Skip to content

Commit

Permalink
fix #181 add password param to constructor (#182)
Browse files Browse the repository at this point in the history
* fix #181 split principal into user@realm and password

* add test for principal with password

* added password to constructor instead

* update test to handle password

---------

Co-authored-by: Razif PRAMUDA <muhammadrazif.pramuda@idemia.com>
  • Loading branch information
razzzp and Razif PRAMUDA authored Aug 8, 2023
1 parent 3f672cf commit 3e0371a
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 2 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ env/
build/
dist/
requests_kerberos.egg-info/

.venv
.vscode
5 changes: 4 additions & 1 deletion requests_kerberos/kerberos_.py
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ def __init__(
self, mutual_authentication=REQUIRED,
service="HTTP", delegate=False, force_preemptive=False,
principal=None, hostname_override=None,
sanitize_mutual_error_response=True, send_cbt=True):
sanitize_mutual_error_response=True, send_cbt=True, password=None):
self._context = {}
self.mutual_authentication = mutual_authentication
self.delegate = delegate
Expand All @@ -180,6 +180,7 @@ def __init__(
self.hostname_override = hostname_override
self.sanitize_mutual_error_response = sanitize_mutual_error_response
self.auth_done = False
self.password = password

# Set the CBT values populated after the first response
self.send_cbt = send_cbt
Expand Down Expand Up @@ -211,13 +212,15 @@ def generate_request_header(self, response, host, is_preemptive=False):

self._context[host] = ctx = spnego.client(
username=self.principal,
password=self.password,
hostname=kerb_host,
service=self.service,
channel_bindings=self._cbts.get(host, None),
context_req=gssflags,
protocol="kerberos",
)


# if we have a previous response from the server, use it to continue
# the auth process, otherwise use an empty value
negotiate_resp_value = None if is_preemptive else _negotiate_value(response)
Expand Down
32 changes: 32 additions & 0 deletions tests/test_requests_kerberos.py
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ def test_generate_request_header(mock_client):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand Down Expand Up @@ -99,6 +100,7 @@ def test_generate_request_header_init_error(mock_client):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand All @@ -123,6 +125,7 @@ def test_generate_request_header_step_error(mock_client):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand Down Expand Up @@ -169,6 +172,7 @@ def test_authenticate_user(mock_client, mocker):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand Down Expand Up @@ -217,6 +221,7 @@ def test_authenticate_user2(mock_client, mocker):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand Down Expand Up @@ -262,6 +267,7 @@ def test_handle_401(mock_client, mocker):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand Down Expand Up @@ -310,6 +316,7 @@ def test_handle_407(mock_client, mocker):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand Down Expand Up @@ -553,6 +560,7 @@ def test_handle_response_401(mock_client, mocker):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand Down Expand Up @@ -606,6 +614,7 @@ def connection_send(self, *args, **kwargs):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand All @@ -630,6 +639,7 @@ def test_generate_request_header_custom_service(mock_client):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "barfoo",
"channel_bindings": None,
Expand Down Expand Up @@ -669,6 +679,7 @@ def test_delegation(mock_client, mocker):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand All @@ -693,6 +704,26 @@ def test_principal_override(mock_client):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": "user@REALM",
"password": None,
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
"context_req": spnego.ContextReq.sequence_detect | spnego.ContextReq.mutual_auth,
"protocol": "kerberos",
}

def test_principal_override_with_pass(mock_client):
response = requests.Response()
response.url = "http://www.example.org/"
response.headers = {'www-authenticate': 'negotiate dG9rZW4='}
host = urlparse(response.url).hostname
auth = requests_kerberos.HTTPKerberosAuth(principal="user@REALM",password="password")
auth.generate_request_header(response, host),

assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": "user@REALM",
"password": "password",
"hostname": "www.example.org",
"service": "HTTP",
"channel_bindings": None,
Expand All @@ -712,6 +743,7 @@ def test_realm_override(mock_client):
assert mock_client.call_count == 1
assert mock_client.call_args[1] == {
"username": None,
"password": None,
"hostname": "otherhost.otherdomain.org",
"service": "HTTP",
"channel_bindings": None,
Expand Down

0 comments on commit 3e0371a

Please sign in to comment.