[CalendarServer-changes] [12602] CalendarServer/trunk/txdav/dps
source_changes at macosforge.org
source_changes at macosforge.org
Wed Mar 12 11:19:56 PDT 2014
Revision: 12602
http://trac.calendarserver.org//changeset/12602
Author: sagen at apple.com
Date: 2014-02-07 10:31:48 -0800 (Fri, 07 Feb 2014)
Log Message:
-----------
Added verifyHTTPDigest to DPS
Modified Paths:
--------------
CalendarServer/trunk/txdav/dps/client.py
CalendarServer/trunk/txdav/dps/commands.py
CalendarServer/trunk/txdav/dps/server.py
CalendarServer/trunk/txdav/dps/test/test_client.py
Modified: CalendarServer/trunk/txdav/dps/client.py
===================================================================
--- CalendarServer/trunk/txdav/dps/client.py 2014-02-07 00:54:09 UTC (rev 12601)
+++ CalendarServer/trunk/txdav/dps/client.py 2014-02-07 18:31:48 UTC (rev 12602)
@@ -29,7 +29,7 @@
from txdav.dps.commands import (
RecordWithShortNameCommand, RecordWithUIDCommand, RecordWithGUIDCommand,
RecordsWithRecordTypeCommand, RecordsWithEmailAddressCommand,
- VerifyPlaintextPasswordCommand
+ VerifyPlaintextPasswordCommand, VerifyHTTPDigestCommand
)
import txdav.who.idirectory
from zope.interface import implementer
@@ -178,6 +178,28 @@
password=password.encode("utf-8")
)
+
+ def verifyHTTPDigest(
+ self, username, realm, uri, nonce, cnonce,
+ algorithm, nc, qop, response, method,
+ ):
+ return self.service._call(
+ VerifyHTTPDigestCommand,
+ lambda x: x['authenticated'],
+ username=username.encode("utf-8"),
+ realm=realm.encode("utf-8"),
+ uri=uri.encode("utf-8"),
+ nonce=nonce.encode("utf-8"),
+ cnonce=cnonce.encode("utf-8"),
+ algorithm=algorithm.encode("utf-8"),
+ nc=nc.encode("utf-8"),
+ qop=qop.encode("utf-8"),
+ response=response.encode("utf-8"),
+ method=method.encode("utf-8"),
+ )
+
+
+
# Test client:
@@ -186,8 +208,11 @@
ds = DirectoryService(None)
record = (yield ds.recordWithShortName(RecordType.user, "wsanchez"))
print("short name: {r}".format(r=record))
- record = (yield ds.recordWithUID("sagen"))
+ record = (yield ds.recordWithUID("__dre__"))
print("uid: {r}".format(r=record))
+ if record:
+ authenticated = (yield record.verifyPlaintextPassword("erd"))
+ print("authenticated: {a}".format(a=authenticated))
"""
record = (yield ds.recordWithGUID("A3B1158F-0564-4F5B-81E4-A89EA5FF81B0"))
print("guid: {r}".format(r=record))
Modified: CalendarServer/trunk/txdav/dps/commands.py
===================================================================
--- CalendarServer/trunk/txdav/dps/commands.py 2014-02-07 00:54:09 UTC (rev 12601)
+++ CalendarServer/trunk/txdav/dps/commands.py 2014-02-07 18:31:48 UTC (rev 12602)
@@ -90,3 +90,21 @@
response = [
('authenticated', amp.Boolean()),
]
+
+
+class VerifyHTTPDigestCommand(amp.Command):
+ arguments = [
+ ('username', amp.String()),
+ ('realm', amp.String()),
+ ('uri', amp.String()),
+ ('nonce', amp.String()),
+ ('cnonce', amp.String()),
+ ('algorithm', amp.String()),
+ ('nc', amp.String()),
+ ('qop', amp.String()),
+ ('response', amp.String()),
+ ('method', amp.String()),
+ ]
+ response = [
+ ('authenticated', amp.Boolean()),
+ ]
Modified: CalendarServer/trunk/txdav/dps/server.py
===================================================================
--- CalendarServer/trunk/txdav/dps/server.py 2014-02-07 00:54:09 UTC (rev 12601)
+++ CalendarServer/trunk/txdav/dps/server.py 2014-02-07 18:31:48 UTC (rev 12602)
@@ -33,7 +33,7 @@
from txdav.dps.commands import (
RecordWithShortNameCommand, RecordWithUIDCommand, RecordWithGUIDCommand,
RecordsWithRecordTypeCommand, RecordsWithEmailAddressCommand,
- VerifyPlaintextPasswordCommand
+ VerifyPlaintextPasswordCommand, VerifyHTTPDigestCommand,
# UpdateRecordsCommand, RemoveRecordsCommand
)
from txdav.who.xml import DirectoryService as XMLDirectoryService
@@ -172,8 +172,42 @@
returnValue(response)
+ @VerifyHTTPDigestCommand.responder
+ @inlineCallbacks
+ def verifyHTTPDigest(
+ self, username, realm, uri, nonce, cnonce,
+ algorithm, nc, qop, response, method,
+ ):
+ username = username.decode("utf-8")
+ realm = realm.decode("utf-8")
+ uri = uri.decode("utf-8")
+ nonce = nonce.decode("utf-8")
+ cnonce = cnonce.decode("utf-8")
+ algorithm = algorithm.decode("utf-8")
+ nc = nc.decode("utf-8")
+ qop = qop.decode("utf-8")
+ response = response.decode("utf-8")
+ method = method.decode("utf-8")
+ log.debug("VerifyHTTPDigest: {u}", u=username)
+ record = (yield self._directory.recordWithShortName(
+ self._directory.recordType.user, username))
+ authenticated = False
+ if record is not None:
+ authenticated = (
+ yield record.verifyHTTPDigest(
+ username, realm, uri, nonce, cnonce,
+ algorithm, nc, qop, response, method,
+ )
+ )
+ response = {
+ "authenticated": authenticated,
+ }
+ log.debug("Responding with: {response}", response=response)
+ returnValue(response)
+
+
class DirectoryProxyAMPFactory(Factory):
"""
"""
Modified: CalendarServer/trunk/txdav/dps/test/test_client.py
===================================================================
--- CalendarServer/trunk/txdav/dps/test/test_client.py 2014-02-07 00:54:09 UTC (rev 12601)
+++ CalendarServer/trunk/txdav/dps/test/test_client.py 2014-02-07 18:31:48 UTC (rev 12602)
@@ -17,6 +17,7 @@
import os
from twext.who.idirectory import RecordType
+from twisted.cred.credentials import calcResponse, calcHA1, calcHA2
from twisted.internet.defer import inlineCallbacks, succeed
from twisted.protocols.amp import AMP
from twisted.python.filepath import FilePath
@@ -27,8 +28,6 @@
from txdav.who.xml import DirectoryService as XMLDirectoryService
-
-
class DPSClientTest(unittest.TestCase):
def setUp(self):
@@ -112,3 +111,48 @@
# Incorrect password
authenticated = (yield record.verifyPlaintextPassword("wrong"))
self.assertFalse(authenticated)
+
+
+ @inlineCallbacks
+ def test_verifyHTTPDigest(self):
+ username = "dre"
+ record = (yield self.directory.recordWithShortName(
+ RecordType.user, username))
+ realm = u"xyzzy"
+ nonce = "128446648710842461101646794502"
+ nc = "00000001"
+ cnonce = "/rrD6TqPA3lHRmg+fw/vyU6oWoQgzK7h9yWrsCmv/lE="
+ algo = "md5"
+ uri = "http://host.example.com"
+ method = "GET"
+ qop = ""
+
+ # Correct password
+ password = "erd"
+ expected = calcResponse(
+ calcHA1(algo, username, realm, password, nonce, cnonce),
+ calcHA2(algo, method, uri, qop, None),
+ algo, nonce, nc, cnonce, qop)
+
+ authenticated = (
+ yield record.verifyHTTPDigest(
+ username, realm, uri, nonce, cnonce, algo, nc, qop,
+ expected, method
+ )
+ )
+ self.assertTrue(authenticated)
+
+ # Incorrect password
+ password = "wrong"
+ expected = calcResponse(
+ calcHA1(algo, username, realm, password, nonce, cnonce),
+ calcHA2(algo, method, uri, qop, None),
+ algo, nonce, nc, cnonce, qop)
+
+ authenticated = (
+ yield record.verifyHTTPDigest(
+ username, realm, uri, nonce, cnonce, algo, nc, qop,
+ expected, method
+ )
+ )
+ self.assertFalse(authenticated)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140312/a9fa328a/attachment.html>
More information about the calendarserver-changes
mailing list