1
# Copyright (C) 2005-2010 Canonical Ltd
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11
# GNU General Public License for more details.
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17
from cStringIO import StringIO
32
from bzrlib.smart import medium, protocol
33
from bzrlib.tests import http_server
34
from bzrlib.transport import (
40
class HTTPServerWithSmarts(http_server.HttpServer):
41
"""HTTPServerWithSmarts extends the HttpServer with POST methods that will
42
trigger a smart server to execute with a transport rooted at the rootdir of
46
def __init__(self, protocol_version=None):
47
http_server.HttpServer.__init__(self, SmartRequestHandler,
48
protocol_version=protocol_version)
51
class SmartRequestHandler(http_server.TestingHTTPRequestHandler):
52
"""Extend TestingHTTPRequestHandler to support smart client POSTs.
54
XXX: This duplicates a fair bit of the logic in bzrlib.transport.http.wsgi.
58
"""Hand the request off to a smart server instance."""
59
backing = get_transport(self.server.test_case_server._home_dir)
60
chroot_server = chroot.ChrootServer(backing)
61
chroot_server.start_server()
63
t = get_transport(chroot_server.get_url())
66
chroot_server.stop_server()
68
def do_POST_inner(self, chrooted_transport):
69
self.send_response(200)
70
self.send_header("Content-type", "application/octet-stream")
71
if not self.path.endswith('.bzr/smart'):
73
'POST to path not ending in .bzr/smart: %r' % (self.path,))
74
t = chrooted_transport.clone(self.path[:-len('.bzr/smart')])
75
# if this fails, we should return 400 bad request, but failure is
76
# failure for now - RBC 20060919
77
data_length = int(self.headers['Content-Length'])
78
# TODO: We might like to support streaming responses. 1.0 allows no
79
# Content-length in this case, so for integrity we should perform our
80
# own chunking within the stream.
81
# 1.1 allows chunked responses, and in this case we could chunk using
82
# the HTTP chunking as this will allow HTTP persistence safely, even if
83
# we have to stop early due to error, but we would also have to use the
84
# HTTP trailer facility which may not be widely available.
85
request_bytes = self.rfile.read(data_length)
86
protocol_factory, unused_bytes = medium._get_protocol_factory_for_bytes(
88
out_buffer = StringIO()
89
smart_protocol_request = protocol_factory(t, out_buffer.write, '/')
90
# Perhaps there should be a SmartServerHTTPMedium that takes care of
91
# feeding the bytes in the http request to the smart_protocol_request,
92
# but for now it's simpler to just feed the bytes directly.
93
smart_protocol_request.accept_bytes(unused_bytes)
94
if not (smart_protocol_request.next_read_size() == 0):
95
raise errors.SmartProtocolError(
96
"not finished reading, but all data sent to protocol.")
97
self.send_header("Content-Length", str(len(out_buffer.getvalue())))
99
self.wfile.write(out_buffer.getvalue())
102
class TestCaseWithWebserver(tests.TestCaseWithTransport):
103
"""A support class that provides readonly urls that are http://.
105
This is done by forcing the readonly server to be an http
106
one. This will currently fail if the primary transport is not
107
backed by regular disk files.
110
super(TestCaseWithWebserver, self).setUp()
111
self.transport_readonly_server = http_server.HttpServer
114
class TestCaseWithTwoWebservers(TestCaseWithWebserver):
115
"""A support class providing readonly urls on two servers that are http://.
117
We set up two webservers to allows various tests involving
118
proxies or redirections from one server to the other.
121
super(TestCaseWithTwoWebservers, self).setUp()
122
self.transport_secondary_server = http_server.HttpServer
123
self.__secondary_server = None
125
def create_transport_secondary_server(self):
126
"""Create a transport server from class defined at init.
128
This is mostly a hook for daughter classes.
130
return self.transport_secondary_server()
132
def get_secondary_server(self):
133
"""Get the server instance for the secondary transport."""
134
if self.__secondary_server is None:
135
self.__secondary_server = self.create_transport_secondary_server()
136
self.start_server(self.__secondary_server)
137
return self.__secondary_server
140
class ProxyServer(http_server.HttpServer):
141
"""A proxy test server for http transports."""
143
proxy_requests = True
146
class RedirectRequestHandler(http_server.TestingHTTPRequestHandler):
147
"""Redirect all request to the specified server"""
149
def parse_request(self):
150
"""Redirect a single HTTP request to another host"""
151
valid = http_server.TestingHTTPRequestHandler.parse_request(self)
153
tcs = self.server.test_case_server
154
code, target = tcs.is_redirected(self.path)
155
if code is not None and target is not None:
156
# Redirect as instructed
157
self.send_response(code)
158
self.send_header('Location', target)
159
# We do not send a body
160
self.send_header('Content-Length', '0')
162
return False # The job is done
164
# We leave the parent class serve the request
169
class HTTPServerRedirecting(http_server.HttpServer):
170
"""An HttpServer redirecting to another server """
172
def __init__(self, request_handler=RedirectRequestHandler,
173
protocol_version=None):
174
http_server.HttpServer.__init__(self, request_handler,
175
protocol_version=protocol_version)
176
# redirections is a list of tuples (source, target, code)
177
# - source is a regexp for the paths requested
178
# - target is a replacement for re.sub describing where
179
# the request will be redirected
180
# - code is the http error code associated to the
181
# redirection (301 permanent, 302 temporarry, etc
182
self.redirections = []
184
def redirect_to(self, host, port):
185
"""Redirect all requests to a specific host:port"""
186
self.redirections = [('(.*)',
187
r'http://%s:%s\1' % (host, port) ,
190
def is_redirected(self, path):
191
"""Is the path redirected by this server.
193
:param path: the requested relative path
195
:returns: a tuple (code, target) if a matching
196
redirection is found, (None, None) otherwise.
200
for (rsource, rtarget, rcode) in self.redirections:
201
target, match = re.subn(rsource, rtarget, path)
204
break # The first match wins
210
class TestCaseWithRedirectedWebserver(TestCaseWithTwoWebservers):
211
"""A support class providing redirections from one server to another.
213
We set up two webservers to allows various tests involving
215
The 'old' server is redirected to the 'new' server.
218
def create_transport_secondary_server(self):
219
"""Create the secondary server redirecting to the primary server"""
220
new = self.get_readonly_server()
221
redirecting = HTTPServerRedirecting()
222
redirecting.redirect_to(new.host, new.port)
226
super(TestCaseWithRedirectedWebserver, self).setUp()
227
# The redirections will point to the new server
228
self.new_server = self.get_readonly_server()
229
# The requests to the old server will be redirected
230
self.old_server = self.get_secondary_server()
233
class AuthRequestHandler(http_server.TestingHTTPRequestHandler):
234
"""Requires an authentication to process requests.
236
This is intended to be used with a server that always and
237
only use one authentication scheme (implemented by daughter
241
# The following attributes should be defined in the server
242
# - auth_header_sent: the header name sent to require auth
243
# - auth_header_recv: the header received containing auth
244
# - auth_error_code: the error code to indicate auth required
247
if self.authorized():
248
return http_server.TestingHTTPRequestHandler.do_GET(self)
250
# Note that we must update test_case_server *before*
251
# sending the error or the client may try to read it
252
# before we have sent the whole error back.
253
tcs = self.server.test_case_server
254
tcs.auth_required_errors += 1
255
self.send_response(tcs.auth_error_code)
256
self.send_header_auth_reqed()
257
# We do not send a body
258
self.send_header('Content-Length', '0')
263
class BasicAuthRequestHandler(AuthRequestHandler):
264
"""Implements the basic authentication of a request"""
266
def authorized(self):
267
tcs = self.server.test_case_server
268
if tcs.auth_scheme != 'basic':
271
auth_header = self.headers.get(tcs.auth_header_recv, None)
273
scheme, raw_auth = auth_header.split(' ', 1)
274
if scheme.lower() == tcs.auth_scheme:
275
user, password = raw_auth.decode('base64').split(':')
276
return tcs.authorized(user, password)
280
def send_header_auth_reqed(self):
281
tcs = self.server.test_case_server
282
self.send_header(tcs.auth_header_sent,
283
'Basic realm="%s"' % tcs.auth_realm)
286
# FIXME: We could send an Authentication-Info header too when
287
# the authentication is succesful
289
class DigestAuthRequestHandler(AuthRequestHandler):
290
"""Implements the digest authentication of a request.
292
We need persistence for some attributes and that can't be
293
achieved here since we get instantiated for each request. We
294
rely on the DigestAuthServer to take care of them.
297
def authorized(self):
298
tcs = self.server.test_case_server
300
auth_header = self.headers.get(tcs.auth_header_recv, None)
301
if auth_header is None:
303
scheme, auth = auth_header.split(None, 1)
304
if scheme.lower() == tcs.auth_scheme:
305
auth_dict = urllib2.parse_keqv_list(urllib2.parse_http_list(auth))
307
return tcs.digest_authorized(auth_dict, self.command)
311
def send_header_auth_reqed(self):
312
tcs = self.server.test_case_server
313
header = 'Digest realm="%s", ' % tcs.auth_realm
314
header += 'nonce="%s", algorithm="%s", qop="auth"' % (tcs.auth_nonce,
316
self.send_header(tcs.auth_header_sent,header)
319
class DigestAndBasicAuthRequestHandler(DigestAuthRequestHandler):
320
"""Implements a digest and basic authentication of a request.
322
I.e. the server proposes both schemes and the client should choose the best
323
one it can handle, which, in that case, should be digest, the only scheme
327
def send_header_auth_reqed(self):
328
tcs = self.server.test_case_server
329
self.send_header(tcs.auth_header_sent,
330
'Basic realm="%s"' % tcs.auth_realm)
331
header = 'Digest realm="%s", ' % tcs.auth_realm
332
header += 'nonce="%s", algorithm="%s", qop="auth"' % (tcs.auth_nonce,
334
self.send_header(tcs.auth_header_sent,header)
337
class AuthServer(http_server.HttpServer):
338
"""Extends HttpServer with a dictionary of passwords.
340
This is used as a base class for various schemes which should
341
all use or redefined the associated AuthRequestHandler.
343
Note that no users are defined by default, so add_user should
344
be called before issuing the first request.
347
# The following attributes should be set dy daughter classes
348
# and are used by AuthRequestHandler.
349
auth_header_sent = None
350
auth_header_recv = None
351
auth_error_code = None
352
auth_realm = "Thou should not pass"
354
def __init__(self, request_handler, auth_scheme,
355
protocol_version=None):
356
http_server.HttpServer.__init__(self, request_handler,
357
protocol_version=protocol_version)
358
self.auth_scheme = auth_scheme
359
self.password_of = {}
360
self.auth_required_errors = 0
362
def add_user(self, user, password):
363
"""Declare a user with an associated password.
365
password can be empty, use an empty string ('') in that
368
self.password_of[user] = password
370
def authorized(self, user, password):
371
"""Check that the given user provided the right password"""
372
expected_password = self.password_of.get(user, None)
373
return expected_password is not None and password == expected_password
376
# FIXME: There is some code duplication with
377
# _urllib2_wrappers.py.DigestAuthHandler. If that duplication
378
# grows, it may require a refactoring. Also, we don't implement
379
# SHA algorithm nor MD5-sess here, but that does not seem worth
381
class DigestAuthServer(AuthServer):
382
"""A digest authentication server"""
386
def __init__(self, request_handler, auth_scheme,
387
protocol_version=None):
388
AuthServer.__init__(self, request_handler, auth_scheme,
389
protocol_version=protocol_version)
391
def digest_authorized(self, auth, command):
392
nonce = auth['nonce']
393
if nonce != self.auth_nonce:
395
realm = auth['realm']
396
if realm != self.auth_realm:
398
user = auth['username']
399
if not self.password_of.has_key(user):
401
algorithm= auth['algorithm']
402
if algorithm != 'MD5':
408
password = self.password_of[user]
410
# Recalculate the response_digest to compare with the one
412
A1 = '%s:%s:%s' % (user, realm, password)
413
A2 = '%s:%s' % (command, auth['uri'])
415
H = lambda x: osutils.md5(x).hexdigest()
416
KD = lambda secret, data: H("%s:%s" % (secret, data))
418
nonce_count = int(auth['nc'], 16)
420
ncvalue = '%08x' % nonce_count
422
cnonce = auth['cnonce']
423
noncebit = '%s:%s:%s:%s:%s' % (nonce, ncvalue, cnonce, qop, H(A2))
424
response_digest = KD(H(A1), noncebit)
426
return response_digest == auth['response']
429
class HTTPAuthServer(AuthServer):
430
"""An HTTP server requiring authentication"""
432
def init_http_auth(self):
433
self.auth_header_sent = 'WWW-Authenticate'
434
self.auth_header_recv = 'Authorization'
435
self.auth_error_code = 401
438
class ProxyAuthServer(AuthServer):
439
"""A proxy server requiring authentication"""
441
def init_proxy_auth(self):
442
self.proxy_requests = True
443
self.auth_header_sent = 'Proxy-Authenticate'
444
self.auth_header_recv = 'Proxy-Authorization'
445
self.auth_error_code = 407
448
class HTTPBasicAuthServer(HTTPAuthServer):
449
"""An HTTP server requiring basic authentication"""
451
def __init__(self, protocol_version=None):
452
HTTPAuthServer.__init__(self, BasicAuthRequestHandler, 'basic',
453
protocol_version=protocol_version)
454
self.init_http_auth()
457
class HTTPDigestAuthServer(DigestAuthServer, HTTPAuthServer):
458
"""An HTTP server requiring digest authentication"""
460
def __init__(self, protocol_version=None):
461
DigestAuthServer.__init__(self, DigestAuthRequestHandler, 'digest',
462
protocol_version=protocol_version)
463
self.init_http_auth()
466
class HTTPBasicAndDigestAuthServer(DigestAuthServer, HTTPAuthServer):
467
"""An HTTP server requiring basic or digest authentication"""
469
def __init__(self, protocol_version=None):
470
DigestAuthServer.__init__(self, DigestAndBasicAuthRequestHandler,
472
protocol_version=protocol_version)
473
self.init_http_auth()
474
# We really accept Digest only
475
self.auth_scheme = 'digest'
478
class ProxyBasicAuthServer(ProxyAuthServer):
479
"""A proxy server requiring basic authentication"""
481
def __init__(self, protocol_version=None):
482
ProxyAuthServer.__init__(self, BasicAuthRequestHandler, 'basic',
483
protocol_version=protocol_version)
484
self.init_proxy_auth()
487
class ProxyDigestAuthServer(DigestAuthServer, ProxyAuthServer):
488
"""A proxy server requiring basic authentication"""
490
def __init__(self, protocol_version=None):
491
ProxyAuthServer.__init__(self, DigestAuthRequestHandler, 'digest',
492
protocol_version=protocol_version)
493
self.init_proxy_auth()
496
class ProxyBasicAndDigestAuthServer(DigestAuthServer, ProxyAuthServer):
497
"""An proxy server requiring basic or digest authentication"""
499
def __init__(self, protocol_version=None):
500
DigestAuthServer.__init__(self, DigestAndBasicAuthRequestHandler,
502
protocol_version=protocol_version)
503
self.init_proxy_auth()
504
# We really accept Digest only
505
self.auth_scheme = 'digest'