1
# Copyright (C) 2005-2011 Canonical Ltd
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11
# GNU General Public License for more details.
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
27
from ..sixish import (
30
from ..bzr.smart import (
33
from . import http_server
34
from ..transport import chroot
37
class HTTPServerWithSmarts(http_server.HttpServer):
38
"""HTTPServerWithSmarts extends the HttpServer with POST methods that will
39
trigger a smart server to execute with a transport rooted at the rootdir of
43
def __init__(self, protocol_version=None):
44
http_server.HttpServer.__init__(self, SmartRequestHandler,
45
protocol_version=protocol_version)
48
class SmartRequestHandler(http_server.TestingHTTPRequestHandler):
49
"""Extend TestingHTTPRequestHandler to support smart client POSTs.
51
XXX: This duplicates a fair bit of the logic in breezy.transport.http.wsgi.
55
"""Hand the request off to a smart server instance."""
56
backing = transport.get_transport_from_path(
57
self.server.test_case_server._home_dir)
58
chroot_server = chroot.ChrootServer(backing)
59
chroot_server.start_server()
61
t = transport.get_transport_from_url(chroot_server.get_url())
64
chroot_server.stop_server()
66
def do_POST_inner(self, chrooted_transport):
67
self.send_response(200)
68
self.send_header("Content-type", "application/octet-stream")
69
if not self.path.endswith('.bzr/smart'):
71
'POST to path not ending in .bzr/smart: %r' % (self.path,))
72
t = chrooted_transport.clone(self.path[:-len('.bzr/smart')])
73
# if this fails, we should return 400 bad request, but failure is
74
# failure for now - RBC 20060919
75
data_length = int(self.headers['Content-Length'])
76
# TODO: We might like to support streaming responses. 1.0 allows no
77
# Content-length in this case, so for integrity we should perform our
78
# own chunking within the stream.
79
# 1.1 allows chunked responses, and in this case we could chunk using
80
# the HTTP chunking as this will allow HTTP persistence safely, even if
81
# we have to stop early due to error, but we would also have to use the
82
# HTTP trailer facility which may not be widely available.
83
request_bytes = self.rfile.read(data_length)
84
protocol_factory, unused_bytes = medium._get_protocol_factory_for_bytes(
86
out_buffer = BytesIO()
87
smart_protocol_request = protocol_factory(t, out_buffer.write, '/')
88
# Perhaps there should be a SmartServerHTTPMedium that takes care of
89
# feeding the bytes in the http request to the smart_protocol_request,
90
# but for now it's simpler to just feed the bytes directly.
91
smart_protocol_request.accept_bytes(unused_bytes)
92
if not (smart_protocol_request.next_read_size() == 0):
93
raise errors.SmartProtocolError(
94
"not finished reading, but all data sent to protocol.")
95
self.send_header("Content-Length", str(len(out_buffer.getvalue())))
97
self.wfile.write(out_buffer.getvalue())
100
class TestCaseWithWebserver(tests.TestCaseWithTransport):
101
"""A support class that provides readonly urls that are http://.
103
This is done by forcing the readonly server to be an http
104
one. This will currently fail if the primary transport is not
105
backed by regular disk files.
108
# These attributes can be overriden or parametrized by daughter clasess if
109
# needed, but must exist so that the create_transport_readonly_server()
110
# method (or any method creating an http(s) server) can propagate it.
111
_protocol_version = None
112
_url_protocol = 'http'
115
super(TestCaseWithWebserver, self).setUp()
116
self.transport_readonly_server = http_server.HttpServer
118
def create_transport_readonly_server(self):
119
server = self.transport_readonly_server(
120
protocol_version=self._protocol_version)
121
server._url_protocol = self._url_protocol
125
class TestCaseWithTwoWebservers(TestCaseWithWebserver):
126
"""A support class providing readonly urls on two servers that are http://.
128
We set up two webservers to allows various tests involving
129
proxies or redirections from one server to the other.
132
super(TestCaseWithTwoWebservers, self).setUp()
133
self.transport_secondary_server = http_server.HttpServer
134
self.__secondary_server = None
136
def create_transport_secondary_server(self):
137
"""Create a transport server from class defined at init.
139
This is mostly a hook for daughter classes.
141
server = self.transport_secondary_server(
142
protocol_version=self._protocol_version)
143
server._url_protocol = self._url_protocol
146
def get_secondary_server(self):
147
"""Get the server instance for the secondary transport."""
148
if self.__secondary_server is None:
149
self.__secondary_server = self.create_transport_secondary_server()
150
self.start_server(self.__secondary_server)
151
return self.__secondary_server
153
def get_secondary_url(self, relpath=None):
154
base = self.get_secondary_server().get_url()
155
return self._adjust_url(base, relpath)
157
def get_secondary_transport(self, relpath=None):
158
t = transport.get_transport_from_url(self.get_secondary_url(relpath))
159
self.assertTrue(t.is_readonly())
163
class ProxyServer(http_server.HttpServer):
164
"""A proxy test server for http transports."""
166
proxy_requests = True
169
class RedirectRequestHandler(http_server.TestingHTTPRequestHandler):
170
"""Redirect all request to the specified server"""
172
def parse_request(self):
173
"""Redirect a single HTTP request to another host"""
174
valid = http_server.TestingHTTPRequestHandler.parse_request(self)
176
tcs = self.server.test_case_server
177
code, target = tcs.is_redirected(self.path)
178
if code is not None and target is not None:
179
# Redirect as instructed
180
self.send_response(code)
181
self.send_header('Location', target)
182
# We do not send a body
183
self.send_header('Content-Length', '0')
185
return False # The job is done
187
# We leave the parent class serve the request
192
class HTTPServerRedirecting(http_server.HttpServer):
193
"""An HttpServer redirecting to another server """
195
def __init__(self, request_handler=RedirectRequestHandler,
196
protocol_version=None):
197
http_server.HttpServer.__init__(self, request_handler,
198
protocol_version=protocol_version)
199
# redirections is a list of tuples (source, target, code)
200
# - source is a regexp for the paths requested
201
# - target is a replacement for re.sub describing where
202
# the request will be redirected
203
# - code is the http error code associated to the
204
# redirection (301 permanent, 302 temporarry, etc
205
self.redirections = []
207
def redirect_to(self, host, port):
208
"""Redirect all requests to a specific host:port"""
209
self.redirections = [('(.*)',
210
r'http://%s:%s\1' % (host, port) ,
213
def is_redirected(self, path):
214
"""Is the path redirected by this server.
216
:param path: the requested relative path
218
:returns: a tuple (code, target) if a matching
219
redirection is found, (None, None) otherwise.
223
for (rsource, rtarget, rcode) in self.redirections:
224
target, match = re.subn(rsource, rtarget, path)
227
break # The first match wins
233
class TestCaseWithRedirectedWebserver(TestCaseWithTwoWebservers):
234
"""A support class providing redirections from one server to another.
236
We set up two webservers to allows various tests involving
238
The 'old' server is redirected to the 'new' server.
242
super(TestCaseWithRedirectedWebserver, self).setUp()
243
# The redirections will point to the new server
244
self.new_server = self.get_readonly_server()
245
# The requests to the old server will be redirected to the new server
246
self.old_server = self.get_secondary_server()
248
def create_transport_secondary_server(self):
249
"""Create the secondary server redirecting to the primary server"""
250
new = self.get_readonly_server()
251
redirecting = HTTPServerRedirecting(
252
protocol_version=self._protocol_version)
253
redirecting.redirect_to(new.host, new.port)
254
redirecting._url_protocol = self._url_protocol
257
def get_old_url(self, relpath=None):
258
base = self.old_server.get_url()
259
return self._adjust_url(base, relpath)
261
def get_old_transport(self, relpath=None):
262
t = transport.get_transport_from_url(self.get_old_url(relpath))
263
self.assertTrue(t.is_readonly())
266
def get_new_url(self, relpath=None):
267
base = self.new_server.get_url()
268
return self._adjust_url(base, relpath)
270
def get_new_transport(self, relpath=None):
271
t = transport.get_transport_from_url(self.get_new_url(relpath))
272
self.assertTrue(t.is_readonly())
276
class AuthRequestHandler(http_server.TestingHTTPRequestHandler):
277
"""Requires an authentication to process requests.
279
This is intended to be used with a server that always and
280
only use one authentication scheme (implemented by daughter
284
# The following attributes should be defined in the server
285
# - auth_header_sent: the header name sent to require auth
286
# - auth_header_recv: the header received containing auth
287
# - auth_error_code: the error code to indicate auth required
289
def _require_authentication(self):
290
# Note that we must update test_case_server *before*
291
# sending the error or the client may try to read it
292
# before we have sent the whole error back.
293
tcs = self.server.test_case_server
294
tcs.auth_required_errors += 1
295
self.send_response(tcs.auth_error_code)
296
self.send_header_auth_reqed()
297
# We do not send a body
298
self.send_header('Content-Length', '0')
303
if self.authorized():
304
return http_server.TestingHTTPRequestHandler.do_GET(self)
306
return self._require_authentication()
309
if self.authorized():
310
return http_server.TestingHTTPRequestHandler.do_HEAD(self)
312
return self._require_authentication()
315
class BasicAuthRequestHandler(AuthRequestHandler):
316
"""Implements the basic authentication of a request"""
318
def authorized(self):
319
tcs = self.server.test_case_server
320
if tcs.auth_scheme != 'basic':
323
auth_header = self.headers.get(tcs.auth_header_recv, None)
325
scheme, raw_auth = auth_header.split(' ', 1)
326
if scheme.lower() == tcs.auth_scheme:
327
user, password = raw_auth.decode('base64').split(':')
328
return tcs.authorized(user, password)
332
def send_header_auth_reqed(self):
333
tcs = self.server.test_case_server
334
self.send_header(tcs.auth_header_sent,
335
'Basic realm="%s"' % tcs.auth_realm)
338
# FIXME: We could send an Authentication-Info header too when
339
# the authentication is succesful
341
class DigestAuthRequestHandler(AuthRequestHandler):
342
"""Implements the digest authentication of a request.
344
We need persistence for some attributes and that can't be
345
achieved here since we get instantiated for each request. We
346
rely on the DigestAuthServer to take care of them.
349
def authorized(self):
350
tcs = self.server.test_case_server
352
auth_header = self.headers.get(tcs.auth_header_recv, None)
353
if auth_header is None:
355
scheme, auth = auth_header.split(None, 1)
356
if scheme.lower() == tcs.auth_scheme:
357
auth_dict = urllib2.parse_keqv_list(urllib2.parse_http_list(auth))
359
return tcs.digest_authorized(auth_dict, self.command)
363
def send_header_auth_reqed(self):
364
tcs = self.server.test_case_server
365
header = 'Digest realm="%s", ' % tcs.auth_realm
366
header += 'nonce="%s", algorithm="%s", qop="auth"' % (tcs.auth_nonce,
368
self.send_header(tcs.auth_header_sent,header)
371
class DigestAndBasicAuthRequestHandler(DigestAuthRequestHandler):
372
"""Implements a digest and basic authentication of a request.
374
I.e. the server proposes both schemes and the client should choose the best
375
one it can handle, which, in that case, should be digest, the only scheme
379
def send_header_auth_reqed(self):
380
tcs = self.server.test_case_server
381
self.send_header(tcs.auth_header_sent,
382
'Basic realm="%s"' % tcs.auth_realm)
383
header = 'Digest realm="%s", ' % tcs.auth_realm
384
header += 'nonce="%s", algorithm="%s", qop="auth"' % (tcs.auth_nonce,
386
self.send_header(tcs.auth_header_sent,header)
389
class AuthServer(http_server.HttpServer):
390
"""Extends HttpServer with a dictionary of passwords.
392
This is used as a base class for various schemes which should
393
all use or redefined the associated AuthRequestHandler.
395
Note that no users are defined by default, so add_user should
396
be called before issuing the first request.
399
# The following attributes should be set dy daughter classes
400
# and are used by AuthRequestHandler.
401
auth_header_sent = None
402
auth_header_recv = None
403
auth_error_code = None
404
auth_realm = "Thou should not pass"
406
def __init__(self, request_handler, auth_scheme,
407
protocol_version=None):
408
http_server.HttpServer.__init__(self, request_handler,
409
protocol_version=protocol_version)
410
self.auth_scheme = auth_scheme
411
self.password_of = {}
412
self.auth_required_errors = 0
414
def add_user(self, user, password):
415
"""Declare a user with an associated password.
417
password can be empty, use an empty string ('') in that
420
self.password_of[user] = password
422
def authorized(self, user, password):
423
"""Check that the given user provided the right password"""
424
expected_password = self.password_of.get(user, None)
425
return expected_password is not None and password == expected_password
428
# FIXME: There is some code duplication with
429
# _urllib2_wrappers.py.DigestAuthHandler. If that duplication
430
# grows, it may require a refactoring. Also, we don't implement
431
# SHA algorithm nor MD5-sess here, but that does not seem worth
433
class DigestAuthServer(AuthServer):
434
"""A digest authentication server"""
438
def __init__(self, request_handler, auth_scheme,
439
protocol_version=None):
440
AuthServer.__init__(self, request_handler, auth_scheme,
441
protocol_version=protocol_version)
443
def digest_authorized(self, auth, command):
444
nonce = auth['nonce']
445
if nonce != self.auth_nonce:
447
realm = auth['realm']
448
if realm != self.auth_realm:
450
user = auth['username']
451
if user not in self.password_of:
453
algorithm= auth['algorithm']
454
if algorithm != 'MD5':
460
password = self.password_of[user]
462
# Recalculate the response_digest to compare with the one
464
A1 = '%s:%s:%s' % (user, realm, password)
465
A2 = '%s:%s' % (command, auth['uri'])
467
H = lambda x: osutils.md5(x).hexdigest()
468
KD = lambda secret, data: H("%s:%s" % (secret, data))
470
nonce_count = int(auth['nc'], 16)
472
ncvalue = '%08x' % nonce_count
474
cnonce = auth['cnonce']
475
noncebit = '%s:%s:%s:%s:%s' % (nonce, ncvalue, cnonce, qop, H(A2))
476
response_digest = KD(H(A1), noncebit)
478
return response_digest == auth['response']
481
class HTTPAuthServer(AuthServer):
482
"""An HTTP server requiring authentication"""
484
def init_http_auth(self):
485
self.auth_header_sent = 'WWW-Authenticate'
486
self.auth_header_recv = 'Authorization'
487
self.auth_error_code = 401
490
class ProxyAuthServer(AuthServer):
491
"""A proxy server requiring authentication"""
493
def init_proxy_auth(self):
494
self.proxy_requests = True
495
self.auth_header_sent = 'Proxy-Authenticate'
496
self.auth_header_recv = 'Proxy-Authorization'
497
self.auth_error_code = 407
500
class HTTPBasicAuthServer(HTTPAuthServer):
501
"""An HTTP server requiring basic authentication"""
503
def __init__(self, protocol_version=None):
504
HTTPAuthServer.__init__(self, BasicAuthRequestHandler, 'basic',
505
protocol_version=protocol_version)
506
self.init_http_auth()
509
class HTTPDigestAuthServer(DigestAuthServer, HTTPAuthServer):
510
"""An HTTP server requiring digest authentication"""
512
def __init__(self, protocol_version=None):
513
DigestAuthServer.__init__(self, DigestAuthRequestHandler, 'digest',
514
protocol_version=protocol_version)
515
self.init_http_auth()
518
class HTTPBasicAndDigestAuthServer(DigestAuthServer, HTTPAuthServer):
519
"""An HTTP server requiring basic or digest authentication"""
521
def __init__(self, protocol_version=None):
522
DigestAuthServer.__init__(self, DigestAndBasicAuthRequestHandler,
524
protocol_version=protocol_version)
525
self.init_http_auth()
526
# We really accept Digest only
527
self.auth_scheme = 'digest'
530
class ProxyBasicAuthServer(ProxyAuthServer):
531
"""A proxy server requiring basic authentication"""
533
def __init__(self, protocol_version=None):
534
ProxyAuthServer.__init__(self, BasicAuthRequestHandler, 'basic',
535
protocol_version=protocol_version)
536
self.init_proxy_auth()
539
class ProxyDigestAuthServer(DigestAuthServer, ProxyAuthServer):
540
"""A proxy server requiring basic authentication"""
542
def __init__(self, protocol_version=None):
543
ProxyAuthServer.__init__(self, DigestAuthRequestHandler, 'digest',
544
protocol_version=protocol_version)
545
self.init_proxy_auth()
548
class ProxyBasicAndDigestAuthServer(DigestAuthServer, ProxyAuthServer):
549
"""An proxy server requiring basic or digest authentication"""
551
def __init__(self, protocol_version=None):
552
DigestAuthServer.__init__(self, DigestAndBasicAuthRequestHandler,
554
protocol_version=protocol_version)
555
self.init_proxy_auth()
556
# We really accept Digest only
557
self.auth_scheme = 'digest'
added
removed
breezy/tests/http_utils.py
