[CalendarServer-changes] [2433] CalendarServer/trunk/twistedcaldav/directory
source_changes at macosforge.org
source_changes at macosforge.org
Mon May 19 20:36:17 PDT 2008
Revision: 2433
http://trac.macosforge.org/projects/calendarserver/changeset/2433
Author: cdaboo at apple.com
Date: 2008-05-19 20:36:16 -0700 (Mon, 19 May 2008)
Log Message:
-----------
Properly handle digest response parameter values with commas in them.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/directory/digest.py
CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py
Modified: CalendarServer/trunk/twistedcaldav/directory/digest.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/digest.py 2008-05-19 20:56:21 UTC (rev 2432)
+++ CalendarServer/trunk/twistedcaldav/directory/digest.py 2008-05-20 03:36:16 UTC (rev 2433)
@@ -23,6 +23,10 @@
from zope.interface import implements, Interface
import cPickle as pickle
+from twisted.web2.http_headers import tokenize
+from twisted.web2.http_headers import Token
+from twisted.web2.http_headers import split
+from twisted.web2.http_headers import parseKeyValue
import os
import time
@@ -470,13 +474,17 @@
return s[1:-1]
return s
response = ' '.join(response.splitlines())
- parts = response.split(',')
-
- auth = {}
-
- for (k, v) in [p.split('=', 1) for p in parts]:
- auth[k.strip()] = unq(v.strip())
-
+
+ try:
+ parts = split(tokenize((response,), foldCase=False), Token(","))
+
+ auth = {}
+
+ for (k, v) in [parseKeyValue(p) for p in parts]:
+ auth[k.strip()] = unq(v.strip())
+ except ValueError:
+ raise error.LoginFailed('Invalid response.')
+
username = auth.get('username')
if not username:
raise error.LoginFailed('Invalid response, no username given.')
Modified: CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py 2008-05-19 20:56:21 UTC (rev 2432)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py 2008-05-20 03:36:16 UTC (rev 2433)
@@ -59,9 +59,16 @@
authRequest3 = ('username="username", realm="test realm", nonce="%s", '
'uri="/write/", response="%s", algorithm="md5"')
+authRequestComma = (('username="user,name", realm="test realm", nonce="%s", '
+ 'uri="/write/1,2.txt", response="%s", algorithm="md5", '
+ 'cnonce="29fc54aa1641c6fa0e151419361c8f23", nc=00000001, '
+ 'qop="auth"'),
+ ('username="user,name", realm="test realm", nonce="%s", '
+ 'uri="/write/1,2.txt", response="%s", algorithm="md5"'))
+
namelessAuthRequest = 'realm="test realm",nonce="doesn\'t matter"'
-emtpyAttributeAuthRequest = 'realm=,nonce="doesn\'t matter"'
+emtpyAttributeAuthRequest = 'realm="",nonce="doesn\'t matter"'
class DigestAuthTestCase(unittest.TestCase):
@@ -125,6 +132,36 @@
)
return expected
+ def getDigestResponseComma(self, challenge, ncount):
+ """
+ Calculate the response for the given challenge
+ """
+ nonce = challenge.get('nonce')
+ algo = challenge.get('algorithm').lower()
+ qop = challenge.get('qop')
+
+ if qop:
+ expected = digest.calcResponse(
+ digest.calcHA1(algo,
+ "user,name",
+ "test realm",
+ "password",
+ nonce,
+ cnonce),
+ algo, nonce, ncount, cnonce, qop, "GET", "/write/1,2.txt", None
+ )
+ else:
+ expected = digest.calcResponse(
+ digest.calcHA1(algo,
+ "user,name",
+ "test realm",
+ "password",
+ nonce,
+ cnonce),
+ algo, nonce, None, None, None, "GET", "/write/1,2.txt", None
+ )
+ return expected
+
def test_getChallenge(self):
"""
Test that all the required fields exist in the challenge,
@@ -448,7 +485,23 @@
preHA1=preHA1
)
+ def test_commaURI(self):
+ """
+ Check that commas in valued are parsed out properly.
+ """
+ for ctr, factory in enumerate(self.credentialFactories):
+ challenge = factory.getChallenge(clientAddress)
+
+ clientResponse = authRequestComma[ctr] % (
+ challenge['nonce'],
+ self.getDigestResponseComma(challenge, "00000001"),
+ )
+
+ creds = factory.decode(clientResponse, _trivial_GET())
+ self.failUnless(creds.checkPassword('password'))
+
+
def _trivial_GET():
return SimpleRequest(None, 'GET', '/')
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080519/1e8c9685/attachment.htm
More information about the calendarserver-changes
mailing list