imacat/flask-digestauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 16 Wiki Activity

Compare commits

base: imacat:320cfe1700f6e11e6bee51f1d3ae2d64b3dd8334
Branches Tags
imacat:main
imacat:v0.7.1
imacat:v0.7.0
imacat:v0.6.2
imacat:v0.6.1
imacat:v0.6.0
imacat:v0.5.0
imacat:v0.4.0
imacat:v0.3.1
imacat:v0.3.0
imacat:v0.2.4
imacat:v0.2.3
imacat:v0.2.2
imacat:v0.2.1
imacat:v0.2.0
imacat:v0.1.1
imacat:v0.1.0
...
compare: imacat:1660911afb25a0ab40a745960d950740900fbcfa
Branches Tags
imacat:main
imacat:v0.7.1
imacat:v0.7.0
imacat:v0.6.2
imacat:v0.6.1
imacat:v0.6.0
imacat:v0.5.0
imacat:v0.4.0
imacat:v0.3.1
imacat:v0.3.0
imacat:v0.2.4
imacat:v0.2.3
imacat:v0.2.2
imacat:v0.2.1
imacat:v0.2.0
imacat:v0.1.1
imacat:v0.1.0

4 Commits
320cfe1700 ... 1660911afb

Author SHA1 Message Date
依瑪貓
1660911afb Advanced to version 0.7.0. 2023-10-08 22:20:16 +08:00
依瑪貓
a8c34eb367 Updated the Sphinx documentation. 2023-10-08 22:15:44 +08:00
依瑪貓
cc96987a18 Revised the FlaskLoginTestCase test case to skip testing when Flask-Login 0.6.2 conflicts with Werkzeug 3. 2023-10-08 22:11:50 +08:00
依瑪貓
1f657568bb Replaced the "Flask-Testing" package with the "httpx" package for testing, and retired the unused "flask_digest_auth.test" module. "Flask-Testing" is not maintained for more than 3 years, and is not compatible with Flask 3. 2023-10-08 22:06:20 +08:00
8 changed files with 256 additions and 315 deletions
Show Stats Expand all files Collapse all files

11
docs/source/changelog.rst
View File

@ -2,6 +2,17 @@ Change Log
========== ==========
Version 0.7.0
-------------
Released 2023/10/8
* Removed the test client. You should use httpx instead of Flask-Testing
when writing automatic tests. Flask-Testing is not maintained for more
than 3 years, and is not compatible with Flask 3 now.
* Revised to skip the tests when Flask-Login is not compatible with Werkzeug.
Version 0.6.2 Version 0.6.2
------------- -------------

8
docs/source/flask_digest_auth.rst
View File

@ -20,14 +20,6 @@ flask\_digest\_auth.auth module
:undoc-members: :undoc-members:
:show-inheritance: :show-inheritance:
flask\_digest\_auth.test module
-------------------------------
.. automodule:: flask_digest_auth.test
:members:
:undoc-members:
:show-inheritance:
Module contents Module contents
--------------- ---------------

2
pyproject.toml
View File

@ -40,7 +40,7 @@ dependencies = [
[project.optional-dependencies] [project.optional-dependencies]
test = [ test = [
"unittest", "unittest",
"flask-testing", "httpx",
] ]
[project.urls] [project.urls]

5
src/flask_digest_auth/__init__.py
View File

@ -1,7 +1,7 @@
# The Flask HTTP Digest Authentication Project. # The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/6 # Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/6
# Copyright (c) 2022 imacat. # Copyright (c) 2022-2023 imacat.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -20,7 +20,6 @@
""" """
from flask_digest_auth.algo import make_password_hash, calc_response from flask_digest_auth.algo import make_password_hash, calc_response
from flask_digest_auth.auth import DigestAuth from flask_digest_auth.auth import DigestAuth
from flask_digest_auth.test import Client
VERSION: str = "0.6.2" VERSION: str = "0.7.0"
"""The package version.""" """The package version."""

155
src/flask_digest_auth/test.py
View File

@ -1,155 +0,0 @@
# The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/3
# Copyright (c) 2022 imacat.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The test client with HTTP digest authentication enabled.
"""
from secrets import token_urlsafe
from typing import Optional, Literal, Tuple, Dict
from flask import g
from werkzeug.datastructures import Authorization, WWWAuthenticate
from werkzeug.http import parse_set_header
from werkzeug.test import TestResponse, Client as WerkzeugClient
from flask_digest_auth.algo import calc_response, make_password_hash
class Client(WerkzeugClient):
"""The test client with HTTP digest authentication enabled.
:Example:
For unittest_:
::
class MyTestCase(flask_testing.TestCase):
def create_app(self):
app: Flask = create_app({
"SECRET_KEY": token_urlsafe(32),
"TESTING": True
})
app.test_client_class = Client
return app
def test_admin(self):
response = self.client.get("/admin")
self.assertEqual(response.status_code, 401)
response = self.client.get(
"/admin", digest_auth=(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200)
For pytest_:
::
@pytest.fixture()
def app():
app: Flask = create_app({
"SECRET_KEY": token_urlsafe(32),
"TESTING": True
})
app.test_client_class = Client
yield app
@pytest.fixture()
def client(app):
return app.test_client()
def test_admin(app: Flask, client: Client):
with app.app_context():
response = client.get("/admin")
assert response.status_code == 401
response = client.get(
"/admin", digest_auth=(USERNAME, PASSWORD))
assert response.status_code == 200
.. _unittest: https://docs.python.org/3/library/unittest.html
.. _pytest: https://pytest.org
"""
def open(self, *args, digest_auth: Optional[Tuple[str, str]] = None,
**kwargs) -> TestResponse:
"""Opens a request.
:param args: The arguments.
:param digest_auth: The (*username*, *password*) tuple for the HTTP
digest authentication.
:param kwargs: The keyword arguments.
:return: The response.
"""
response: TestResponse = super(Client, self).open(*args, **kwargs)
www_authenticate: WWWAuthenticate = response.www_authenticate
if not (response.status_code == 401
and www_authenticate.type == "digest"
and digest_auth is not None):
return response
if hasattr(g, "_login_user"):
delattr(g, "_login_user")
auth_data: Authorization = self.__class__.make_authorization(
www_authenticate, args[0], digest_auth[0], digest_auth[1])
response = super(Client, self).open(*args, auth=auth_data, **kwargs)
return response
@staticmethod
def make_authorization(www_authenticate: WWWAuthenticate, uri: str,
username: str, password: str) -> Authorization:
"""Composes and returns the request authorization.
:param www_authenticate: The ``WWW-Authenticate`` response.
:param uri: The request URI.
:param username: The username.
:param password: The password.
:return: The request authorization.
"""
qop: Optional[Literal["auth", "auth-int"]] = None
if "auth" in parse_set_header(www_authenticate.get("qop")):
qop = "auth"
cnonce: Optional[str] = None
if qop is not None or www_authenticate.algorithm == "MD5-sess":
cnonce = token_urlsafe(8)
nc: Optional[str] = None
count: int = 1
if qop is not None:
nc: str = hex(count)[2:].zfill(8)
expected: str = calc_response(
method="GET", uri=uri,
password_hash=make_password_hash(www_authenticate.realm,
username, password),
nonce=www_authenticate.nonce, qop=qop,
algorithm=www_authenticate.algorithm, cnonce=cnonce, nc=nc,
body=None)
data: Dict[str, str] = {
"username": username, "realm": www_authenticate.realm,
"nonce": www_authenticate.nonce, "uri": uri, "response": expected}
if www_authenticate.algorithm is not None:
data["algorithm"] = www_authenticate.algorithm
if cnonce is not None:
data["cnonce"] = cnonce
if www_authenticate.opaque is not None:
data["opaque"] = www_authenticate.opaque
if qop is not None:
data["qop"] = qop
if nc is not None:
data["nc"] = nc
return Authorization("digest", data=data)

128
tests/test_auth.py
View File

@ -19,21 +19,17 @@
""" """
import logging import logging
import unittest
from secrets import token_urlsafe from secrets import token_urlsafe
from typing import Any, Optional, Dict from typing import Any, Optional, Dict
from flask import Response, Flask, g, redirect, request import httpx
from flask_testing import TestCase from flask import Flask, g, redirect, request
from werkzeug.datastructures import WWWAuthenticate, Authorization from werkzeug.datastructures import WWWAuthenticate
from flask_digest_auth import DigestAuth, make_password_hash, Client from flask_digest_auth import DigestAuth, make_password_hash
from testlib import REALM, USERNAME, PASSWORD, ADMIN_1_URI, ADMIN_2_URI, \
_REALM: str = "testrealm@host.com" LOGOUT_URI, make_authorization
"""The realm."""
_USERNAME: str = "Mufasa"
"""The username."""
_PASSWORD: str = "Circle Of Life"
"""The password."""
class User: class User:
@ -47,34 +43,37 @@ class User:
""" """
self.username: str = username self.username: str = username
"""The username.""" """The username."""
self.password_hash: str = make_password_hash(_REALM, username, password) self.password_hash: str = make_password_hash(REALM, username, password)
"""The password hash.""" """The password hash."""
self.visits: int = 0 self.visits: int = 0
"""The number of visits.""" """The number of visits."""
class AuthenticationTestCase(TestCase): class AuthenticationTestCase(unittest.TestCase):
"""The test case for the HTTP digest authentication.""" """The test case for the HTTP digest authentication."""
def create_app(self): def setUp(self) -> None:
"""Creates the Flask application. """Sets up the test.
This is run once per test.
:return: The Flask application. :return: None.
""" """
logging.getLogger("test_auth").addHandler(logging.NullHandler()) logging.getLogger("test_auth").addHandler(logging.NullHandler())
app: Flask = Flask(__name__) app: Flask = Flask(__name__)
app.config.from_mapping({ app.config.from_mapping({
"TESTING": True, "TESTING": True,
"SECRET_KEY": token_urlsafe(32), "SECRET_KEY": token_urlsafe(32),
"DIGEST_AUTH_REALM": _REALM, "DIGEST_AUTH_REALM": REALM,
}) })
app.test_client_class = Client self.__client: httpx.Client = httpx.Client(
app=app, base_url="https://testserver")
"""The testing client."""
auth: DigestAuth = DigestAuth() auth: DigestAuth = DigestAuth()
auth.init_app(app) auth.init_app(app)
self.__user: User = User(_USERNAME, _PASSWORD) self.__user: User = User(USERNAME, PASSWORD)
"""The user account.""" """The user account."""
user_db: Dict[str, User] = {_USERNAME: self.__user} user_db: Dict[str, User] = {USERNAME: self.__user}
@auth.register_get_password @auth.register_get_password
def get_password_hash(username: str) -> Optional[str]: def get_password_hash(username: str) -> Optional[str]:
@ -104,7 +103,7 @@ class AuthenticationTestCase(TestCase):
""" """
user.visits = user.visits + 1 user.visits = user.visits + 1
@app.get("/admin-1/auth", endpoint="admin-1") @app.get(ADMIN_1_URI, endpoint="admin-1")
@auth.login_required @auth.login_required
def admin_1() -> str: def admin_1() -> str:
"""The first administration section. """The first administration section.
@ -113,7 +112,7 @@ class AuthenticationTestCase(TestCase):
""" """
return f"Hello, {g.user.username}! #1" return f"Hello, {g.user.username}! #1"
@app.get("/admin-2/auth", endpoint="admin-2") @app.get(ADMIN_2_URI, endpoint="admin-2")
@auth.login_required @auth.login_required
def admin_2() -> str: def admin_2() -> str:
"""The second administration section. """The second administration section.
@ -122,7 +121,7 @@ class AuthenticationTestCase(TestCase):
""" """
return f"Hello, {g.user.username}! #2" return f"Hello, {g.user.username}! #2"
@app.post("/logout", endpoint="logout") @app.post(LOGOUT_URI, endpoint="logout")
@auth.login_required @auth.login_required
def logout() -> redirect: def logout() -> redirect:
"""Logs out the user. """Logs out the user.
@ -132,24 +131,21 @@ class AuthenticationTestCase(TestCase):
auth.logout() auth.logout()
return redirect(request.form.get("next")) return redirect(request.form.get("next"))
return app
def test_auth(self) -> None: def test_auth(self) -> None:
"""Tests the authentication. """Tests the authentication.
:return: None. :return: None.
""" """
response: Response = self.client.get(self.app.url_for("admin-1")) response: httpx.Response
response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get( response = self.__client.get(ADMIN_1_URI,
self.app.url_for("admin-1"), digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode("UTF-8"), self.assertEqual(response.text, f"Hello, {USERNAME}! #1")
f"Hello, {_USERNAME}! #1") response = self.__client.get(ADMIN_2_URI)
response: Response = self.client.get(self.app.url_for("admin-2"))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode("UTF-8"), self.assertEqual(response.text, f"Hello, {USERNAME}! #2")
f"Hello, {_USERNAME}! #2")
self.assertEqual(self.__user.visits, 1) self.assertEqual(self.__user.visits, 1)
def test_stale_opaque(self) -> None: def test_stale_opaque(self) -> None:
@ -157,38 +153,43 @@ class AuthenticationTestCase(TestCase):
:return: None. :return: None.
""" """
admin_uri: str = self.app.url_for("admin-1") response: httpx.Response
response: Response
www_authenticate: WWWAuthenticate www_authenticate: WWWAuthenticate
auth_data: Authorization auth_header: str
response = super(Client, self.client).get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = WWWAuthenticate.from_header(
response.headers["WWW-Authenticate"])
self.assertEqual(www_authenticate.type, "digest") self.assertEqual(www_authenticate.type, "digest")
self.assertIsNone(www_authenticate.get("stale")) self.assertIsNone(www_authenticate.get("stale"))
opaque: str = www_authenticate.opaque opaque: str = www_authenticate.opaque
www_authenticate.nonce = "bad" www_authenticate.nonce = "bad"
auth_data = Client.make_authorization( auth_header = make_authorization(
www_authenticate, admin_uri, _USERNAME, _PASSWORD) www_authenticate, ADMIN_1_URI, USERNAME, PASSWORD)
response = super(Client, self.client).get(admin_uri, auth=auth_data) response = self.__client.get(ADMIN_1_URI,
headers={"Authorization": auth_header})
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = WWWAuthenticate.from_header(
response.headers["WWW-Authenticate"])
self.assertEqual(www_authenticate.get("stale"), "TRUE") self.assertEqual(www_authenticate.get("stale"), "TRUE")
self.assertEqual(www_authenticate.opaque, opaque) self.assertEqual(www_authenticate.opaque, opaque)
auth_data = Client.make_authorization( auth_header = make_authorization(
www_authenticate, admin_uri, _USERNAME, _PASSWORD + "2") www_authenticate, ADMIN_1_URI, USERNAME, PASSWORD + "2")
response = super(Client, self.client).get(admin_uri, auth=auth_data) response = self.__client.get(ADMIN_1_URI,
headers={"Authorization": auth_header})
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = WWWAuthenticate.from_header(
response.headers["WWW-Authenticate"])
self.assertEqual(www_authenticate.get("stale"), "FALSE") self.assertEqual(www_authenticate.get("stale"), "FALSE")
self.assertEqual(www_authenticate.opaque, opaque) self.assertEqual(www_authenticate.opaque, opaque)
auth_data = Client.make_authorization( auth_header = make_authorization(
www_authenticate, admin_uri, _USERNAME, _PASSWORD) www_authenticate, ADMIN_1_URI, USERNAME, PASSWORD)
response = super(Client, self.client).get(admin_uri, auth=auth_data) response = self.__client.get(ADMIN_1_URI,
headers={"Authorization": auth_header})
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
def test_logout(self) -> None: def test_logout(self) -> None:
@ -196,35 +197,34 @@ class AuthenticationTestCase(TestCase):
:return: None. :return: None.
""" """
admin_uri: str = self.app.url_for("admin-1") logout_uri: str = LOGOUT_URI
logout_uri: str = self.app.url_for("logout") response: httpx.Response
response: Response
response = self.client.get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(admin_uri, response = self.__client.get(ADMIN_1_URI,
digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
response = self.client.get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
response = self.client.post(logout_uri, data={"next": admin_uri}) response = self.__client.post(logout_uri, data={"next": ADMIN_1_URI})
self.assertEqual(response.status_code, 302) self.assertEqual(response.status_code, 302)
self.assertEqual(response.location, admin_uri) self.assertEqual(response.headers["Location"], ADMIN_1_URI)
response = self.client.get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(admin_uri, response = self.__client.get(ADMIN_1_URI,
digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(admin_uri, response = self.__client.get(ADMIN_1_URI,
digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
response = self.client.get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(self.__user.visits, 2) self.assertEqual(self.__user.visits, 2)

175
tests/test_flask_login.py
View File

@ -19,21 +19,18 @@
""" """
import logging import logging
import unittest
from secrets import token_urlsafe from secrets import token_urlsafe
from typing import Optional, Dict from typing import Optional, Dict
from flask import Response, Flask, g, redirect, request import httpx
from flask_testing import TestCase from flask import Flask, g, redirect, request
from werkzeug.datastructures import WWWAuthenticate, Authorization from werkzeug.datastructures import WWWAuthenticate
from flask_digest_auth import DigestAuth, make_password_hash, Client from flask_digest_auth import DigestAuth, make_password_hash
from testlib import REALM, USERNAME, PASSWORD, ADMIN_1_URI, ADMIN_2_URI, \
LOGOUT_URI, make_authorization
_REALM: str = "testrealm@host.com"
"""The realm."""
_USERNAME: str = "Mufasa"
"""The username."""
_PASSWORD: str = "Circle Of Life"
"""The password."""
SKIPPED_NO_FLASK_LOGIN: str = "Skipped without Flask-Login." SKIPPED_NO_FLASK_LOGIN: str = "Skipped without Flask-Login."
"""The message that a test is skipped when Flask-Login is not installed.""" """The message that a test is skipped when Flask-Login is not installed."""
@ -49,7 +46,7 @@ class User:
""" """
self.username: str = username self.username: str = username
"""The username.""" """The username."""
self.password_hash: str = make_password_hash(_REALM, username, password) self.password_hash: str = make_password_hash(REALM, username, password)
"""The password hash.""" """The password hash."""
self.visits: int = 0 self.visits: int = 0
"""The number of visits.""" """The number of visits."""
@ -77,22 +74,25 @@ class User:
return self.is_active return self.is_active
class FlaskLoginTestCase(TestCase): class FlaskLoginTestCase(unittest.TestCase):
"""The test case with the Flask-Login integration.""" """The test case with the Flask-Login integration."""
def create_app(self) -> Flask: def setUp(self) -> None:
"""Creates the Flask application. """Sets up the test.
This is run once per test.
:return: The Flask application. :return: None.
""" """
logging.getLogger("test_flask_login").addHandler(logging.NullHandler()) logging.getLogger("test_flask_login").addHandler(logging.NullHandler())
app: Flask = Flask(__name__) self.app: Flask = Flask(__name__)
app.config.from_mapping({ self.app.config.from_mapping({
"TESTING": True, "TESTING": True,
"SECRET_KEY": token_urlsafe(32), "SECRET_KEY": token_urlsafe(32),
"DIGEST_AUTH_REALM": _REALM, "DIGEST_AUTH_REALM": REALM,
}) })
app.test_client_class = Client self.__client: httpx.Client = httpx.Client(
app=self.app, base_url="https://testserver")
"""The testing client."""
self.__has_flask_login: bool = True self.__has_flask_login: bool = True
"""Whether the Flask-Login package is installed.""" """Whether the Flask-Login package is installed."""
@ -100,17 +100,20 @@ class FlaskLoginTestCase(TestCase):
import flask_login import flask_login
except ModuleNotFoundError: except ModuleNotFoundError:
self.__has_flask_login = False self.__has_flask_login = False
return app return
except ImportError:
self.__has_flask_login = False
return
login_manager: flask_login.LoginManager = flask_login.LoginManager() login_manager: flask_login.LoginManager = flask_login.LoginManager()
login_manager.init_app(app) login_manager.init_app(self.app)
auth: DigestAuth = DigestAuth() auth: DigestAuth = DigestAuth()
auth.init_app(app) auth.init_app(self.app)
self.__user: User = User(_USERNAME, _PASSWORD) self.__user: User = User(USERNAME, PASSWORD)
"""The user account.""" """The user account."""
user_db: Dict[str, User] = {_USERNAME: self.__user} user_db: Dict[str, User] = {USERNAME: self.__user}
@auth.register_get_password @auth.register_get_password
def get_password_hash(username: str) -> Optional[str]: def get_password_hash(username: str) -> Optional[str]:
@ -140,7 +143,7 @@ class FlaskLoginTestCase(TestCase):
""" """
return user_db[user_id] if user_id in user_db else None return user_db[user_id] if user_id in user_db else None
@app.get("/admin-1/auth", endpoint="admin-1") @self.app.get(ADMIN_1_URI)
@flask_login.login_required @flask_login.login_required
def admin_1() -> str: def admin_1() -> str:
"""The first administration section. """The first administration section.
@ -149,7 +152,7 @@ class FlaskLoginTestCase(TestCase):
""" """
return f"Hello, {flask_login.current_user.get_id()}! #1" return f"Hello, {flask_login.current_user.get_id()}! #1"
@app.get("/admin-2/auth", endpoint="admin-2") @self.app.get(ADMIN_2_URI)
@flask_login.login_required @flask_login.login_required
def admin_2() -> str: def admin_2() -> str:
"""The second administration section. """The second administration section.
@ -158,7 +161,7 @@ class FlaskLoginTestCase(TestCase):
""" """
return f"Hello, {flask_login.current_user.get_id()}! #2" return f"Hello, {flask_login.current_user.get_id()}! #2"
@app.post("/logout", endpoint="logout") @self.app.post(LOGOUT_URI)
@flask_login.login_required @flask_login.login_required
def logout() -> redirect: def logout() -> redirect:
"""Logs out the user. """Logs out the user.
@ -168,8 +171,6 @@ class FlaskLoginTestCase(TestCase):
auth.logout() auth.logout()
return redirect(request.form.get("next")) return redirect(request.form.get("next"))
return app
def test_auth(self) -> None: def test_auth(self) -> None:
"""Tests the authentication. """Tests the authentication.
@ -178,17 +179,17 @@ class FlaskLoginTestCase(TestCase):
if not self.__has_flask_login: if not self.__has_flask_login:
self.skipTest(SKIPPED_NO_FLASK_LOGIN) self.skipTest(SKIPPED_NO_FLASK_LOGIN)
response: Response = self.client.get(self.app.url_for("admin-1")) response: httpx.Response
response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get( response = self.__client.get(ADMIN_1_URI,
self.app.url_for("admin-1"), digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode("UTF-8"), self.assertEqual(response.text, f"Hello, {USERNAME}! #1")
f"Hello, {_USERNAME}! #1") response = self.__client.get(ADMIN_2_URI)
response: Response = self.client.get(self.app.url_for("admin-2"))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode("UTF-8"), self.assertEqual(response.text, f"Hello, {USERNAME}! #2")
f"Hello, {_USERNAME}! #2")
self.assertEqual(self.__user.visits, 1) self.assertEqual(self.__user.visits, 1)
def test_stale_opaque(self) -> None: def test_stale_opaque(self) -> None:
@ -199,44 +200,52 @@ class FlaskLoginTestCase(TestCase):
if not self.__has_flask_login: if not self.__has_flask_login:
self.skipTest(SKIPPED_NO_FLASK_LOGIN) self.skipTest(SKIPPED_NO_FLASK_LOGIN)
admin_uri: str = self.app.url_for("admin-1") response: httpx.Response
response: Response
www_authenticate: WWWAuthenticate www_authenticate: WWWAuthenticate
auth_data: Authorization auth_header: str
response = super(Client, self.client).get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = WWWAuthenticate.from_header(
response.headers["WWW-Authenticate"])
self.assertEqual(www_authenticate.type, "digest") self.assertEqual(www_authenticate.type, "digest")
self.assertIsNone(www_authenticate.get("stale")) self.assertIsNone(www_authenticate.get("stale"))
opaque: str = www_authenticate.opaque opaque: str = www_authenticate.opaque
if hasattr(g, "_login_user"): with self.app.app_context():
delattr(g, "_login_user") if hasattr(g, "_login_user"):
delattr(g, "_login_user")
www_authenticate.nonce = "bad" www_authenticate.nonce = "bad"
auth_data = Client.make_authorization( auth_header = make_authorization(
www_authenticate, admin_uri, _USERNAME, _PASSWORD) www_authenticate, ADMIN_1_URI, USERNAME, PASSWORD)
response = super(Client, self.client).get(admin_uri, auth=auth_data) response = self.__client.get(ADMIN_1_URI,
headers={"Authorization": auth_header})
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = WWWAuthenticate.from_header(
response.headers["WWW-Authenticate"])
self.assertEqual(www_authenticate.get("stale"), "TRUE") self.assertEqual(www_authenticate.get("stale"), "TRUE")
self.assertEqual(www_authenticate.opaque, opaque) self.assertEqual(www_authenticate.opaque, opaque)
if hasattr(g, "_login_user"): with self.app.app_context():
delattr(g, "_login_user") if hasattr(g, "_login_user"):
auth_data = Client.make_authorization( delattr(g, "_login_user")
www_authenticate, admin_uri, _USERNAME, _PASSWORD + "2") auth_header = make_authorization(
response = super(Client, self.client).get(admin_uri, auth=auth_data) www_authenticate, ADMIN_1_URI, USERNAME, PASSWORD + "2")
response = self.__client.get(ADMIN_1_URI,
headers={"Authorization": auth_header})
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = WWWAuthenticate.from_header(
response.headers["WWW-Authenticate"])
self.assertEqual(www_authenticate.get("stale"), "FALSE") self.assertEqual(www_authenticate.get("stale"), "FALSE")
self.assertEqual(www_authenticate.opaque, opaque) self.assertEqual(www_authenticate.opaque, opaque)
if hasattr(g, "_login_user"): with self.app.app_context():
delattr(g, "_login_user") if hasattr(g, "_login_user"):
auth_data = Client.make_authorization( delattr(g, "_login_user")
www_authenticate, admin_uri, _USERNAME, _PASSWORD) auth_header = make_authorization(
response = super(Client, self.client).get(admin_uri, auth=auth_data) www_authenticate, ADMIN_1_URI, USERNAME, PASSWORD)
response = self.__client.get(ADMIN_1_URI,
headers={"Authorization": auth_header})
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
def test_logout(self) -> None: def test_logout(self) -> None:
@ -247,36 +256,34 @@ class FlaskLoginTestCase(TestCase):
if not self.__has_flask_login: if not self.__has_flask_login:
self.skipTest(SKIPPED_NO_FLASK_LOGIN) self.skipTest(SKIPPED_NO_FLASK_LOGIN)
admin_uri: str = self.app.url_for("admin-1") response: httpx.Response
logout_uri: str = self.app.url_for("logout")
response: Response
response = self.client.get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(admin_uri, response = self.__client.get(ADMIN_1_URI,
digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
response = self.client.get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
response = self.client.post(logout_uri, data={"next": admin_uri}) response = self.__client.post(LOGOUT_URI, data={"next": ADMIN_1_URI})
self.assertEqual(response.status_code, 302) self.assertEqual(response.status_code, 302)
self.assertEqual(response.location, admin_uri) self.assertEqual(response.headers["Location"], ADMIN_1_URI)
response = self.client.get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(admin_uri, response = self.__client.get(ADMIN_1_URI,
digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(admin_uri, response = self.__client.get(ADMIN_1_URI,
digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
response = self.client.get(admin_uri) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(self.__user.visits, 2) self.assertEqual(self.__user.visits, 2)
@ -288,25 +295,25 @@ class FlaskLoginTestCase(TestCase):
if not self.__has_flask_login: if not self.__has_flask_login:
self.skipTest(SKIPPED_NO_FLASK_LOGIN) self.skipTest(SKIPPED_NO_FLASK_LOGIN)
response: Response response: httpx.Response
self.__user.is_active = False self.__user.is_active = False
response = self.client.get(self.app.url_for("admin-1")) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(self.app.url_for("admin-1"), response = self.__client.get(ADMIN_1_URI,
digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
self.__user.is_active = True self.__user.is_active = True
response = self.client.get(self.app.url_for("admin-1"), response = self.__client.get(ADMIN_1_URI,
digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
response = self.client.get(self.app.url_for("admin-1")) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.__user.is_active = False self.__user.is_active = False
response = self.client.get(self.app.url_for("admin-1")) response = self.__client.get(ADMIN_1_URI)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(self.app.url_for("admin-1"), response = self.__client.get(ADMIN_1_URI,
digest_auth=(_USERNAME, _PASSWORD)) auth=httpx.DigestAuth(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)

87
tests/testlib.py Normal file
View File

@ -0,0 +1,87 @@
# The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2023/10/5
# Copyright (c) 2023 imacat.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The common test libraries.
"""
from secrets import token_urlsafe
from typing import Optional, Literal, Dict
from werkzeug.datastructures import Authorization, WWWAuthenticate
from werkzeug.http import parse_set_header
from flask_digest_auth import calc_response, make_password_hash
REALM: str = "testrealm@host.com"
"""The realm."""
USERNAME: str = "Mufasa"
"""The username."""
PASSWORD: str = "Circle Of Life"
"""The password."""
ADMIN_1_URI: str = "/admin-1/auth"
"""The first administration URI."""
ADMIN_2_URI: str = "/admin-2/auth"
"""The first administration URI."""
LOGOUT_URI: str = "/logout"
"""The log out URI."""
def make_authorization(www_authenticate: WWWAuthenticate, uri: str,
username: str, password: str) -> str:
"""Composes and returns the request authorization.
:param www_authenticate: The ``WWW-Authenticate`` response.
:param uri: The request URI.
:param username: The username.
:param password: The password.
:return: The request authorization header.
"""
qop: Optional[Literal["auth", "auth-int"]] = None
if "auth" in parse_set_header(www_authenticate.get("qop")):
qop = "auth"
cnonce: Optional[str] = None
if qop is not None or www_authenticate.algorithm == "MD5-sess":
cnonce = token_urlsafe(8)
nc: Optional[str] = None
count: int = 1
if qop is not None:
nc: str = hex(count)[2:].zfill(8)
expected: str = calc_response(
method="GET", uri=uri,
password_hash=make_password_hash(www_authenticate.realm,
username, password),
nonce=www_authenticate.nonce, qop=qop,
algorithm=www_authenticate.algorithm, cnonce=cnonce, nc=nc,
body=None)
data: Dict[str, str] = {
"username": username, "realm": www_authenticate.realm,
"nonce": www_authenticate.nonce, "uri": uri, "response": expected}
if www_authenticate.algorithm is not None:
data["algorithm"] = www_authenticate.algorithm
if cnonce is not None:
data["cnonce"] = cnonce
if www_authenticate.opaque is not None:
data["opaque"] = www_authenticate.opaque
if qop is not None:
data["qop"] = qop
if nc is not None:
data["nc"] = nc
return str(Authorization("digest", data=data))