From 5347cb9c269acdbc2fc36f92e3545fcbb9de45a1 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Mon, 31 Dec 2012 10:56:44 +1300
Subject: More work on proxy auth

- Strip auth header if auth succeeds, so it's not passed upstream
- Actually use realm specification to BasicProxyAuth, and make it mandatory
- Cleanups and unit tests
---
 test/test_authentication.py | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

(limited to 'test')

diff --git a/test/test_authentication.py b/test/test_authentication.py
index cc797d68..f7a5ecd3 100644
--- a/test/test_authentication.py
+++ b/test/test_authentication.py
@@ -9,17 +9,18 @@ class TestNullProxyAuth:
         na = authentication.NullProxyAuth(authentication.PermissivePasswordManager())
         assert not na.auth_challenge_headers()
         assert na.authenticate("foo")
+        na.clean({})
 
 
 class TestBasicProxyAuth:
     def test_simple(self):
-        ba = authentication.BasicProxyAuth(authentication.PermissivePasswordManager())
+        ba = authentication.BasicProxyAuth(authentication.PermissivePasswordManager(), "test")
         h = odict.ODictCaseless()
         assert ba.auth_challenge_headers()
         assert not ba.authenticate(h)
 
     def test_parse_auth_value(self):
-        ba = authentication.BasicProxyAuth(authentication.PermissivePasswordManager())
+        ba = authentication.BasicProxyAuth(authentication.PermissivePasswordManager(), "test")
         vals = ("basic", "foo", "bar")
         assert ba.parse_auth_value(ba.unparse_auth_value(*vals)) == vals
         tutils.raises(ValueError, ba.parse_auth_value, "")
@@ -28,3 +29,30 @@ class TestBasicProxyAuth:
         v = "basic " + binascii.b2a_base64("foo")
         tutils.raises(ValueError, ba.parse_auth_value, v)
 
+    def test_authenticate_clean(self):
+        ba = authentication.BasicProxyAuth(authentication.PermissivePasswordManager(), "test")
+
+        hdrs = odict.ODictCaseless()
+        vals = ("basic", "foo", "bar")
+        hdrs[ba.AUTH_HEADER] = [ba.unparse_auth_value(*vals)]
+        assert ba.authenticate(hdrs)
+
+        ba.clean(hdrs)
+        assert not ba.AUTH_HEADER in hdrs
+
+
+        hdrs[ba.AUTH_HEADER] = [""]
+        assert not ba.authenticate(hdrs)
+
+        hdrs[ba.AUTH_HEADER] = ["foo"]
+        assert not ba.authenticate(hdrs)
+
+        vals = ("foo", "foo", "bar")
+        hdrs[ba.AUTH_HEADER] = [ba.unparse_auth_value(*vals)]
+        assert not ba.authenticate(hdrs)
+
+        ba = authentication.BasicProxyAuth(authentication.PasswordManager(), "test")
+        vals = ("basic", "foo", "bar")
+        hdrs[ba.AUTH_HEADER] = [ba.unparse_auth_value(*vals)]
+        assert not ba.authenticate(hdrs)
+
-- 
cgit v1.2.3