
class AuthServer(http_server.HttpServer):
338
"""Extends HttpServer with a dictionary of passwords.
340
This is used as a base class for various schemes which should
341
all use or redefined the associated AuthRequestHandler.
343
Note that no users are defined by default, so add_user should
344
be called before issuing the first request.
347
# The following attributes should be set dy daughter classes
348
# and are used by AuthRequestHandler.
349
auth_header_sent = None
350
auth_header_recv = None
351
auth_error_code = None
352
auth_realm = "Thou should not pass"
354
def __init__(self, request_handler, auth_scheme,
355
protocol_version=None):
356
http_server.HttpServer.__init__(self, request_handler,
357
protocol_version=protocol_version)
358
self.auth_scheme = auth_scheme
359
self.password_of = {}
360
self.auth_required_errors = 0
362
def add_user(self, user, password):
363
"""Declare a user with an associated password.
365
password can be empty, use an empty string ('') in that
368
self.password_of[user] = password
370
def authorized(self, user, password):
371
"""Check that the given user provided the right password"""
372
expected_password = self.password_of.get(user, None)
373
return expected_password is not None and password == expected_password
376
# FIXME: There is some code duplication with
377
# _urllib2_wrappers.py.DigestAuthHandler. If that duplication
378
# grows, it may require a refactoring. Also, we don't implement
379
# SHA algorithm nor MD5-sess here, but that does not seem worth
381
class DigestAuthServer(AuthServer):
382
"""A digest authentication server"""
386
def __init__(self, request_handler, auth_scheme,
387
protocol_version=None):
388
AuthServer.__init__(self, request_handler, auth_scheme,
389
protocol_version=protocol_version)
391
def digest_authorized(self, auth, command):
392
nonce = auth['nonce']
393
if nonce != self.auth_nonce:
395
realm = auth['realm']
396
if realm != self.auth_realm:
398
user = auth['username']
399
if not self.password_of.has_key(user):
401
algorithm= auth['algorithm']
402
if algorithm != 'MD5':
408
password = self.password_of[user]
410
# Recalculate the response_digest to compare with the one
412
A1 = '%s:%s:%s' % (user, realm, password)
413
A2 = '%s:%s' % (command, auth['uri'])
415
H = lambda x: osutils.md5(x).hexdigest()
416
KD = lambda secret, data: H("%s:%s" % (secret, data))
418
nonce_count = int(auth['nc'], 16)
420
ncvalue = '%08x' % nonce_count
422
cnonce = auth['cnonce']
423
noncebit = '%s:%s:%s:%s:%s' % (nonce, ncvalue, cnonce, qop, H(A2))
424
response_digest = KD(H(A1), noncebit)
426
return response_digest == auth['response']
429
class HTTPAuthServer(AuthServer):
430
"""An HTTP server requiring authentication"""
432
def init_http_auth(self):
433
self.auth_header_sent = 'WWW-Authenticate'
434
self.auth_header_recv = 'Authorization'
435
self.auth_error_code = 401
438
class ProxyAuthServer(AuthServer):
439
"""A proxy server requiring authentication"""
441
def init_proxy_auth(self):
442
self.proxy_requests = True
443
self.auth_header_sent = 'Proxy-Authenticate'
444
self.auth_header_recv = 'Proxy-Authorization'
445
self.auth_error_code = 407
448
class HTTPBasicAuthServer(HTTPAuthServer):
449
"""An HTTP server requiring basic authentication"""
451
def __init__(self, protocol_version=None):
452
HTTPAuthServer.__init__(self, BasicAuthRequestHandler, 'basic',
453
protocol_version=protocol_version)
454
self.init_http_auth()
457
class HTTPDigestAuthServer(DigestAuthServer, HTTPAuthServer):
458
"""An HTTP server requiring digest authentication"""
460
def __init__(self, protocol_version=None):
461
DigestAuthServer.__init__(self, DigestAuthRequestHandler, 'digest',
462
protocol_version=protocol_version)
463
self.init_http_auth()
466
class HTTPBasicAndDigestAuthServer(DigestAuthServer, HTTPAuthServer):
467
"""An HTTP server requiring basic or digest authentication"""
469
def __init__(self, protocol_version=None):
470
DigestAuthServer.__init__(self, DigestAndBasicAuthRequestHandler,
472
protocol_version=protocol_version)
473
self.init_http_auth()
474
# We really accept Digest only
475
self.auth_scheme = 'digest'
478
class ProxyBasicAuthServer(ProxyAuthServer):
479
"""A proxy server requiring basic authentication"""
481
def __init__(self, protocol_version=None):
482
ProxyAuthServer.__init__(self, BasicAuthRequestHandler, 'basic',
483
protocol_version=protocol_version)
484
self.init_proxy_auth()
487
class ProxyDigestAuthServer(DigestAuthServer, ProxyAuthServer):
488
"""A proxy server requiring basic authentication"""
490
def __init__(self, protocol_version=None):
491
ProxyAuthServer.__init__(self, DigestAuthRequestHandler, 'digest',
492
protocol_version=protocol_version)
493
self.init_proxy_auth()
496
class ProxyBasicAndDigestAuthServer(DigestAuthServer, ProxyAuthServer):
497
"""An proxy server requiring basic or digest authentication"""
499
def __init__(self, protocol_version=None):
500
DigestAuthServer.__init__(self, DigestAndBasicAuthRequestHandler,
502
protocol_version=protocol_version)
503
self.init_proxy_auth()
504
# We really accept Digest only
505
self.auth_scheme = 'digest'