fix #181 add password param to constructor (#182)

razzzp · Razif PRAMUDA · web-flow · commit 3e0371a02f6c · 2023-08-08T10:43:30.000+10:00
* fix #181 split principal into user@realm and password * add test for principal with password * added password to constructor instead * update test to handle password --------- Co-authored-by: Razif PRAMUDA <muhammadrazif.pramuda@idemia.com>
diff --git a/.gitignore b/.gitignore
@@ -4,4 +4,5 @@ env/
 build/
 dist/
 requests_kerberos.egg-info/
-
+.venv
+.vscode
diff --git a/requests_kerberos/kerberos_.py b/requests_kerberos/kerberos_.py
@@ -169,7 +169,7 @@ def __init__(
             self, mutual_authentication=REQUIRED,
             service="HTTP", delegate=False, force_preemptive=False,
             principal=None, hostname_override=None,
-            sanitize_mutual_error_response=True, send_cbt=True):
+            sanitize_mutual_error_response=True, send_cbt=True, password=None):
         self._context = {}
         self.mutual_authentication = mutual_authentication
         self.delegate = delegate
@@ -180,6 +180,7 @@ def __init__(
         self.hostname_override = hostname_override
         self.sanitize_mutual_error_response = sanitize_mutual_error_response
         self.auth_done = False
+        self.password = password
 
         # Set the CBT values populated after the first response
         self.send_cbt = send_cbt
@@ -211,13 +212,15 @@ def generate_request_header(self, response, host, is_preemptive=False):
 
             self._context[host] = ctx = spnego.client(
                 username=self.principal,
+                password=self.password,
                 hostname=kerb_host,
                 service=self.service,
                 channel_bindings=self._cbts.get(host, None),
                 context_req=gssflags,
                 protocol="kerberos",
             )
 
+
             # if we have a previous response from the server, use it to continue
             # the auth process, otherwise use an empty value
             negotiate_resp_value = None if is_preemptive else _negotiate_value(response)
diff --git a/tests/test_requests_kerberos.py b/tests/test_requests_kerberos.py
@@ -72,6 +72,7 @@ def test_generate_request_header(mock_client):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -99,6 +100,7 @@ def test_generate_request_header_init_error(mock_client):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -123,6 +125,7 @@ def test_generate_request_header_step_error(mock_client):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -169,6 +172,7 @@ def test_authenticate_user(mock_client, mocker):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -217,6 +221,7 @@ def test_authenticate_user2(mock_client, mocker):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -262,6 +267,7 @@ def test_handle_401(mock_client, mocker):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -310,6 +316,7 @@ def test_handle_407(mock_client, mocker):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -553,6 +560,7 @@ def test_handle_response_401(mock_client, mocker):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -606,6 +614,7 @@ def connection_send(self, *args, **kwargs):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -630,6 +639,7 @@ def test_generate_request_header_custom_service(mock_client):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "barfoo",
         "channel_bindings": None,
@@ -669,6 +679,7 @@ def test_delegation(mock_client, mocker):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -693,6 +704,26 @@ def test_principal_override(mock_client):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": "user@REALM",
+        "password": None,
+        "hostname": "www.example.org",
+        "service": "HTTP",
+        "channel_bindings": None,
+        "context_req": spnego.ContextReq.sequence_detect | spnego.ContextReq.mutual_auth,
+        "protocol": "kerberos",
+    }
+
+def test_principal_override_with_pass(mock_client):
+    response = requests.Response()
+    response.url = "http://www.example.org/"
+    response.headers = {'www-authenticate': 'negotiate dG9rZW4='}
+    host = urlparse(response.url).hostname
+    auth = requests_kerberos.HTTPKerberosAuth(principal="user@REALM",password="password")
+    auth.generate_request_header(response, host),
+
+    assert mock_client.call_count == 1
+    assert mock_client.call_args[1] == {
+        "username": "user@REALM",
+        "password": "password",
         "hostname": "www.example.org",
         "service": "HTTP",
         "channel_bindings": None,
@@ -712,6 +743,7 @@ def test_realm_override(mock_client):
     assert mock_client.call_count == 1
     assert mock_client.call_args[1] == {
         "username": None,
+        "password": None,
         "hostname": "otherhost.otherdomain.org",
         "service": "HTTP",
         "channel_bindings": None,

-Original file line number
+Diff line change
 build/
 dist/
 requests_kerberos.egg-info/
+-
 +.venv
 +.vscode