userver: samples/digest_auth_service/tests/test_digest.py
Loading...
Searching...
No Matches
samples/digest_auth_service/tests/test_digest.py
1# /// [Functional test]
2import auth_utils
3import pytest
4
5
6@pytest.mark.pgsql('auth', files=['test_data.sql'])
7async def test_authenticate_base(service_client):
8 response = await service_client.get('/v1/hello')
9 assert response.status == 401
10
11 authentication_header = response.headers['WWW-Authenticate']
12 auth_directives = auth_utils.parse_directives(authentication_header)
13
14 auth_utils.auth_directives_assert(auth_directives)
15
16 challenge = auth_utils.construct_challenge(auth_directives)
17 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
18
19 response = await service_client.get(
20 '/v1/hello', headers={'Authorization': auth_header},
21 )
22 assert response.status == 200
23 assert 'Authentication-Info' in response.headers
24
25
26# /// [Functional test]
27
28
29@pytest.mark.pgsql('auth', files=['test_data.sql'])
30async def test_authenticate_base_unregistered_user(service_client):
31 response = await service_client.get('/v1/hello')
32 assert response.status == 401
33
34 authentication_header = response.headers['WWW-Authenticate']
35 auth_directives = auth_utils.parse_directives(authentication_header)
36
37 auth_utils.auth_directives_assert(auth_directives)
38
39 challenge = auth_utils.construct_challenge(auth_directives)
40 auth_header = auth_utils.construct_header(
41 'unregistered_username', 'pswd', challenge,
42 )
43
44 response = await service_client.get(
45 '/v1/hello', headers={'Authorization': auth_header},
46 )
47 assert response.status == 403
48
49
50@pytest.mark.pgsql('auth', files=['test_data.sql'])
51async def test_postgres_wrong_data(service_client):
52 response = await service_client.get('/v1/hello')
53 assert response.status == 401
54
55 authentication_header = response.headers['WWW-Authenticate']
56 auth_directives = auth_utils.parse_directives(authentication_header)
57
58 auth_utils.auth_directives_assert(auth_directives)
59
60 challenge = auth_utils.construct_challenge(auth_directives)
61 auth_header = auth_utils.construct_header(
62 'username', 'wrong-password', challenge,
63 )
64
65 response = await service_client.get(
66 '/v1/hello', headers={'Authorization': auth_header},
67 )
68 assert response.status == 401
69 assert 'WWW-Authenticate' in response.headers
70
71
72@pytest.mark.pgsql('auth', files=['test_data.sql'])
73async def test_repeated_auth(service_client):
74 response = await service_client.get('/v1/hello')
75 assert response.status == 401
76
77 authentication_header = response.headers['WWW-Authenticate']
78 auth_directives = auth_utils.parse_directives(authentication_header)
79
80 auth_utils.auth_directives_assert(auth_directives)
81
82 challenge = auth_utils.construct_challenge(auth_directives)
83 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
84
85 response = await service_client.get(
86 '/v1/hello', headers={'Authorization': auth_header},
87 )
88 assert response.status == 200
89
90 auth_info_header = response.headers['Authentication-Info']
91 auth_directives_info = auth_utils.parse_directives(auth_info_header)
92
93 challenge = auth_utils.construct_challenge(
94 auth_directives, auth_directives_info['nextnonce'],
95 )
96 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
97
98 response = await service_client.get(
99 '/v1/hello', headers={'Authorization': auth_header},
100 )
101 assert response.status == 200
102 assert 'Authentication-Info' in response.headers
103
104
105@pytest.mark.pgsql('auth', files=['test_data.sql'])
106async def test_same_nonce_repeated_use(service_client):
107 response = await service_client.get('/v1/hello')
108 assert response.status == 401
109
110 authentication_header = response.headers['WWW-Authenticate']
111 auth_directives = auth_utils.parse_directives(authentication_header)
112
113 auth_utils.auth_directives_assert(auth_directives)
114
115 challenge = auth_utils.construct_challenge(auth_directives)
116 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
117
118 response = await service_client.get(
119 '/v1/hello', headers={'Authorization': auth_header},
120 )
121 assert response.status == 200
122
123 auth_info_header = response.headers['Authentication-Info']
124 auth_directives_info = auth_utils.parse_directives(auth_info_header)
125
126 challenge = auth_utils.construct_challenge(
127 auth_directives, auth_directives_info['nextnonce'],
128 )
129 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
130
131 response = await service_client.get(
132 '/v1/hello', headers={'Authorization': auth_header},
133 )
134 assert response.status == 200
135
136 response = await service_client.get(
137 '/v1/hello', headers={'Authorization': auth_header},
138 )
139 assert response.status == 401
140 assert 'WWW-Authenticate' in response.headers
141
142
143@pytest.mark.pgsql('auth', files=['test_data.sql'])
144async def test_expiring_nonce(service_client, mocked_time):
145 response = await service_client.get('/v1/hello')
146 assert response.status == 401
147
148 authentication_header = response.headers['WWW-Authenticate']
149 auth_directives = auth_utils.parse_directives(authentication_header)
150
151 auth_utils.auth_directives_assert(auth_directives)
152
153 challenge = auth_utils.construct_challenge(auth_directives)
154 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
155
156 response = await service_client.get(
157 '/v1/hello', headers={'Authorization': auth_header},
158 )
159 assert response.status == 200
160
161 very_long_waiting_ms = 1500
162 mocked_time.sleep(very_long_waiting_ms)
163
164 auth_info_header = response.headers['Authentication-Info']
165 auth_directives_info = auth_utils.parse_directives(auth_info_header)
166
167 challenge = auth_utils.construct_challenge(
168 auth_directives, auth_directives_info['nextnonce'],
169 )
170 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
171
172 response = await service_client.get(
173 '/v1/hello', headers={'Authorization': auth_header},
174 )
175 assert response.status == 401
176
177 authentication_header = response.headers['WWW-Authenticate']
178 auth_directives = auth_utils.parse_directives(authentication_header)
179
180 auth_utils.auth_directives_assert(auth_directives)
181
182 challenge = auth_utils.construct_challenge(auth_directives)
183 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
184
185 response = await service_client.get(
186 '/v1/hello', headers={'Authorization': auth_header},
187 )
188 assert response.status == 200
189 assert 'Authentication-Info' in response.headers
190
191
192@pytest.mark.pgsql('auth', files=['test_data.sql'])
193async def test_aliving_nonce_after_half_ttl(service_client, mocked_time):
194 response = await service_client.get('/v1/hello')
195 assert response.status == 401
196
197 authentication_header = response.headers['WWW-Authenticate']
198 auth_directives = auth_utils.parse_directives(authentication_header)
199
200 auth_utils.auth_directives_assert(auth_directives)
201
202 challenge = auth_utils.construct_challenge(auth_directives)
203 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
204
205 response = await service_client.get(
206 '/v1/hello', headers={'Authorization': auth_header},
207 )
208 assert response.status == 200
209
210 short_waiting_ms = 500
211 mocked_time.sleep(short_waiting_ms)
212
213 auth_info_header = response.headers['Authentication-Info']
214 auth_directives_info = auth_utils.parse_directives(auth_info_header)
215
216 challenge = auth_utils.construct_challenge(
217 auth_directives, auth_directives_info['nextnonce'],
218 )
219 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
220
221 response = await service_client.get(
222 '/v1/hello', headers={'Authorization': auth_header},
223 )
224 assert response.status == 200
225 assert 'Authentication-Info' in response.headers
226
227
228@pytest.mark.pgsql('auth', files=['test_data.sql'])
229async def test_repeated_auth_ignore_nextnonce(service_client):
230 response = await service_client.get('/v1/hello')
231 assert response.status == 401
232
233 authentication_header = response.headers['WWW-Authenticate']
234 auth_directives = auth_utils.parse_directives(authentication_header)
235
236 auth_utils.auth_directives_assert(auth_directives)
237
238 challenge = auth_utils.construct_challenge(auth_directives)
239 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
240
241 response = await service_client.get(
242 '/v1/hello', headers={'Authorization': auth_header},
243 )
244 assert response.status == 200
245
246 response = await service_client.get('/v1/hello')
247 assert response.status == 401
248
249 authentication_header = response.headers['WWW-Authenticate']
250 auth_directives = auth_utils.parse_directives(authentication_header)
251
252 challenge = auth_utils.construct_challenge(auth_directives)
253 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
254
255 response = await service_client.get(
256 '/v1/hello', headers={'Authorization': auth_header},
257 )
258 assert response.status == 200