userver: samples/digest_auth_service/tests/test_digest.py
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Modules Pages Concepts
samples/digest_auth_service/tests/test_digest.py
1# /// [Functional test]
2import auth_utils
3import pytest
4
5
6@pytest.mark.pgsql('auth', files=['test_data.sql'])
7async def test_authenticate_base(service_client):
8 response = await service_client.get('/v1/hello')
9 assert response.status == 401
10
11 authentication_header = response.headers['WWW-Authenticate']
12 auth_directives = auth_utils.parse_directives(authentication_header)
13
14 auth_utils.auth_directives_assert(auth_directives)
15
16 challenge = auth_utils.construct_challenge(auth_directives)
17 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
18
19 response = await service_client.get(
20 '/v1/hello',
21 headers={'Authorization': auth_header},
22 )
23 assert response.status == 200
24 assert 'Authentication-Info' in response.headers
25
26
27# /// [Functional test]
28
29
30@pytest.mark.pgsql('auth', files=['test_data.sql'])
31async def test_authenticate_base_unregistered_user(service_client):
32 response = await service_client.get('/v1/hello')
33 assert response.status == 401
34
35 authentication_header = response.headers['WWW-Authenticate']
36 auth_directives = auth_utils.parse_directives(authentication_header)
37
38 auth_utils.auth_directives_assert(auth_directives)
39
40 challenge = auth_utils.construct_challenge(auth_directives)
41 auth_header = auth_utils.construct_header(
42 'unregistered_username',
43 'pswd',
44 challenge,
45 )
46
47 response = await service_client.get(
48 '/v1/hello',
49 headers={'Authorization': auth_header},
50 )
51 assert response.status == 403
52
53
54@pytest.mark.pgsql('auth', files=['test_data.sql'])
55async def test_postgres_wrong_data(service_client):
56 response = await service_client.get('/v1/hello')
57 assert response.status == 401
58
59 authentication_header = response.headers['WWW-Authenticate']
60 auth_directives = auth_utils.parse_directives(authentication_header)
61
62 auth_utils.auth_directives_assert(auth_directives)
63
64 challenge = auth_utils.construct_challenge(auth_directives)
65 auth_header = auth_utils.construct_header(
66 'username',
67 'wrong-password',
68 challenge,
69 )
70
71 response = await service_client.get(
72 '/v1/hello',
73 headers={'Authorization': auth_header},
74 )
75 assert response.status == 401
76 assert 'WWW-Authenticate' in response.headers
77
78
79@pytest.mark.pgsql('auth', files=['test_data.sql'])
80async def test_repeated_auth(service_client):
81 response = await service_client.get('/v1/hello')
82 assert response.status == 401
83
84 authentication_header = response.headers['WWW-Authenticate']
85 auth_directives = auth_utils.parse_directives(authentication_header)
86
87 auth_utils.auth_directives_assert(auth_directives)
88
89 challenge = auth_utils.construct_challenge(auth_directives)
90 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
91
92 response = await service_client.get(
93 '/v1/hello',
94 headers={'Authorization': auth_header},
95 )
96 assert response.status == 200
97
98 auth_info_header = response.headers['Authentication-Info']
99 auth_directives_info = auth_utils.parse_directives(auth_info_header)
100
101 challenge = auth_utils.construct_challenge(
102 auth_directives,
103 auth_directives_info['nextnonce'],
104 )
105 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
106
107 response = await service_client.get(
108 '/v1/hello',
109 headers={'Authorization': auth_header},
110 )
111 assert response.status == 200
112 assert 'Authentication-Info' in response.headers
113
114
115@pytest.mark.pgsql('auth', files=['test_data.sql'])
116async def test_same_nonce_repeated_use(service_client):
117 response = await service_client.get('/v1/hello')
118 assert response.status == 401
119
120 authentication_header = response.headers['WWW-Authenticate']
121 auth_directives = auth_utils.parse_directives(authentication_header)
122
123 auth_utils.auth_directives_assert(auth_directives)
124
125 challenge = auth_utils.construct_challenge(auth_directives)
126 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
127
128 response = await service_client.get(
129 '/v1/hello',
130 headers={'Authorization': auth_header},
131 )
132 assert response.status == 200
133
134 auth_info_header = response.headers['Authentication-Info']
135 auth_directives_info = auth_utils.parse_directives(auth_info_header)
136
137 challenge = auth_utils.construct_challenge(
138 auth_directives,
139 auth_directives_info['nextnonce'],
140 )
141 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
142
143 response = await service_client.get(
144 '/v1/hello',
145 headers={'Authorization': auth_header},
146 )
147 assert response.status == 200
148
149 response = await service_client.get(
150 '/v1/hello',
151 headers={'Authorization': auth_header},
152 )
153 assert response.status == 401
154 assert 'WWW-Authenticate' in response.headers
155
156
157@pytest.mark.pgsql('auth', files=['test_data.sql'])
158async def test_expiring_nonce(service_client, mocked_time):
159 response = await service_client.get('/v1/hello')
160 assert response.status == 401
161
162 authentication_header = response.headers['WWW-Authenticate']
163 auth_directives = auth_utils.parse_directives(authentication_header)
164
165 auth_utils.auth_directives_assert(auth_directives)
166
167 challenge = auth_utils.construct_challenge(auth_directives)
168 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
169
170 response = await service_client.get(
171 '/v1/hello',
172 headers={'Authorization': auth_header},
173 )
174 assert response.status == 200
175
176 very_long_waiting_ms = 1500
177 mocked_time.sleep(very_long_waiting_ms)
178
179 auth_info_header = response.headers['Authentication-Info']
180 auth_directives_info = auth_utils.parse_directives(auth_info_header)
181
182 challenge = auth_utils.construct_challenge(
183 auth_directives,
184 auth_directives_info['nextnonce'],
185 )
186 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
187
188 response = await service_client.get(
189 '/v1/hello',
190 headers={'Authorization': auth_header},
191 )
192 assert response.status == 401
193
194 authentication_header = response.headers['WWW-Authenticate']
195 auth_directives = auth_utils.parse_directives(authentication_header)
196
197 auth_utils.auth_directives_assert(auth_directives)
198
199 challenge = auth_utils.construct_challenge(auth_directives)
200 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
201
202 response = await service_client.get(
203 '/v1/hello',
204 headers={'Authorization': auth_header},
205 )
206 assert response.status == 200
207 assert 'Authentication-Info' in response.headers
208
209
210@pytest.mark.pgsql('auth', files=['test_data.sql'])
211async def test_aliving_nonce_after_half_ttl(service_client, mocked_time):
212 response = await service_client.get('/v1/hello')
213 assert response.status == 401
214
215 authentication_header = response.headers['WWW-Authenticate']
216 auth_directives = auth_utils.parse_directives(authentication_header)
217
218 auth_utils.auth_directives_assert(auth_directives)
219
220 challenge = auth_utils.construct_challenge(auth_directives)
221 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
222
223 response = await service_client.get(
224 '/v1/hello',
225 headers={'Authorization': auth_header},
226 )
227 assert response.status == 200
228
229 short_waiting_ms = 500
230 mocked_time.sleep(short_waiting_ms)
231
232 auth_info_header = response.headers['Authentication-Info']
233 auth_directives_info = auth_utils.parse_directives(auth_info_header)
234
235 challenge = auth_utils.construct_challenge(
236 auth_directives,
237 auth_directives_info['nextnonce'],
238 )
239 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
240
241 response = await service_client.get(
242 '/v1/hello',
243 headers={'Authorization': auth_header},
244 )
245 assert response.status == 200
246 assert 'Authentication-Info' in response.headers
247
248
249@pytest.mark.pgsql('auth', files=['test_data.sql'])
250async def test_repeated_auth_ignore_nextnonce(service_client):
251 response = await service_client.get('/v1/hello')
252 assert response.status == 401
253
254 authentication_header = response.headers['WWW-Authenticate']
255 auth_directives = auth_utils.parse_directives(authentication_header)
256
257 auth_utils.auth_directives_assert(auth_directives)
258
259 challenge = auth_utils.construct_challenge(auth_directives)
260 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
261
262 response = await service_client.get(
263 '/v1/hello',
264 headers={'Authorization': auth_header},
265 )
266 assert response.status == 200
267
268 response = await service_client.get('/v1/hello')
269 assert response.status == 401
270
271 authentication_header = response.headers['WWW-Authenticate']
272 auth_directives = auth_utils.parse_directives(authentication_header)
273
274 challenge = auth_utils.construct_challenge(auth_directives)
275 auth_header = auth_utils.construct_header('username', 'pswd', challenge)
276
277 response = await service_client.get(
278 '/v1/hello',
279 headers={'Authorization': auth_header},
280 )
281 assert response.status == 200