[CalendarServer-changes] [2433] CalendarServer/trunk/twistedcaldav/directory

source_changes at macosforge.org source_changes at macosforge.org
Mon May 19 20:36:17 PDT 2008 

Revision: 2433
          http://trac.macosforge.org/projects/calendarserver/changeset/2433
Author:   cdaboo at apple.com
Date:     2008-05-19 20:36:16 -0700 (Mon, 19 May 2008)

Log Message:
-----------
Properly handle digest response parameter values with commas in them.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/directory/digest.py
    CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py

Modified: CalendarServer/trunk/twistedcaldav/directory/digest.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/digest.py	2008-05-19 20:56:21 UTC (rev 2432)
+++ CalendarServer/trunk/twistedcaldav/directory/digest.py	2008-05-20 03:36:16 UTC (rev 2433)
@@ -23,6 +23,10 @@
 from zope.interface import implements, Interface
 
 import cPickle as pickle
+from twisted.web2.http_headers import tokenize
+from twisted.web2.http_headers import Token
+from twisted.web2.http_headers import split
+from twisted.web2.http_headers import parseKeyValue
 import os
 import time
 
@@ -470,13 +474,17 @@
                 return s[1:-1]
             return s
         response = ' '.join(response.splitlines())
-        parts = response.split(',')
-
-        auth = {}
-
-        for (k, v) in [p.split('=', 1) for p in parts]:
-            auth[k.strip()] = unq(v.strip())
-
+        
+        try:
+            parts = split(tokenize((response,), foldCase=False), Token(","))
+    
+            auth = {}
+    
+            for (k, v) in [parseKeyValue(p) for p in parts]:
+                auth[k.strip()] = unq(v.strip())
+        except ValueError:
+            raise error.LoginFailed('Invalid response.')
+            
         username = auth.get('username')
         if not username:
             raise error.LoginFailed('Invalid response, no username given.')

Modified: CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py	2008-05-19 20:56:21 UTC (rev 2432)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py	2008-05-20 03:36:16 UTC (rev 2433)
@@ -59,9 +59,16 @@
 authRequest3 = ('username="username", realm="test realm", nonce="%s", '
                 'uri="/write/", response="%s", algorithm="md5"')
 
+authRequestComma = (('username="user,name", realm="test realm", nonce="%s", '
+                 'uri="/write/1,2.txt", response="%s", algorithm="md5", '
+                 'cnonce="29fc54aa1641c6fa0e151419361c8f23", nc=00000001, '
+                 'qop="auth"'),
+                ('username="user,name", realm="test realm", nonce="%s", '
+                 'uri="/write/1,2.txt", response="%s", algorithm="md5"'))
+
 namelessAuthRequest = 'realm="test realm",nonce="doesn\'t matter"'
 
-emtpyAttributeAuthRequest = 'realm=,nonce="doesn\'t matter"'
+emtpyAttributeAuthRequest = 'realm="",nonce="doesn\'t matter"'
 
 
 class DigestAuthTestCase(unittest.TestCase):
@@ -125,6 +132,36 @@
                 )
         return expected
 
+    def getDigestResponseComma(self, challenge, ncount):
+        """
+        Calculate the response for the given challenge
+        """
+        nonce = challenge.get('nonce')
+        algo = challenge.get('algorithm').lower()
+        qop = challenge.get('qop')
+
+        if qop:
+            expected = digest.calcResponse(
+                digest.calcHA1(algo,
+                               "user,name",
+                               "test realm",
+                               "password",
+                               nonce,
+                               cnonce),
+                algo, nonce, ncount, cnonce, qop, "GET", "/write/1,2.txt", None
+                )
+        else:
+            expected = digest.calcResponse(
+                digest.calcHA1(algo,
+                               "user,name",
+                               "test realm",
+                               "password",
+                               nonce,
+                               cnonce),
+                algo, nonce, None, None, None, "GET", "/write/1,2.txt", None
+                )
+        return expected
+
     def test_getChallenge(self):
         """
         Test that all the required fields exist in the challenge,
@@ -448,7 +485,23 @@
                 preHA1=preHA1
                 )
 
+    def test_commaURI(self):
+        """
+        Check that commas in valued are parsed out properly.
+        """
 
+        for ctr, factory in enumerate(self.credentialFactories):
+            challenge = factory.getChallenge(clientAddress)
+    
+            clientResponse = authRequestComma[ctr] % (
+                challenge['nonce'],
+                self.getDigestResponseComma(challenge, "00000001"),
+            )
+    
+            creds = factory.decode(clientResponse, _trivial_GET())
+            self.failUnless(creds.checkPassword('password'))
+
+
 def _trivial_GET():
     return SimpleRequest(None, 'GET', '/')
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080519/1e8c9685/attachment.htm

More information about the calendarserver-changes mailing list