1
# Copyright (C) 2005 by Canonical Ltd
1
# Copyright (C) 2005-2010 Canonical Ltd
3
3
# This program is free software; you can redistribute it and/or modify
4
4
# it under the terms of the GNU General Public License as published by
5
5
# the Free Software Foundation; either version 2 of the License, or
6
6
# (at your option) any later version.
8
8
# This program is distributed in the hope that it will be useful,
9
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11
11
# GNU General Public License for more details.
13
13
# You should have received a copy of the GNU General Public License
14
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20
from bzrlib.tests import TestCaseWithTransport
23
class TestCaseWithWebserver(TestCaseWithTransport):
15
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17
from cStringIO import StringIO
33
from bzrlib.smart import (
37
from bzrlib.tests import http_server
38
from bzrlib.transport import chroot
41
class HTTPServerWithSmarts(http_server.HttpServer):
42
"""HTTPServerWithSmarts extends the HttpServer with POST methods that will
43
trigger a smart server to execute with a transport rooted at the rootdir of
47
def __init__(self, protocol_version=None):
48
http_server.HttpServer.__init__(self, SmartRequestHandler,
49
protocol_version=protocol_version)
52
class SmartRequestHandler(http_server.TestingHTTPRequestHandler):
53
"""Extend TestingHTTPRequestHandler to support smart client POSTs.
55
XXX: This duplicates a fair bit of the logic in bzrlib.transport.http.wsgi.
59
"""Hand the request off to a smart server instance."""
60
backing = transport.get_transport(
61
self.server.test_case_server._home_dir)
62
chroot_server = chroot.ChrootServer(backing)
63
chroot_server.start_server()
65
t = transport.get_transport(chroot_server.get_url())
68
chroot_server.stop_server()
70
def do_POST_inner(self, chrooted_transport):
71
self.send_response(200)
72
self.send_header("Content-type", "application/octet-stream")
73
if not self.path.endswith('.bzr/smart'):
75
'POST to path not ending in .bzr/smart: %r' % (self.path,))
76
t = chrooted_transport.clone(self.path[:-len('.bzr/smart')])
77
# if this fails, we should return 400 bad request, but failure is
78
# failure for now - RBC 20060919
79
data_length = int(self.headers['Content-Length'])
80
# TODO: We might like to support streaming responses. 1.0 allows no
81
# Content-length in this case, so for integrity we should perform our
82
# own chunking within the stream.
83
# 1.1 allows chunked responses, and in this case we could chunk using
84
# the HTTP chunking as this will allow HTTP persistence safely, even if
85
# we have to stop early due to error, but we would also have to use the
86
# HTTP trailer facility which may not be widely available.
87
request_bytes = self.rfile.read(data_length)
88
protocol_factory, unused_bytes = medium._get_protocol_factory_for_bytes(
90
out_buffer = StringIO()
91
smart_protocol_request = protocol_factory(t, out_buffer.write, '/')
92
# Perhaps there should be a SmartServerHTTPMedium that takes care of
93
# feeding the bytes in the http request to the smart_protocol_request,
94
# but for now it's simpler to just feed the bytes directly.
95
smart_protocol_request.accept_bytes(unused_bytes)
96
if not (smart_protocol_request.next_read_size() == 0):
97
raise errors.SmartProtocolError(
98
"not finished reading, but all data sent to protocol.")
99
self.send_header("Content-Length", str(len(out_buffer.getvalue())))
101
self.wfile.write(out_buffer.getvalue())
104
class TestCaseWithWebserver(tests.TestCaseWithTransport):
24
105
"""A support class that provides readonly urls that are http://.
26
This is done by forcing the readonly server to be an http one. This
27
will current fail if the primary transport is not backed by regular disk
107
This is done by forcing the readonly server to be an http
108
one. This will currently fail if the primary transport is not
109
backed by regular disk files.
112
# These attributes can be overriden or parametrized by daughter clasess if
113
# needed, but must exist so that the create_transport_readonly_server()
114
# method (or any method creating an http(s) server) can propagate it.
115
_protocol_version = None
116
_url_protocol = 'http'
32
119
super(TestCaseWithWebserver, self).setUp()
33
self.transport_readonly_server = bzrlib.transport.http.HttpServer
120
self.transport_readonly_server = http_server.HttpServer
122
def create_transport_readonly_server(self):
123
server = self.transport_readonly_server(
124
protocol_version=self._protocol_version)
125
server._url_protocol = self._url_protocol
129
class TestCaseWithTwoWebservers(TestCaseWithWebserver):
130
"""A support class providing readonly urls on two servers that are http://.
132
We set up two webservers to allows various tests involving
133
proxies or redirections from one server to the other.
136
super(TestCaseWithTwoWebservers, self).setUp()
137
self.transport_secondary_server = http_server.HttpServer
138
self.__secondary_server = None
140
def create_transport_secondary_server(self):
141
"""Create a transport server from class defined at init.
143
This is mostly a hook for daughter classes.
145
server = self.transport_secondary_server(
146
protocol_version=self._protocol_version)
147
server._url_protocol = self._url_protocol
150
def get_secondary_server(self):
151
"""Get the server instance for the secondary transport."""
152
if self.__secondary_server is None:
153
self.__secondary_server = self.create_transport_secondary_server()
154
self.start_server(self.__secondary_server)
155
return self.__secondary_server
157
def get_secondary_url(self, relpath=None):
158
base = self.get_secondary_server().get_url()
159
return self._adjust_url(base, relpath)
161
def get_secondary_transport(self, relpath=None):
162
t = transport.get_transport(self.get_secondary_url(relpath))
163
self.assertTrue(t.is_readonly())
167
class ProxyServer(http_server.HttpServer):
168
"""A proxy test server for http transports."""
170
proxy_requests = True
173
class RedirectRequestHandler(http_server.TestingHTTPRequestHandler):
174
"""Redirect all request to the specified server"""
176
def parse_request(self):
177
"""Redirect a single HTTP request to another host"""
178
valid = http_server.TestingHTTPRequestHandler.parse_request(self)
180
tcs = self.server.test_case_server
181
code, target = tcs.is_redirected(self.path)
182
if code is not None and target is not None:
183
# Redirect as instructed
184
self.send_response(code)
185
self.send_header('Location', target)
186
# We do not send a body
187
self.send_header('Content-Length', '0')
189
return False # The job is done
191
# We leave the parent class serve the request
196
class HTTPServerRedirecting(http_server.HttpServer):
197
"""An HttpServer redirecting to another server """
199
def __init__(self, request_handler=RedirectRequestHandler,
200
protocol_version=None):
201
http_server.HttpServer.__init__(self, request_handler,
202
protocol_version=protocol_version)
203
# redirections is a list of tuples (source, target, code)
204
# - source is a regexp for the paths requested
205
# - target is a replacement for re.sub describing where
206
# the request will be redirected
207
# - code is the http error code associated to the
208
# redirection (301 permanent, 302 temporarry, etc
209
self.redirections = []
211
def redirect_to(self, host, port):
212
"""Redirect all requests to a specific host:port"""
213
self.redirections = [('(.*)',
214
r'http://%s:%s\1' % (host, port) ,
217
def is_redirected(self, path):
218
"""Is the path redirected by this server.
220
:param path: the requested relative path
222
:returns: a tuple (code, target) if a matching
223
redirection is found, (None, None) otherwise.
227
for (rsource, rtarget, rcode) in self.redirections:
228
target, match = re.subn(rsource, rtarget, path)
231
break # The first match wins
237
class TestCaseWithRedirectedWebserver(TestCaseWithTwoWebservers):
238
"""A support class providing redirections from one server to another.
240
We set up two webservers to allows various tests involving
242
The 'old' server is redirected to the 'new' server.
246
super(TestCaseWithRedirectedWebserver, self).setUp()
247
# The redirections will point to the new server
248
self.new_server = self.get_readonly_server()
249
# The requests to the old server will be redirected to the new server
250
self.old_server = self.get_secondary_server()
252
def create_transport_secondary_server(self):
253
"""Create the secondary server redirecting to the primary server"""
254
new = self.get_readonly_server()
255
redirecting = HTTPServerRedirecting(
256
protocol_version=self._protocol_version)
257
redirecting.redirect_to(new.host, new.port)
258
redirecting._url_protocol = self._url_protocol
261
def get_old_url(self, relpath=None):
262
base = self.old_server.get_url()
263
return self._adjust_url(base, relpath)
265
def get_old_transport(self, relpath=None):
266
t = transport.get_transport(self.get_old_url(relpath))
267
self.assertTrue(t.is_readonly())
270
def get_new_url(self, relpath=None):
271
base = self.new_server.get_url()
272
return self._adjust_url(base, relpath)
274
def get_new_transport(self, relpath=None):
275
t = transport.get_transport(self.get_new_url(relpath))
276
self.assertTrue(t.is_readonly())
280
class AuthRequestHandler(http_server.TestingHTTPRequestHandler):
281
"""Requires an authentication to process requests.
283
This is intended to be used with a server that always and
284
only use one authentication scheme (implemented by daughter
288
# The following attributes should be defined in the server
289
# - auth_header_sent: the header name sent to require auth
290
# - auth_header_recv: the header received containing auth
291
# - auth_error_code: the error code to indicate auth required
294
if self.authorized():
295
return http_server.TestingHTTPRequestHandler.do_GET(self)
297
# Note that we must update test_case_server *before*
298
# sending the error or the client may try to read it
299
# before we have sent the whole error back.
300
tcs = self.server.test_case_server
301
tcs.auth_required_errors += 1
302
self.send_response(tcs.auth_error_code)
303
self.send_header_auth_reqed()
304
# We do not send a body
305
self.send_header('Content-Length', '0')
310
class BasicAuthRequestHandler(AuthRequestHandler):
311
"""Implements the basic authentication of a request"""
313
def authorized(self):
314
tcs = self.server.test_case_server
315
if tcs.auth_scheme != 'basic':
318
auth_header = self.headers.get(tcs.auth_header_recv, None)
320
scheme, raw_auth = auth_header.split(' ', 1)
321
if scheme.lower() == tcs.auth_scheme:
322
user, password = raw_auth.decode('base64').split(':')
323
return tcs.authorized(user, password)
327
def send_header_auth_reqed(self):
328
tcs = self.server.test_case_server
329
self.send_header(tcs.auth_header_sent,
330
'Basic realm="%s"' % tcs.auth_realm)
333
# FIXME: We could send an Authentication-Info header too when
334
# the authentication is succesful
336
class DigestAuthRequestHandler(AuthRequestHandler):
337
"""Implements the digest authentication of a request.
339
We need persistence for some attributes and that can't be
340
achieved here since we get instantiated for each request. We
341
rely on the DigestAuthServer to take care of them.
344
def authorized(self):
345
tcs = self.server.test_case_server
347
auth_header = self.headers.get(tcs.auth_header_recv, None)
348
if auth_header is None:
350
scheme, auth = auth_header.split(None, 1)
351
if scheme.lower() == tcs.auth_scheme:
352
auth_dict = urllib2.parse_keqv_list(urllib2.parse_http_list(auth))
354
return tcs.digest_authorized(auth_dict, self.command)
358
def send_header_auth_reqed(self):
359
tcs = self.server.test_case_server
360
header = 'Digest realm="%s", ' % tcs.auth_realm
361
header += 'nonce="%s", algorithm="%s", qop="auth"' % (tcs.auth_nonce,
363
self.send_header(tcs.auth_header_sent,header)
366
class DigestAndBasicAuthRequestHandler(DigestAuthRequestHandler):
367
"""Implements a digest and basic authentication of a request.
369
I.e. the server proposes both schemes and the client should choose the best
370
one it can handle, which, in that case, should be digest, the only scheme
374
def send_header_auth_reqed(self):
375
tcs = self.server.test_case_server
376
self.send_header(tcs.auth_header_sent,
377
'Basic realm="%s"' % tcs.auth_realm)
378
header = 'Digest realm="%s", ' % tcs.auth_realm
379
header += 'nonce="%s", algorithm="%s", qop="auth"' % (tcs.auth_nonce,
381
self.send_header(tcs.auth_header_sent,header)
384
class AuthServer(http_server.HttpServer):
385
"""Extends HttpServer with a dictionary of passwords.
387
This is used as a base class for various schemes which should
388
all use or redefined the associated AuthRequestHandler.
390
Note that no users are defined by default, so add_user should
391
be called before issuing the first request.
394
# The following attributes should be set dy daughter classes
395
# and are used by AuthRequestHandler.
396
auth_header_sent = None
397
auth_header_recv = None
398
auth_error_code = None
399
auth_realm = "Thou should not pass"
401
def __init__(self, request_handler, auth_scheme,
402
protocol_version=None):
403
http_server.HttpServer.__init__(self, request_handler,
404
protocol_version=protocol_version)
405
self.auth_scheme = auth_scheme
406
self.password_of = {}
407
self.auth_required_errors = 0
409
def add_user(self, user, password):
410
"""Declare a user with an associated password.
412
password can be empty, use an empty string ('') in that
415
self.password_of[user] = password
417
def authorized(self, user, password):
418
"""Check that the given user provided the right password"""
419
expected_password = self.password_of.get(user, None)
420
return expected_password is not None and password == expected_password
423
# FIXME: There is some code duplication with
424
# _urllib2_wrappers.py.DigestAuthHandler. If that duplication
425
# grows, it may require a refactoring. Also, we don't implement
426
# SHA algorithm nor MD5-sess here, but that does not seem worth
428
class DigestAuthServer(AuthServer):
429
"""A digest authentication server"""
433
def __init__(self, request_handler, auth_scheme,
434
protocol_version=None):
435
AuthServer.__init__(self, request_handler, auth_scheme,
436
protocol_version=protocol_version)
438
def digest_authorized(self, auth, command):
439
nonce = auth['nonce']
440
if nonce != self.auth_nonce:
442
realm = auth['realm']
443
if realm != self.auth_realm:
445
user = auth['username']
446
if not self.password_of.has_key(user):
448
algorithm= auth['algorithm']
449
if algorithm != 'MD5':
455
password = self.password_of[user]
457
# Recalculate the response_digest to compare with the one
459
A1 = '%s:%s:%s' % (user, realm, password)
460
A2 = '%s:%s' % (command, auth['uri'])
462
H = lambda x: osutils.md5(x).hexdigest()
463
KD = lambda secret, data: H("%s:%s" % (secret, data))
465
nonce_count = int(auth['nc'], 16)
467
ncvalue = '%08x' % nonce_count
469
cnonce = auth['cnonce']
470
noncebit = '%s:%s:%s:%s:%s' % (nonce, ncvalue, cnonce, qop, H(A2))
471
response_digest = KD(H(A1), noncebit)
473
return response_digest == auth['response']
476
class HTTPAuthServer(AuthServer):
477
"""An HTTP server requiring authentication"""
479
def init_http_auth(self):
480
self.auth_header_sent = 'WWW-Authenticate'
481
self.auth_header_recv = 'Authorization'
482
self.auth_error_code = 401
485
class ProxyAuthServer(AuthServer):
486
"""A proxy server requiring authentication"""
488
def init_proxy_auth(self):
489
self.proxy_requests = True
490
self.auth_header_sent = 'Proxy-Authenticate'
491
self.auth_header_recv = 'Proxy-Authorization'
492
self.auth_error_code = 407
495
class HTTPBasicAuthServer(HTTPAuthServer):
496
"""An HTTP server requiring basic authentication"""
498
def __init__(self, protocol_version=None):
499
HTTPAuthServer.__init__(self, BasicAuthRequestHandler, 'basic',
500
protocol_version=protocol_version)
501
self.init_http_auth()
504
class HTTPDigestAuthServer(DigestAuthServer, HTTPAuthServer):
505
"""An HTTP server requiring digest authentication"""
507
def __init__(self, protocol_version=None):
508
DigestAuthServer.__init__(self, DigestAuthRequestHandler, 'digest',
509
protocol_version=protocol_version)
510
self.init_http_auth()
513
class HTTPBasicAndDigestAuthServer(DigestAuthServer, HTTPAuthServer):
514
"""An HTTP server requiring basic or digest authentication"""
516
def __init__(self, protocol_version=None):
517
DigestAuthServer.__init__(self, DigestAndBasicAuthRequestHandler,
519
protocol_version=protocol_version)
520
self.init_http_auth()
521
# We really accept Digest only
522
self.auth_scheme = 'digest'
525
class ProxyBasicAuthServer(ProxyAuthServer):
526
"""A proxy server requiring basic authentication"""
528
def __init__(self, protocol_version=None):
529
ProxyAuthServer.__init__(self, BasicAuthRequestHandler, 'basic',
530
protocol_version=protocol_version)
531
self.init_proxy_auth()
534
class ProxyDigestAuthServer(DigestAuthServer, ProxyAuthServer):
535
"""A proxy server requiring basic authentication"""
537
def __init__(self, protocol_version=None):
538
ProxyAuthServer.__init__(self, DigestAuthRequestHandler, 'digest',
539
protocol_version=protocol_version)
540
self.init_proxy_auth()
543
class ProxyBasicAndDigestAuthServer(DigestAuthServer, ProxyAuthServer):
544
"""An proxy server requiring basic or digest authentication"""
546
def __init__(self, protocol_version=None):
547
DigestAuthServer.__init__(self, DigestAndBasicAuthRequestHandler,
549
protocol_version=protocol_version)
550
self.init_proxy_auth()
551
# We really accept Digest only
552
self.auth_scheme = 'digest'
added
removed
bzrlib/tests/http_utils.py
