[CalendarServer-changes] [10908] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Wed Mar 13 01:40:59 PDT 2013
Revision: 10908
http://trac.calendarserver.org//changeset/10908
Author: glyph at apple.com
Date: 2013-03-13 01:40:59 -0700 (Wed, 13 Mar 2013)
Log Message:
-----------
Fix OD authentication, and update tests to test interaction with OD module
rather than interaction with its own credential cache.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py
CalendarServer/trunk/twistedcaldav/directory/test/test_opendirectory.py
Property Changed:
----------------
CalendarServer/trunk/
Modified: CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2013-03-13 08:40:58 UTC (rev 10907)
+++ CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2013-03-13 08:40:59 UTC (rev 10908)
@@ -56,7 +56,7 @@
return "<%s %r: %r>" % (self.__class__.__name__, self.realmName, self.node)
- def __init__(self, params):
+ def __init__(self, params, odModule=None):
"""
@param params: a dictionary containing the following keys:
@@ -95,7 +95,9 @@
super(OpenDirectoryService, self).__init__(params['cacheTimeout'],
params['negativeCaching'])
- self.odModule = namedModule(config.OpenDirectoryModule)
+ if odModule is None:
+ odModule = namedModule(config.OpenDirectoryModule)
+ self.odModule = odModule
try:
directory = self.odModule.odInit(params['node'])
@@ -1452,7 +1454,7 @@
self.shortNames[0],
challenge,
response,
- credentials.originalMethod if credentials.originalMethod else credentials.method
+ credentials.method
):
try:
cache = self.digestcache
@@ -1470,7 +1472,8 @@
Challenge: %s
Response: %s
Method: %s
-""" % (self.nodeName, self.shortNames[0], challenge, response, credentials.originalMethod if credentials.originalMethod else credentials.method))
+""" % (self.nodeName, self.shortNames[0], challenge, response,
+ credentials.method))
except self.service.odModule.ODError, e:
self.log_error(
Modified: CalendarServer/trunk/twistedcaldav/directory/test/test_opendirectory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_opendirectory.py 2013-03-13 08:40:58 UTC (rev 10907)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_opendirectory.py 2013-03-13 08:40:59 UTC (rev 10908)
@@ -19,6 +19,7 @@
except ImportError:
pass
else:
+ from collections import defaultdict
from twisted.trial.unittest import SkipTest
from twisted.internet.defer import inlineCallbacks
from twisted.python.runtime import platform
@@ -28,7 +29,24 @@
from twistedcaldav.directory.directory import DirectoryService
from twistedcaldav.directory.appleopendirectory import OpenDirectoryRecord
from calendarserver.platform.darwin.od import dsattributes
+ from txdav.common.datastore.test.util import deriveValue, withSpecialValue
+ class DigestAuthModule(object):
+ """
+ Stand-in for either configurable OD module, that verifies the response
+ according to its '.response' attribute, set by the test.
+ """
+ class ODError(Exception):
+ pass
+
+ def odInit(self, node):
+ return self
+
+ def authenticateUserDigest(self, directory, node, user, challenge,
+ response, method):
+ val = (response == self.response)
+ return val
+
# Wonky hack to prevent unclean reactor shutdowns
class DummyReactor(object):
@staticmethod
@@ -60,7 +78,8 @@
{
"node" : "/Search",
"augmentService": augment.AugmentXMLDB(xmlFiles=()),
- }
+ },
+ odModule=deriveValue(self, "odModule", lambda self: None)
)
except ImportError, e:
raise SkipTest("OpenDirectory module is not available: %s" % (e,))
@@ -87,6 +106,8 @@
)
self.assertEquals(record.fullName, "")
+
+ @withSpecialValue("odModule", DigestAuthModule())
def test_invalidODDigest(self):
record = OpenDirectoryRecord(
service = self.service(),
@@ -105,12 +126,16 @@
extReadOnlyProxies = [],
)
- digestFields = {}
+ digestFields = defaultdict(lambda: "...")
digested = DigestedCredentials("user", "GET", "example.com",
digestFields)
+ od = deriveValue(self, "odModule", lambda x: None)
+ od.response = "invalid"
self.assertFalse(record.verifyCredentials(digested))
+
+ @withSpecialValue("odModule", DigestAuthModule())
def test_validODDigest(self):
record = OpenDirectoryRecord(
service = self.service(),
@@ -137,8 +162,8 @@
"response":"123",
"algorithm":"md5",
}
-
- response = (
+ od = deriveValue(self, "odModule", lambda self: None)
+ od.response = (
'Digest username="%(username)s", '
'realm="%(realm)s", '
'nonce="%(nonce)s", '
@@ -147,8 +172,6 @@
'algorithm=%(algorithm)s'
) % digestFields
- record.digestcache = {}
- record.digestcache["/"] = response
digested = DigestedCredentials("user", "GET", "example.com",
digestFields)
@@ -471,5 +494,6 @@
"node" : "/Search",
"recordTypes" : (DirectoryService.recordType_users, DirectoryService.recordType_groups),
"augmentService" : augment.AugmentXMLDB(xmlFiles=()),
- }
+ },
+ odModule=deriveValue(self, "odModule", lambda x: None)
)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20130313/eecfc5ed/attachment.html>
More information about the calendarserver-changes
mailing list