X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_gssapi.git;a=blobdiff_plain;f=tests%2Ft_spnego_negotiate_once.py;fp=tests%2Ft_spnego_negotiate_once.py;h=7c7179ac98f7fafd10bb0ed8aad8e3beba7807e7;hp=0000000000000000000000000000000000000000;hb=f9cc36700c95a88ff7d7489167094556ac0e75cc;hpb=f29a1574c94ad8875626d4d707cc712a6f68ee29 diff --git a/tests/t_spnego_negotiate_once.py b/tests/t_spnego_negotiate_once.py new file mode 100755 index 0000000..7c7179a --- /dev/null +++ b/tests/t_spnego_negotiate_once.py @@ -0,0 +1,37 @@ +#!/usr/bin/python +# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license. + +import os +import requests +from requests_kerberos import HTTPKerberosAuth, OPTIONAL + + +if __name__ == '__main__': + sess = requests.Session() + url = 'http://%s/spnego_negotiate_once/' % ( + os.environ['NSS_WRAPPER_HOSTNAME']) + + # ensure a 401 with the appropriate WWW-Authenticate header is returned + # when no auth is provided + r = sess.get(url) + if r.status_code != 401: + raise ValueError('Spnego Negotiate Once failed - 401 expected') + if not (r.headers.get("WWW-Authenticate") and + r.headers.get("WWW-Authenticate").startswith("Negotiate")): + raise ValueError('Spnego Negotiate Once failed - WWW-Authenticate ' + 'Negotiate header missing') + + # test sending a bad Authorization header with GssapiNegotiateOnce enabled + r = sess.get(url, headers={"Authorization": "Negotiate badvalue"}) + if r.status_code != 401: + raise ValueError('Spnego Negotiate Once failed - 401 expected') + if r.headers.get("WWW-Authenticate"): + raise ValueError('Spnego Negotiate Once failed - WWW-Authenticate ' + 'Negotiate present but GssapiNegotiateOnce is ' + 'enabled') + + # ensure a 200 is returned when valid auth is provided + r = sess.get(url, auth=HTTPKerberosAuth()) + if r.status_code != 200: + raise ValueError('Spnego Negotiate Once failed') +