Revised the code that handles the "qop" and "stale" parameters of the "WWW-Authenticate" response HTTP header for the upcoming Werkzeug 2.4.

This commit is contained in:
依瑪貓 2023-05-03 06:56:31 +08:00
parent 5b255b6504
commit 15ea650ddd
3 changed files with 8 additions and 7 deletions

View File

@ -23,6 +23,7 @@ from typing import Optional, Literal, Tuple, Dict
from flask import g
from werkzeug.datastructures import Authorization, WWWAuthenticate
from werkzeug.http import parse_set_header
from werkzeug.test import TestResponse, Client as WerkzeugClient
from flask_digest_auth.algo import calc_response, make_password_hash
@ -118,7 +119,7 @@ class Client(WerkzeugClient):
:return: The request authorization.
"""
qop: Optional[Literal["auth", "auth-int"]] = None
if www_authenticate.qop is not None and "auth" in www_authenticate.qop:
if "auth" in parse_set_header(www_authenticate.get("qop")):
qop = "auth"
cnonce: Optional[str] = None

View File

@ -158,7 +158,7 @@ class AuthenticationTestCase(TestCase):
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.type, "digest")
self.assertEqual(www_authenticate.stale, None)
self.assertIsNone(www_authenticate.get("stale"))
opaque: str = www_authenticate.opaque
www_authenticate.nonce = "bad"
@ -167,7 +167,7 @@ class AuthenticationTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, True)
self.assertEqual(www_authenticate.get("stale"), "TRUE")
self.assertEqual(www_authenticate.opaque, opaque)
auth_data = Client.make_authorization(
@ -175,7 +175,7 @@ class AuthenticationTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, False)
self.assertEqual(www_authenticate.get("stale"), "FALSE")
self.assertEqual(www_authenticate.opaque, opaque)
auth_data = Client.make_authorization(

View File

@ -195,7 +195,7 @@ class FlaskLoginTestCase(TestCase):
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.type, "digest")
self.assertEqual(www_authenticate.stale, None)
self.assertIsNone(www_authenticate.get("stale"))
opaque: str = www_authenticate.opaque
if hasattr(g, "_login_user"):
@ -206,7 +206,7 @@ class FlaskLoginTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, True)
self.assertEqual(www_authenticate.get("stale"), "TRUE")
self.assertEqual(www_authenticate.opaque, opaque)
if hasattr(g, "_login_user"):
@ -216,7 +216,7 @@ class FlaskLoginTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, False)
self.assertEqual(www_authenticate.get("stale"), "FALSE")
self.assertEqual(www_authenticate.opaque, opaque)
if hasattr(g, "_login_user"):