<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[12136] twext/trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/12136">12136</a></dd>
<dt>Author</dt> <dd>sagen@apple.com</dd>
<dt>Date</dt> <dd>2013-12-18 17:44:11 -0800 (Wed, 18 Dec 2013)</dd>
</dl>
<h3>Log Message</h3>
<pre>Moved od auth testing into bin/test_opendirectory.py from service.py</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#twexttrunktwextwhoopendirectoryservicepy">twext/trunk/twext/who/opendirectory/service.py</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#twexttrunkbintest_opendirectorypy">twext/trunk/bin/test_opendirectory.py</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#twexttrunktwextwhoopendirectorydigestpy">twext/trunk/twext/who/opendirectory/digest.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="twexttrunkbintest_opendirectorypy"></a>
<div class="addfile"><h4>Added: twext/trunk/bin/test_opendirectory.py (0 => 12136)</h4>
<pre class="diff"><span>
<span class="info">--- twext/trunk/bin/test_opendirectory.py         (rev 0)
+++ twext/trunk/bin/test_opendirectory.py        2013-12-19 01:44:11 UTC (rev 12136)
</span><span class="lines">@@ -0,0 +1,192 @@
</span><ins>+#!/usr/bin/env python
+##
+# Copyright (c) 2006-2008 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+import md5
+import sha
+from getpass import getpass
+
+from twext.who.opendirectory.service import DirectoryService
+
+from twisted.cred.credentials import UsernamePassword, DigestedCredentials
+from twisted.cred.error import UnauthorizedLogin
+from twisted.internet.defer import inlineCallbacks
+
+
+algorithms = {
+ 'md5': md5.new,
+ 'md5-sess': md5.new,
+ 'sha': sha.new,
+}
+
+# DigestCalcHA1
+def calcHA1(
+ pszAlg,
+ pszUserName,
+ pszRealm,
+ pszPassword,
+ pszNonce,
+ pszCNonce,
+ preHA1=None
+):
+ """
+ @param pszAlg: The name of the algorithm to use to calculate the digest.
+ Currently supported are md5 md5-sess and sha.
+
+ @param pszUserName: The username
+ @param pszRealm: The realm
+ @param pszPassword: The password
+ @param pszNonce: The nonce
+ @param pszCNonce: The cnonce
+
+ @param preHA1: If available this is a str containing a previously
+ calculated HA1 as a hex string. If this is given then the values for
+ pszUserName, pszRealm, and pszPassword are ignored.
+ """
+
+ if (preHA1 and (pszUserName or pszRealm or pszPassword)):
+ raise TypeError(("preHA1 is incompatible with the pszUserName, "
+ "pszRealm, and pszPassword arguments"))
+
+ if preHA1 is None:
+ # We need to calculate the HA1 from the username:realm:password
+ m = algorithms[pszAlg]()
+ m.update(pszUserName)
+ m.update(":")
+ m.update(pszRealm)
+ m.update(":")
+ m.update(pszPassword)
+ HA1 = m.digest()
+ else:
+ # We were given a username:realm:password
+ HA1 = preHA1.decode('hex')
+
+ if pszAlg == "md5-sess":
+ m = algorithms[pszAlg]()
+ m.update(HA1)
+ m.update(":")
+ m.update(pszNonce)
+ m.update(":")
+ m.update(pszCNonce)
+ HA1 = m.digest()
+
+ return HA1.encode('hex')
+
+# DigestCalcResponse
+def calcResponse(
+ HA1,
+ algo,
+ pszNonce,
+ pszNonceCount,
+ pszCNonce,
+ pszQop,
+ pszMethod,
+ pszDigestUri,
+ pszHEntity,
+):
+ m = algorithms[algo]()
+ m.update(pszMethod)
+ m.update(":")
+ m.update(pszDigestUri)
+ if pszQop == "auth-int" or pszQop == "auth-conf":
+ m.update(":")
+ m.update(pszHEntity)
+ HA2 = m.digest().encode('hex')
+
+ m = algorithms[algo]()
+ m.update(HA1)
+ m.update(":")
+ m.update(pszNonce)
+ m.update(":")
+ if pszNonceCount and pszCNonce and pszQop:
+ m.update(pszNonceCount)
+ m.update(":")
+ m.update(pszCNonce)
+ m.update(":")
+ m.update(pszQop)
+ m.update(":")
+ m.update(HA2)
+ respHash = m.digest().encode('hex')
+ return respHash
+
+
+@inlineCallbacks
+def testAuth(service, username, password):
+
+ # Authenticate using simple password
+
+ creds = UsernamePassword(username, password)
+ try:
+ id = yield service.requestAvatarId(creds)
+ print("OK via UsernamePassword, avatarID: {id}".format(id=id))
+ print(" {name}".format(name=id.fullNames))
+ except UnauthorizedLogin:
+ print("Via UsernamePassword, could not authenticate")
+
+ print()
+
+ # Authenticate using Digest
+
+ algorithm = "md5" # "md5-sess"
+ cnonce = "/rrD6TqPA3lHRmg+fw/vyU6oWoQgzK7h9yWrsCmv/lE="
+ entity = "00000000000000000000000000000000"
+ method = "GET"
+ nc = "00000001"
+ nonce = "128446648710842461101646794502"
+ qop = None
+ realm = "host.example.com"
+ uri = "http://host.example.com"
+
+ responseHash = calcResponse(
+ calcHA1(
+ algorithm.lower(), username, realm, password, nonce, cnonce
+ ),
+ algorithm.lower(), nonce, nc, cnonce, qop, method, uri, entity
+ )
+
+ response = (
+ 'Digest username="{username}", uri="{uri}", response={hash}'.format(
+ username=username, uri=uri, hash=responseHash
+ )
+ )
+
+ fields = {
+ "realm" : realm,
+ "nonce" : nonce,
+ "response" : response,
+ "algorithm" : algorithm,
+ }
+
+ creds = DigestedCredentials(username, method, realm, fields)
+
+ try:
+ id = yield service.requestAvatarId(creds)
+ print("OK via DigestedCredentials, avatarID: {id}".format(id=id))
+ print(" {name}".format(name=id.fullNames))
+ except UnauthorizedLogin:
+ print("Via DigestedCredentials, could not authenticate")
+
+
+
+if __name__ == "__main__":
+
+ service = DirectoryService()
+
+ username = raw_input("Username: ")
+ if username:
+ password = getpass()
+ if password:
+ testAuth(service, username, password)
</ins></span></pre></div>
<a id="twexttrunktwextwhoopendirectorydigestpy"></a>
<div class="delfile"><h4>Deleted: twext/trunk/twext/who/opendirectory/digest.py (12135 => 12136)</h4>
<pre class="diff"><span>
<span class="info">--- twext/trunk/twext/who/opendirectory/digest.py        2013-12-19 01:28:51 UTC (rev 12135)
+++ twext/trunk/twext/who/opendirectory/digest.py        2013-12-19 01:44:11 UTC (rev 12136)
</span><span class="lines">@@ -1,115 +0,0 @@
</span><del>-#!/usr/bin/env python
-##
-# Copyright (c) 2006-2008 Apple Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##
-
-import md5
-import sha
-
-algorithms = {
- 'md5': md5.new,
- 'md5-sess': md5.new,
- 'sha': sha.new,
-}
-
-# DigestCalcHA1
-def calcHA1(
- pszAlg,
- pszUserName,
- pszRealm,
- pszPassword,
- pszNonce,
- pszCNonce,
- preHA1=None
-):
- """
- @param pszAlg: The name of the algorithm to use to calculate the digest.
- Currently supported are md5 md5-sess and sha.
-
- @param pszUserName: The username
- @param pszRealm: The realm
- @param pszPassword: The password
- @param pszNonce: The nonce
- @param pszCNonce: The cnonce
-
- @param preHA1: If available this is a str containing a previously
- calculated HA1 as a hex string. If this is given then the values for
- pszUserName, pszRealm, and pszPassword are ignored.
- """
-
- if (preHA1 and (pszUserName or pszRealm or pszPassword)):
- raise TypeError(("preHA1 is incompatible with the pszUserName, "
- "pszRealm, and pszPassword arguments"))
-
- if preHA1 is None:
- # We need to calculate the HA1 from the username:realm:password
- m = algorithms[pszAlg]()
- m.update(pszUserName)
- m.update(":")
- m.update(pszRealm)
- m.update(":")
- m.update(pszPassword)
- HA1 = m.digest()
- else:
- # We were given a username:realm:password
- HA1 = preHA1.decode('hex')
-
- if pszAlg == "md5-sess":
- m = algorithms[pszAlg]()
- m.update(HA1)
- m.update(":")
- m.update(pszNonce)
- m.update(":")
- m.update(pszCNonce)
- HA1 = m.digest()
-
- return HA1.encode('hex')
-
-# DigestCalcResponse
-def calcResponse(
- HA1,
- algo,
- pszNonce,
- pszNonceCount,
- pszCNonce,
- pszQop,
- pszMethod,
- pszDigestUri,
- pszHEntity,
-):
- m = algorithms[algo]()
- m.update(pszMethod)
- m.update(":")
- m.update(pszDigestUri)
- if pszQop == "auth-int" or pszQop == "auth-conf":
- m.update(":")
- m.update(pszHEntity)
- HA2 = m.digest().encode('hex')
-
- m = algorithms[algo]()
- m.update(HA1)
- m.update(":")
- m.update(pszNonce)
- m.update(":")
- if pszNonceCount and pszCNonce and pszQop:
- m.update(pszNonceCount)
- m.update(":")
- m.update(pszCNonce)
- m.update(":")
- m.update(pszQop)
- m.update(":")
- m.update(HA2)
- respHash = m.digest().encode('hex')
- return respHash
</del></span></pre></div>
<a id="twexttrunktwextwhoopendirectoryservicepy"></a>
<div class="modfile"><h4>Modified: twext/trunk/twext/who/opendirectory/service.py (12135 => 12136)</h4>
<pre class="diff"><span>
<span class="info">--- twext/trunk/twext/who/opendirectory/service.py        2013-12-19 01:28:51 UTC (rev 12135)
+++ twext/trunk/twext/who/opendirectory/service.py        2013-12-19 01:44:11 UTC (rev 12136)
</span><span class="lines">@@ -48,13 +48,10 @@
</span><span class="cx"> from twisted.cred.error import UnauthorizedLogin
</span><span class="cx">
</span><span class="cx"> from zope.interface import implements
</span><del>-from twisted.internet.defer import inlineCallbacks, returnValue, succeed, fail
</del><ins>+from twisted.internet.defer import succeed, fail
</ins><span class="cx"> from twisted.web.guard import DigestCredentialFactory
</span><span class="cx"> from twisted.cred.credentials import UsernamePassword, DigestedCredentials
</span><span class="cx">
</span><del>-# For testing:
-from digest import calcResponse, calcHA1
-from getpass import getpass
</del><span class="cx">
</span><span class="cx"> #
</span><span class="cx"> # Exceptions
</span><span class="lines">@@ -760,70 +757,3 @@
</span><span class="cx"> for record in service.recordsFromExpression(compoundExpression):
</span><span class="cx"> print(record.description())
</span><span class="cx"> print()
</span><del>-
-
- @inlineCallbacks
- def testAuth(username, password):
-
- # Authenticate using simple password
-
- creds = UsernamePassword(username, password)
- try:
- id = yield service.requestAvatarId(creds)
- print("OK via UsernamePassword, avatarID: {id}".format(id=id))
- print(" {name}".format(name=id.fullNames))
- except UnauthorizedLogin:
- print("Via UsernamePassword, could not authenticate")
-
- print()
-
- # Authenticate using Digest
-
- algorithm = "md5" # "md5-sess"
- cnonce = "/rrD6TqPA3lHRmg+fw/vyU6oWoQgzK7h9yWrsCmv/lE="
- entity = "00000000000000000000000000000000"
- method = "GET"
- nc = "00000001"
- nonce = "128446648710842461101646794502"
- qop = None
- realm = "host.example.com"
- uri = "http://host.example.com"
-
- responseHash = calcResponse(
- calcHA1(
- algorithm.lower(), username, realm, password, nonce, cnonce
- ),
- algorithm.lower(), nonce, nc, cnonce, qop, method, uri, entity
- )
-
- response = (
- 'Digest username="{username}", uri="{uri}", response={hash}'.format(
- username=username, uri=uri, hash=responseHash
- )
- )
-
- fields = {
- "realm" : realm,
- "nonce" : nonce,
- "response" : response,
- "algorithm" : algorithm,
- }
-
- creds = DigestedCredentials(username, method, realm, fields)
-
- try:
- id = yield service.requestAvatarId(creds)
- print("OK via DigestedCredentials, avatarID: {id}".format(id=id))
- print(" {name}".format(name=id.fullNames))
- except UnauthorizedLogin:
- print("Via DigestedCredentials, could not authenticate")
-
- # Conditionally run testAuth()
-
- response = raw_input("Test authentication (y/n)? ")
- if response == "y":
- username = raw_input("Username: ")
- if username:
- password = getpass()
- if password:
- testAuth(username, password)
</del></span></pre>
</div>
</div>
</body>
</html>