Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| a5188c9aa1 | |||
| b62b98bd51 | |||
| 877f02fe82 | |||
| bc888195ad | |||
| 8e69733cf6 | |||
| f04ea7ac18 | |||
| 15ea650ddd | |||
| 5b255b6504 | |||
| 919b8d0dc3 | |||
| 604ed0be27 |
@ -26,7 +26,7 @@ version: 2
|
||||
build:
|
||||
os: ubuntu-22.04
|
||||
tools:
|
||||
python: "3.7"
|
||||
python: "3.8"
|
||||
|
||||
# Build documentation in the docs/ directory with Sphinx
|
||||
|
||||
|
||||
@ -2,6 +2,26 @@ Change Log
|
||||
==========
|
||||
|
||||
|
||||
Version 0.6.2
|
||||
-------------
|
||||
|
||||
Released 2023/6/10
|
||||
|
||||
* Changed logging from STDERR to the Flask logger.
|
||||
* Test case updates:
|
||||
* Added missing documentation.
|
||||
* Changed properties from public to private.
|
||||
* Disabled logging.
|
||||
|
||||
|
||||
Version 0.6.1
|
||||
-------------
|
||||
|
||||
Released 2023/5/3
|
||||
|
||||
* Revised the code for the upcoming Werkzeug 2.4.
|
||||
|
||||
|
||||
Version 0.6.0
|
||||
-------------
|
||||
|
||||
|
||||
@ -22,5 +22,5 @@ from flask_digest_auth.algo import make_password_hash, calc_response
|
||||
from flask_digest_auth.auth import DigestAuth
|
||||
from flask_digest_auth.test import Client
|
||||
|
||||
VERSION: str = "0.6.0"
|
||||
VERSION: str = "0.6.2"
|
||||
"""The package version."""
|
||||
|
||||
@ -140,7 +140,7 @@ class DigestAuth:
|
||||
return view(*args, **kwargs)
|
||||
except UnauthorizedException as e:
|
||||
if len(e.args) > 0:
|
||||
sys.stderr.write(e.args[0] + "\n")
|
||||
current_app.logger.warning(e.args[0])
|
||||
response: Response = Response()
|
||||
response.status = 401
|
||||
response.headers["WWW-Authenticate"] \
|
||||
@ -225,7 +225,7 @@ class DigestAuth:
|
||||
if opaque is not None:
|
||||
header += f", opaque=\"{opaque}\""
|
||||
if state.stale is not None:
|
||||
header += f", stale=TRUE" if state.stale else f", stale=FALSE"
|
||||
header += ", stale=TRUE" if state.stale else ", stale=FALSE"
|
||||
if self.algorithm is not None:
|
||||
header += f", algorithm=\"{self.algorithm}\""
|
||||
if len(self.__qop) > 0:
|
||||
@ -344,8 +344,15 @@ class DigestAuth:
|
||||
self.realm = app.config["DIGEST_AUTH_REALM"]
|
||||
|
||||
if hasattr(app, "login_manager"):
|
||||
from flask_login import LoginManager, login_user
|
||||
self.__init_login_manager(app)
|
||||
|
||||
def __init_login_manager(self, app: Flask) -> None:
|
||||
"""Initializes the Flask-Login login manager.
|
||||
|
||||
:param app: The Flask application.
|
||||
:return: None.
|
||||
"""
|
||||
from flask_login import LoginManager, login_user
|
||||
login_manager: LoginManager = getattr(app, "login_manager")
|
||||
|
||||
@login_manager.unauthorized_handler
|
||||
|
||||
@ -23,6 +23,7 @@ from typing import Optional, Literal, Tuple, Dict
|
||||
|
||||
from flask import g
|
||||
from werkzeug.datastructures import Authorization, WWWAuthenticate
|
||||
from werkzeug.http import parse_set_header
|
||||
from werkzeug.test import TestResponse, Client as WerkzeugClient
|
||||
|
||||
from flask_digest_auth.algo import calc_response, make_password_hash
|
||||
@ -118,7 +119,7 @@ class Client(WerkzeugClient):
|
||||
:return: The request authorization.
|
||||
"""
|
||||
qop: Optional[Literal["auth", "auth-int"]] = None
|
||||
if www_authenticate.qop is not None and "auth" in www_authenticate.qop:
|
||||
if "auth" in parse_set_header(www_authenticate.get("qop")):
|
||||
qop = "auth"
|
||||
|
||||
cnonce: Optional[str] = None
|
||||
|
||||
@ -18,6 +18,7 @@
|
||||
"""The test case for the HTTP digest authentication.
|
||||
|
||||
"""
|
||||
import logging
|
||||
from secrets import token_urlsafe
|
||||
from typing import Any, Optional, Dict
|
||||
|
||||
@ -28,8 +29,11 @@ from werkzeug.datastructures import WWWAuthenticate, Authorization
|
||||
from flask_digest_auth import DigestAuth, make_password_hash, Client
|
||||
|
||||
_REALM: str = "testrealm@host.com"
|
||||
"""The realm."""
|
||||
_USERNAME: str = "Mufasa"
|
||||
"""The username."""
|
||||
_PASSWORD: str = "Circle Of Life"
|
||||
"""The password."""
|
||||
|
||||
|
||||
class User:
|
||||
@ -42,9 +46,11 @@ class User:
|
||||
:param password: The clear-text password.
|
||||
"""
|
||||
self.username: str = username
|
||||
self.password_hash: str = make_password_hash(
|
||||
_REALM, username, password)
|
||||
"""The username."""
|
||||
self.password_hash: str = make_password_hash(_REALM, username, password)
|
||||
"""The password hash."""
|
||||
self.visits: int = 0
|
||||
"""The number of visits."""
|
||||
|
||||
|
||||
class AuthenticationTestCase(TestCase):
|
||||
@ -55,6 +61,7 @@ class AuthenticationTestCase(TestCase):
|
||||
|
||||
:return: The Flask application.
|
||||
"""
|
||||
logging.getLogger("test_auth").addHandler(logging.NullHandler())
|
||||
app: Flask = Flask(__name__)
|
||||
app.config.from_mapping({
|
||||
"TESTING": True,
|
||||
@ -65,8 +72,9 @@ class AuthenticationTestCase(TestCase):
|
||||
|
||||
auth: DigestAuth = DigestAuth()
|
||||
auth.init_app(app)
|
||||
self.user: User = User(_USERNAME, _PASSWORD)
|
||||
user_db: Dict[str, User] = {_USERNAME: self.user}
|
||||
self.__user: User = User(_USERNAME, _PASSWORD)
|
||||
"""The user account."""
|
||||
user_db: Dict[str, User] = {_USERNAME: self.__user}
|
||||
|
||||
@auth.register_get_password
|
||||
def get_password_hash(username: str) -> Optional[str]:
|
||||
@ -142,7 +150,7 @@ class AuthenticationTestCase(TestCase):
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(response.data.decode("UTF-8"),
|
||||
f"Hello, {_USERNAME}! #2")
|
||||
self.assertEqual(self.user.visits, 1)
|
||||
self.assertEqual(self.__user.visits, 1)
|
||||
|
||||
def test_stale_opaque(self) -> None:
|
||||
"""Tests the stale and opaque value.
|
||||
@ -158,7 +166,7 @@ class AuthenticationTestCase(TestCase):
|
||||
self.assertEqual(response.status_code, 401)
|
||||
www_authenticate = response.www_authenticate
|
||||
self.assertEqual(www_authenticate.type, "digest")
|
||||
self.assertEqual(www_authenticate.stale, None)
|
||||
self.assertIsNone(www_authenticate.get("stale"))
|
||||
opaque: str = www_authenticate.opaque
|
||||
|
||||
www_authenticate.nonce = "bad"
|
||||
@ -167,7 +175,7 @@ class AuthenticationTestCase(TestCase):
|
||||
response = super(Client, self.client).get(admin_uri, auth=auth_data)
|
||||
self.assertEqual(response.status_code, 401)
|
||||
www_authenticate = response.www_authenticate
|
||||
self.assertEqual(www_authenticate.stale, True)
|
||||
self.assertEqual(www_authenticate.get("stale"), "TRUE")
|
||||
self.assertEqual(www_authenticate.opaque, opaque)
|
||||
|
||||
auth_data = Client.make_authorization(
|
||||
@ -175,7 +183,7 @@ class AuthenticationTestCase(TestCase):
|
||||
response = super(Client, self.client).get(admin_uri, auth=auth_data)
|
||||
self.assertEqual(response.status_code, 401)
|
||||
www_authenticate = response.www_authenticate
|
||||
self.assertEqual(www_authenticate.stale, False)
|
||||
self.assertEqual(www_authenticate.get("stale"), "FALSE")
|
||||
self.assertEqual(www_authenticate.opaque, opaque)
|
||||
|
||||
auth_data = Client.make_authorization(
|
||||
@ -219,4 +227,4 @@ class AuthenticationTestCase(TestCase):
|
||||
|
||||
response = self.client.get(admin_uri)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(self.user.visits, 2)
|
||||
self.assertEqual(self.__user.visits, 2)
|
||||
|
||||
@ -18,6 +18,7 @@
|
||||
"""The test case for the Flask-Login integration.
|
||||
|
||||
"""
|
||||
import logging
|
||||
from secrets import token_urlsafe
|
||||
from typing import Optional, Dict
|
||||
|
||||
@ -28,8 +29,11 @@ from werkzeug.datastructures import WWWAuthenticate, Authorization
|
||||
from flask_digest_auth import DigestAuth, make_password_hash, Client
|
||||
|
||||
_REALM: str = "testrealm@host.com"
|
||||
"""The realm."""
|
||||
_USERNAME: str = "Mufasa"
|
||||
"""The username."""
|
||||
_PASSWORD: str = "Circle Of Life"
|
||||
"""The password."""
|
||||
|
||||
|
||||
class User:
|
||||
@ -42,11 +46,15 @@ class User:
|
||||
:param password: The clear-text password.
|
||||
"""
|
||||
self.username: str = username
|
||||
self.password_hash: str = make_password_hash(
|
||||
_REALM, username, password)
|
||||
"""The username."""
|
||||
self.password_hash: str = make_password_hash(_REALM, username, password)
|
||||
"""The password hash."""
|
||||
self.visits: int = 0
|
||||
"""The number of visits."""
|
||||
self.is_active: bool = True
|
||||
"""True if the account is active, or False otherwise."""
|
||||
self.is_anonymous: bool = False
|
||||
"""True if the account is anonymous, or False otherwise."""
|
||||
|
||||
def get_id(self) -> str:
|
||||
"""Returns the username.
|
||||
@ -75,6 +83,7 @@ class FlaskLoginTestCase(TestCase):
|
||||
|
||||
:return: The Flask application.
|
||||
"""
|
||||
logging.getLogger("test_flask_login").addHandler(logging.NullHandler())
|
||||
app: Flask = Flask(__name__)
|
||||
app.config.from_mapping({
|
||||
"TESTING": True,
|
||||
@ -83,11 +92,12 @@ class FlaskLoginTestCase(TestCase):
|
||||
})
|
||||
app.test_client_class = Client
|
||||
|
||||
self.has_flask_login: bool = True
|
||||
self.__has_flask_login: bool = True
|
||||
"""Whether the Flask-Login package is installed."""
|
||||
try:
|
||||
import flask_login
|
||||
except ModuleNotFoundError:
|
||||
self.has_flask_login = False
|
||||
self.__has_flask_login = False
|
||||
return app
|
||||
|
||||
login_manager: flask_login.LoginManager = flask_login.LoginManager()
|
||||
@ -96,8 +106,9 @@ class FlaskLoginTestCase(TestCase):
|
||||
auth: DigestAuth = DigestAuth()
|
||||
auth.init_app(app)
|
||||
|
||||
self.user: User = User(_USERNAME, _PASSWORD)
|
||||
user_db: Dict[str, User] = {_USERNAME: self.user}
|
||||
self.__user: User = User(_USERNAME, _PASSWORD)
|
||||
"""The user account."""
|
||||
user_db: Dict[str, User] = {_USERNAME: self.__user}
|
||||
|
||||
@auth.register_get_password
|
||||
def get_password_hash(username: str) -> Optional[str]:
|
||||
@ -162,7 +173,7 @@ class FlaskLoginTestCase(TestCase):
|
||||
|
||||
:return: None.
|
||||
"""
|
||||
if not self.has_flask_login:
|
||||
if not self.__has_flask_login:
|
||||
self.skipTest("Skipped without Flask-Login.")
|
||||
|
||||
response: Response = self.client.get(self.app.url_for("admin-1"))
|
||||
@ -176,14 +187,14 @@ class FlaskLoginTestCase(TestCase):
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(response.data.decode("UTF-8"),
|
||||
f"Hello, {_USERNAME}! #2")
|
||||
self.assertEqual(self.user.visits, 1)
|
||||
self.assertEqual(self.__user.visits, 1)
|
||||
|
||||
def test_stale_opaque(self) -> None:
|
||||
"""Tests the stale and opaque value.
|
||||
|
||||
:return: None.
|
||||
"""
|
||||
if not self.has_flask_login:
|
||||
if not self.__has_flask_login:
|
||||
self.skipTest("Skipped without Flask-Login.")
|
||||
|
||||
admin_uri: str = self.app.url_for("admin-1")
|
||||
@ -195,7 +206,7 @@ class FlaskLoginTestCase(TestCase):
|
||||
self.assertEqual(response.status_code, 401)
|
||||
www_authenticate = response.www_authenticate
|
||||
self.assertEqual(www_authenticate.type, "digest")
|
||||
self.assertEqual(www_authenticate.stale, None)
|
||||
self.assertIsNone(www_authenticate.get("stale"))
|
||||
opaque: str = www_authenticate.opaque
|
||||
|
||||
if hasattr(g, "_login_user"):
|
||||
@ -206,7 +217,7 @@ class FlaskLoginTestCase(TestCase):
|
||||
response = super(Client, self.client).get(admin_uri, auth=auth_data)
|
||||
self.assertEqual(response.status_code, 401)
|
||||
www_authenticate = response.www_authenticate
|
||||
self.assertEqual(www_authenticate.stale, True)
|
||||
self.assertEqual(www_authenticate.get("stale"), "TRUE")
|
||||
self.assertEqual(www_authenticate.opaque, opaque)
|
||||
|
||||
if hasattr(g, "_login_user"):
|
||||
@ -216,7 +227,7 @@ class FlaskLoginTestCase(TestCase):
|
||||
response = super(Client, self.client).get(admin_uri, auth=auth_data)
|
||||
self.assertEqual(response.status_code, 401)
|
||||
www_authenticate = response.www_authenticate
|
||||
self.assertEqual(www_authenticate.stale, False)
|
||||
self.assertEqual(www_authenticate.get("stale"), "FALSE")
|
||||
self.assertEqual(www_authenticate.opaque, opaque)
|
||||
|
||||
if hasattr(g, "_login_user"):
|
||||
@ -231,7 +242,7 @@ class FlaskLoginTestCase(TestCase):
|
||||
|
||||
:return: None.
|
||||
"""
|
||||
if not self.has_flask_login:
|
||||
if not self.__has_flask_login:
|
||||
self.skipTest("Skipped without Flask-Login.")
|
||||
|
||||
admin_uri: str = self.app.url_for("admin-1")
|
||||
@ -265,33 +276,33 @@ class FlaskLoginTestCase(TestCase):
|
||||
|
||||
response = self.client.get(admin_uri)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(self.user.visits, 2)
|
||||
self.assertEqual(self.__user.visits, 2)
|
||||
|
||||
def test_disabled(self) -> None:
|
||||
"""Tests the disabled user.
|
||||
|
||||
:return: None.
|
||||
"""
|
||||
if not self.has_flask_login:
|
||||
if not self.__has_flask_login:
|
||||
self.skipTest("Skipped without Flask-Login.")
|
||||
|
||||
response: Response
|
||||
|
||||
self.user.is_active = False
|
||||
self.__user.is_active = False
|
||||
response = self.client.get(self.app.url_for("admin-1"))
|
||||
self.assertEqual(response.status_code, 401)
|
||||
response = self.client.get(self.app.url_for("admin-1"),
|
||||
digest_auth=(_USERNAME, _PASSWORD))
|
||||
self.assertEqual(response.status_code, 401)
|
||||
|
||||
self.user.is_active = True
|
||||
self.__user.is_active = True
|
||||
response = self.client.get(self.app.url_for("admin-1"),
|
||||
digest_auth=(_USERNAME, _PASSWORD))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
response = self.client.get(self.app.url_for("admin-1"))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
self.user.is_active = False
|
||||
self.__user.is_active = False
|
||||
response = self.client.get(self.app.url_for("admin-1"))
|
||||
self.assertEqual(response.status_code, 401)
|
||||
response = self.client.get(self.app.url_for("admin-1"),
|
||||
|
||||
Reference in New Issue
Block a user