UnknownSec Bypass
403
:
/
lib
/
python3
/
dist-packages
/
twisted
/
cred
/
test
/ [
drwxr-xr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
test_cramauth.py
# Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Tests for L{twisted.cred}'s implementation of CRAM-MD5. """ from __future__ import division, absolute_import from hmac import HMAC from binascii import hexlify from twisted.trial.unittest import TestCase from twisted.cred.credentials import CramMD5Credentials from twisted.cred.credentials import IUsernameHashedPassword class CramMD5CredentialsTests(TestCase): """ Tests for L{CramMD5Credentials}. """ def test_idempotentChallenge(self): """ The same L{CramMD5Credentials} will always provide the same challenge, no matter how many times it is called. """ c = CramMD5Credentials() chal = c.getChallenge() self.assertEqual(chal, c.getChallenge()) def test_checkPassword(self): """ When a valid response (which is a hex digest of the challenge that has been encrypted by the user's shared secret) is set on the L{CramMD5Credentials} that created the challenge, and C{checkPassword} is called with the user's shared secret, it will return L{True}. """ c = CramMD5Credentials() chal = c.getChallenge() c.response = hexlify(HMAC(b'secret', chal).digest()) self.assertTrue(c.checkPassword(b'secret')) def test_noResponse(self): """ When there is no response set, calling C{checkPassword} will return L{False}. """ c = CramMD5Credentials() self.assertFalse(c.checkPassword(b'secret')) def test_wrongPassword(self): """ When an invalid response is set on the L{CramMD5Credentials} (one that is not the hex digest of the challenge, encrypted with the user's shared secret) and C{checkPassword} is called with the user's correct shared secret, it will return L{False}. """ c = CramMD5Credentials() chal = c.getChallenge() c.response = hexlify(HMAC(b'thewrongsecret', chal).digest()) self.assertFalse(c.checkPassword(b'secret')) def test_setResponse(self): """ When C{setResponse} is called with a string that is the username and the hashed challenge separated with a space, they will be set on the L{CramMD5Credentials}. """ c = CramMD5Credentials() chal = c.getChallenge() c.setResponse(b" ".join( (b"squirrel", hexlify(HMAC(b'supersecret', chal).digest())))) self.assertTrue(c.checkPassword(b'supersecret')) self.assertEqual(c.username, b"squirrel") def test_interface(self): """ L{CramMD5Credentials} implements the L{IUsernameHashedPassword} interface. """ self.assertTrue( IUsernameHashedPassword.implementedBy(CramMD5Credentials))
Copyright © 2025 - UnknownSec