Revision: 2102 http://trac.macosforge.org/projects/calendarserver/changeset/2102 Author: wsanchez@apple.com Date: 2008-01-10 17:01:28 -0800 (Thu, 10 Jan 2008) Log Message: ----------- Add auth caching for digest. Modified Paths: -------------- CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py CalendarServer/trunk/twistedcaldav/directory/test/util.py Modified: CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py =================================================================== --- CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2008-01-11 00:34:33 UTC (rev 2101) +++ CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2008-01-11 01:01:28 UTC (rev 2102) @@ -800,14 +800,28 @@ return False try: - return opendirectory.authenticateUserDigest( + if self.digestcache[credentials.fields[uri]] == response: + return True + except (AttributeError, KeyError): + pass + + try: + if opendirectory.authenticateUserDigest( self.service.directory, self._nodename, self.shortName, challenge, response, credentials.method - ) + ): + try: + cache = self.digestcache + except AttributeError: + cache = self.digestcache = {} + + cache[credentials.fields[uri]] = response + + return True except opendirectory.ODError, e: logging.err("Open Directory error while performing digest authentication for record %s: %s" % (self, e), system="OpenDirectoryService") Modified: CalendarServer/trunk/twistedcaldav/directory/test/util.py =================================================================== --- CalendarServer/trunk/twistedcaldav/directory/test/util.py 2008-01-11 00:34:33 UTC (rev 2101) +++ CalendarServer/trunk/twistedcaldav/directory/test/util.py 2008-01-11 01:01:28 UTC (rev 2102) @@ -295,39 +295,48 @@ service = self.service() for user in self.users: - userRecord = service.recordWithShortName(DirectoryService.recordType_users, user) + for good in (True, True, False, False, True): + userRecord = service.recordWithShortName(DirectoryService.recordType_users, user) - # I'm glad this is so simple... - response = calcResponse( - calcHA1( + # I'm glad this is so simple... + response = calcResponse( + calcHA1( + "md5", + user, + service.realmName, + self.users[user]["password"], + "booger", + "phlegm", + ), "md5", - user, - service.realmName, - self.users[user]["password"], "booger", + None, "phlegm", - ), - "md5", - "booger", - None, - "phlegm", - "auth", - "GET", - "/", - None, - ) + "auth", + "GET", + "/", + None, + ) - credentials = DigestedCredentials( - user, - "GET", - service.realmName, - { - "response": response, - "uri": "/", - "nonce": "booger", - "cnonce": "phlegm", - "nc": None, - }, - ) + if good: + noise = "" + else: + noise = "blah" - self.failUnless(userRecord.verifyCredentials(credentials)) + credentials = DigestedCredentials( + user, + "GET", + service.realmName, + { + "response": response, + "uri": "/", + "nonce": "booger" + noise, + "cnonce": "phlegm", + "nc": None, + }, + ) + + if good: + self.failUnless(userRecord.verifyCredentials(credentials)) + else: + self.failIf(userRecord.verifyCredentials(credentials))