[CalendarServer-changes] [1899]
CalendarServer/trunk/twistedcaldav/directory
source_changes at macosforge.org
source_changes at macosforge.org
Mon Sep 24 20:03:10 PDT 2007
Revision: 1899
http://trac.macosforge.org/projects/calendarserver/changeset/1899
Author: cdaboo at apple.com
Date: 2007-09-24 20:03:09 -0700 (Mon, 24 Sep 2007)
Log Message:
-----------
Make sure stale=true is added to the challenge when responding to a valid auth with a timed-out nonce.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/directory/digest.py
CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py
Modified: CalendarServer/trunk/twistedcaldav/directory/digest.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/digest.py 2007-09-24 23:40:55 UTC (rev 1898)
+++ CalendarServer/trunk/twistedcaldav/directory/digest.py 2007-09-25 03:03:09 UTC (rev 1899)
@@ -366,6 +366,11 @@
challenge['qop'] = self.qop
else:
del challenge['qop']
+
+ # If stale was marked when decoding this request's Authorization header, add that to the challenge
+ if hasattr(peer, 'stale') and peer.stale:
+ challenge['stale'] = 'true'
+
return challenge
@@ -479,6 +484,8 @@
# Now check timestamp
if db_timestamp + DigestCredentialFactory.CHALLENGE_LIFETIME_SECS <= time.time():
self.invalidate(nonce)
+ if request.remoteAddr:
+ request.remoteAddr.stale = True
raise error.LoginFailed('Digest credentials expired')
return True
Modified: CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py 2007-09-24 23:40:55 UTC (rev 1898)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py 2007-09-25 03:03:09 UTC (rev 1899)
@@ -4,6 +4,7 @@
from twisted.internet import address
from twisted.trial import unittest
from twisted.web2.auth import digest
+from twisted.web2.auth.wrapper import UnauthorizedResponse
from twisted.web2.test.test_server import SimpleRequest
from twisted.web2.dav.fileop import rmdir
from twistedcaldav.directory.digest import QopDigestCredentialFactory
@@ -351,6 +352,11 @@
_trivial_GET
)
+ factory.invalidate(factory.generateNonce())
+ response = UnauthorizedResponse({"Digest":factory}, _trivial_GET.remoteAddr)
+ wwwhdrs = response.headers.getHeader("www-authenticate")[0][1]
+ self.assertTrue('stale' not in wwwhdrs, msg="No stale parameter in Digest WWW-Authenticate headers: %s" % (wwwhdrs,))
+
def test_incompatibleClientIp(self):
"""
Test that the login fails when the request comes from a client ip
@@ -377,6 +383,10 @@
_trivial_GET
)
+ response = UnauthorizedResponse({"Digest":factory}, _trivial_GET.remoteAddr)
+ wwwhdrs = response.headers.getHeader("www-authenticate")[0][1]
+ self.assertTrue('stale' not in wwwhdrs, msg="No stale parameter in Digest WWW-Authenticate headers: %s" % (wwwhdrs,))
+
def test_oldNonce(self):
"""
Test that the login fails when the given opaque is older than
@@ -404,6 +414,11 @@
clientResponse,
_trivial_GET
)
+
+ response = UnauthorizedResponse({"Digest":factory}, _trivial_GET.remoteAddr)
+ wwwhdrs = response.headers.getHeader("www-authenticate")[0][1]
+ self.assertTrue('stale' in wwwhdrs, msg="No stale parameter in Digest WWW-Authenticate headers: %s" % (wwwhdrs,))
+ self.assertEquals(wwwhdrs['stale'], 'true', msg="stale parameter not set to true in Digest WWW-Authenticate headers: %s" % (wwwhdrs,))
def test_incompatibleCalcHA1Options(self):
"""
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070924/47f33f78/attachment.html
More information about the calendarserver-changes
mailing list