Skip to content
This repository
Browse code

Fixed a bug in the authentication where if a bad username was given a

404 was returned.
  • Loading branch information...
commit c0054ca261e9a9f21c32841212c66122ecb0935b 1 parent 254afc5
Kurtis authored
15 udjserver/udj/tests/tests06/auth.py
@@ -39,9 +39,9 @@ class AuthTests(TestCase):
39 39 client = Client()
40 40 kurtis = User.objects.get(username='kurtis')
41 41
42   - def issueTicketRequest(self):
  42 + def issueTicketRequest(self, username='kurtis', password='testkurtis'):
43 43 return self.client.post(
44   - '/udj/0_6/auth', {'username': 'kurtis', 'password' : 'testkurtis'})
  44 + '/udj/0_6/auth', {'username': username, 'password' : password})
45 45
46 46 @staticmethod
47 47 def getCurrentTicket():
@@ -83,3 +83,14 @@ def testDoubleAuth(self):
83 83
84 84 self.assertEqual(new_ticket, ticket_hash)
85 85
  86 + def testBadPassword(self):
  87 + response = self.issueTicketRequest(password="badpassword")
  88 +
  89 + self.assertEqual(response.status_code, 401, response.content)
  90 + self.assertEqual(response['WWW-Authenticate'], 'password')
  91 +
  92 + def testBadUsername(self):
  93 + response = self.issueTicketRequest(username="wrongwrongwrong")
  94 +
  95 + self.assertEqual(response.status_code, 401, response.content)
  96 + self.assertEqual(response['WWW-Authenticate'], 'password')
19 udjserver/udj/views/views06/auth.py
@@ -75,13 +75,18 @@ def obtainTicketForUser(userRequestingTicket):
75 75 @HasNZParams(['username', 'password'])
76 76 def authenticate(request):
77 77
78   - userToAuth = get_object_or_404(User, username=request.POST['username'])
79   - if userToAuth.check_password(request.POST['password']):
80   - ticket = obtainTicketForUser(userToAuth)
81   - ticket_and_id = {"ticket_hash" : ticket.ticket_hash, "user_id" : userToAuth.id}
82   - response = HttpJSONResponse(json.dumps(ticket_and_id))
83   - return response
84   - else:
  78 + try:
  79 + userToAuth = User.objects.get(username=request.POST['username'])
  80 + if userToAuth.check_password(request.POST['password']):
  81 + ticket = obtainTicketForUser(userToAuth)
  82 + ticket_and_id = {"ticket_hash" : ticket.ticket_hash, "user_id" : userToAuth.id}
  83 + response = HttpJSONResponse(json.dumps(ticket_and_id))
  84 + return response
  85 + else:
  86 + response = HttpResponse(status=401)
  87 + response['WWW-Authenticate'] = 'password'
  88 + return response
  89 + except ObjectDoesNotExist:
85 90 response = HttpResponse(status=401)
86 91 response['WWW-Authenticate'] = 'password'
87 92 return response

0 comments on commit c0054ca

Please sign in to comment.
Something went wrong with that request. Please try again.