Enable test cases for Digest auth requests with or without body

When quality-of-protection (qop) is 'auth-int', the hash of request body is used to create digest response.
2026-06-05 23:00:18 +00:00 · 2016-12-04 00:25:36 +03:00
parent 9816125df3
commit ec17414e94
1 changed files with 8 additions and 6 deletions
@@ -45,7 +45,7 @@ def _hash(data, algorithm):

 def _make_digest_auth_header(username, password, method, uri, nonce,
                             realm=None, opaque=None, algorithm=None,
-                             qop=None, cnonce=None, nc=None, body=''):
+                             qop=None, cnonce=None, nc=None, body=None):
    """Compile a digest authentication header string

    Arguments:
@@ -73,7 +73,7 @@ def _make_digest_auth_header(username, password, method, uri, nonce,

    a2 = b':'.join([method.encode('utf-8'), uri.encode('utf-8')])
    if qop == 'auth-int':
-        a2 = b':'.join([a2, _hash(body, algorithm)])
+        a2 = b':'.join([a2, _hash(body or '', algorithm)])
    ha2 = _hash(a2, algorithm)

    a3 = b':'.join([ha1, nonce.encode('utf-8')])
@@ -253,9 +253,10 @@ class HttpbinTestCase(unittest.TestCase):
        password = 'passwd'
        for qop in None, 'auth', 'auth-int',:
            for algorithm in None, 'MD5', 'SHA-256':
-                self._test_digest_auth(username, password, qop, algorithm)
+                for body in None, '', 'request payload':
+                    self._test_digest_auth(username, password, qop, algorithm, body)

-    def _test_digest_auth(self, username, password, qop=None, algorithm=None):
+    def _test_digest_auth(self, username, password, qop=None, algorithm=None, body=None):
        uri = '/digest-auth/{0}/{1}/{2}'.format(qop or 'wrong-qop', username, password)
        if algorithm:
            uri += '/' + algorithm
@@ -281,7 +282,7 @@ class HttpbinTestCase(unittest.TestCase):
        cnonce, nc = (_hash(os.urandom(10), "MD5"), '00000001') if qop in ('auth', 'auth-int') else (None, None)

        auth_header = _make_digest_auth_header(
-            username, password, 'GET', uri, nonce, realm, opaque, algorithm, qop, cnonce, nc)
+            username, password, 'GET', uri, nonce, realm, opaque, algorithm, qop, cnonce, nc, body)

        # make second request
        authorized_response = self.app.get(
@@ -293,7 +294,8 @@ class HttpbinTestCase(unittest.TestCase):
            },
            headers={
                'Authorization': auth_header,
-            }
+            },
+            data=body
        )

        # done!