我们从Python开源项目中,提取了以下34个代码示例,用于说明如何使用httplib.UNAUTHORIZED。
def VerifyCredentials(self): '''Returns a twitter.User instance if the authenticating user is valid. Returns: A twitter.User instance representing that user if the credentials are valid, None otherwise. ''' if not self._oauth_consumer: raise TwitterError("Api instance must first be given user credentials.") url = '%s/account/verify_credentials.json' % self.base_url try: json = self._FetchUrl(url, no_cache=True) except urllib2.HTTPError, http_error: if http_error.code == httplib.UNAUTHORIZED: return None else: raise http_error data = self._ParseAndCheckTwitter(json) return User.NewFromJsonDict(data)
def get(self, url, headers=None, can_retry=True): """ Issue REST GET request to a given URL. Can throw ApiClientError or its subclass. Arguments: url (str): API url to fetch a resource from. headers (dict): Headers necessary as per API, e.g. authorization bearer to perform authorised requests. can_retry (bool): True if in a case of authentication error it can refresh access token and retry a call. Returns: Response in python native data format. """ headers_ = {'Authorization': 'Bearer ' + str(self.access_token)} if headers is not None: headers_.update(headers) resp = requests.get(url, headers=headers_) if resp.status_code == httplib.OK: return resp.json() elif resp.status_code == httplib.UNAUTHORIZED and can_retry: self.access_token = self._refresh_access_token() return self.get(url, headers, can_retry=False) else: raise BrightcoveApiClientError
def authenticate_api(self, **kwargs): """ Call a sample Wistia API url to check on authentication success. Reference: https://wistia.com/doc/data-api#authentication Arguments: kwargs (dict): Wistia master token key-value pair. Returns: auth_data (dict): Master token, provided by a user, which is to be stored in Wistia's player metadata. error_status_message (str): Message with authentication outcomes for the sake of verbosity. """ token, media_id = kwargs.get('token'), kwargs.get('video_id') # pylint: disable=unused-variable auth_data, error_message = {}, '' auth_data['token'] = token url = self.captions_api.get('auth_sample_url').format(token=str(token)) response = requests.get('https://' + url) if response.status_code == httplib.UNAUTHORIZED: error_message = "Authentication failed. " \ "Please ensure you have provided a valid master token, using Video API Token field." return auth_data, error_message
def cboxGetOpenFiles(): '''Returns a list of all currently opened files, for operations purposes only. This call is protected by the same shared secret as the /wopi/cbox/open call.''' req = flask.request # first check if the shared secret matches ours if 'Authorization' not in req.headers or req.headers['Authorization'] != 'Bearer ' + Wopi.ocsecret: Wopi.log.warning('msg="cboxGetOpenFiles: unauthorized access attempt, missing authorization token" client="%s"' % req.remote_addr) return 'Client not authorized', httplib.UNAUTHORIZED # first convert the sets into lists, otherwise sets cannot be serialized in JSON format jl = {} for f in Wopi.openfiles.keys(): jl[f] = (Wopi.openfiles[f][0], tuple(Wopi.openfiles[f][1])) # dump the current list of opened files in JSON format Wopi.log.info('msg="cboxGetOpenFiles: returning list of open files" client="%s"' % req.remote_addr) return flask.Response(json.dumps(jl), mimetype='application/json') # # The WOPI protocol implementation starts here #
def wopiGetFile(fileid): '''Implements the GetFile WOPI call''' Wopi.refreshconfig() try: acctok = jwt.decode(flask.request.args['access_token'], Wopi.wopisecret, algorithms=['HS256']) if acctok['exp'] < time.time(): raise jwt.exceptions.ExpiredSignatureError Wopi.log.info('msg="GetFile" user="%s:%s" filename="%s" fileid="%s" token="%s"' % \ (acctok['ruid'], acctok['rgid'], acctok['filename'], fileid, flask.request.args['access_token'][-20:])) # stream file from storage to client resp = flask.Response(xrdcl.readfile(acctok['filename'], acctok['ruid'], acctok['rgid']), mimetype='application/octet-stream') resp.status_code = httplib.OK return resp except (jwt.exceptions.DecodeError, jwt.exceptions.ExpiredSignatureError) as e: Wopi.log.warning('msg="Signature verification failed" client="%s" requestedUrl="%s" token="%s"' % \ (flask.request.remote_addr, flask.request.base_url, flask.request.args['access_token'])) return 'Invalid access token', httplib.UNAUTHORIZED except Exception, e: return _logGeneralExceptionAndReturn(e, flask.request) # # The following operations are all called on POST /wopi/files/<fileid> #
def abort_unauthorized(description): """Raise an Unauthorized exception. """ abort(httplib.UNAUTHORIZED, description=description)
def _handle_missing_api_key(self, app_info, start_response): code = httplib.UNAUTHORIZED detail = self._NO_API_KEY_MSG logger.warn(u'Check not performed %d, %s', code, detail) error_msg = b'%d %s' % (code, detail.encode('utf-8')) start_response(error_msg, []) app_info.response_code = code app_info.api_key_valid = False return error_msg # the request cannot continue
def test_validate_URL_existence_url_raise_err(self, mock_cs, mock_url): url_raise_err = Foo() err_msg = "Unauthorized" setattr(url_raise_err, "code", httplib.UNAUTHORIZED) setattr(url_raise_err, "msg", err_msg) mock_url.side_effect = [url_raise_err] mock_cs.side_effect = [None] api = API.apiCalls.ApiCalls( client_id="", client_secret="", base_URL="", username="", password="" ) validate_URL = api.validate_URL_existence url = "http://localhost:8080/api/" with self.assertRaises(Exception) as err: validate_URL(url) self.assertTrue(err_msg in str(err.exception)) API.apiCalls.urlopen.assert_called_with(url, timeout=api.max_wait_time)
def test_with_incorrect_username_and_domain_id(self): data = generate_password_auth_data({ 'name': uuid.uuid4().hex, 'password': self.password, 'domain': {'id': self.domain_id}, }) self.authenticate(data, expected_status=httplib.UNAUTHORIZED)
def test_with_username_and_incorrect_domain_id(self): data = generate_password_auth_data({ 'name': self.username, 'password': self.password, 'domain': {'id': uuid.uuid4().hex}, }) self.authenticate(data, expected_status=httplib.UNAUTHORIZED)
def test_with_username_and_incorrect_domain_name(self): data = generate_password_auth_data({ 'name': self.username, 'password': self.password, 'domain': {'name': uuid.uuid4().hex}, }) self.authenticate(data, expected_status=httplib.UNAUTHORIZED)
def test_with_incorrect_user_id(self): data = generate_password_auth_data({ 'id': uuid.uuid4().hex, 'password': self.password, }) self.authenticate(data, expected_status=httplib.UNAUTHORIZED)
def test_with_user_id_and_incorrect_domain_id(self): data = generate_password_auth_data({ 'id': self.user_id, 'password': self.password, 'domain': {'id': uuid.uuid4().hex}, }) self.authenticate(data, expected_status=httplib.UNAUTHORIZED)
def test_invalid(self): data = generate_password_auth_data_with_scope( user={ 'name': self.username, 'password': self.password, 'domain': {'id': self.domain_id}, }, scope={'project': {'id': uuid.uuid4().hex}}) self.authenticate(data, expected_status=httplib.UNAUTHORIZED)
def test_invalid(self): data = generate_password_auth_data_with_scope( user={ 'name': self.username, 'password': self.password, 'domain': {'id': self.domain_id}, }, scope={'domain': {'id': uuid.uuid4().hex}}) self.authenticate(data, httplib.UNAUTHORIZED)
def test_with_invalid_project_id(self): data = generate_password_auth_data({ 'name': self.username, 'password': self.password, }) resp = self.authenticate(data) token = resp.headers['X-Subject-Token'] data = generate_token_auth_data_with_scope( token_id=token, scope={'project': {'id': 'invalid'}}) self.authenticate(data, httplib.UNAUTHORIZED)
def test_with_invalid_token_id(self): data = generate_token_auth_data_with_scope( token_id='invalid', scope={'project': {'id': self.project_id}}) self.authenticate(data, httplib.UNAUTHORIZED)
def _is_token_expired_on_upload(response): if response.status_code == httplib.UNAUTHORIZED: try: json_data = response.json() error = json_data.get('error') # {"error":{"code":"PDK_RP_0004","label":"INVALID_TOKEN","details":"OIDC rejected the token"}} return error is not None and error.get('label') == 'INVALID_TOKEN' except: return False else: return False
def _is_token_expired(response): if response.status_code == httplib.UNAUTHORIZED: try: json_data = response.json() return json_data.get('message', '') == 'Invalid credentials' except: return False else: return False
def post(self, url, payload, headers=None, can_retry=True): """ Issue REST POST request to a given URL. Can throw ApiClientError or its subclass. Arguments: url (str): API url to fetch a resource from. payload (dict): POST data. headers (dict): Headers necessary as per API, e.g. authorization bearer to perform authorised requests. can_retry (bool): True if in a case of authentication error it can refresh access token and retry a call. Returns: Response in Python native data format. """ headers_ = { 'Authorization': 'Bearer ' + self.access_token, 'Content-type': 'application/json' } if headers is not None: headers_.update(headers) resp = requests.post(url, data=payload, headers=headers_) if resp.status_code in (httplib.OK, httplib.CREATED): return resp.json() elif resp.status_code == httplib.UNAUTHORIZED and can_retry: self.access_token = self._refresh_access_token() return self.post(url, payload, headers, can_retry=False) else: raise BrightcoveApiClientError
def cboxDownload(): '''Returns the file's content for a given valid access token. Used as a download URL, so that the file's path is never explicitly visible.''' try: acctok = jwt.decode(flask.request.args['access_token'], Wopi.wopisecret, algorithms=['HS256']) if acctok['exp'] < time.time(): raise jwt.exceptions.ExpiredSignatureError resp = flask.Response(xrdcl.readfile(acctok['filename'], acctok['ruid'], acctok['rgid']), mimetype='application/octet-stream') resp.headers['Content-Disposition'] = 'attachment; filename="%s"' % os.path.basename(acctok['filename']) resp.status_code = httplib.OK Wopi.log.info('msg="cboxDownload: direct download succeeded" filename="%s" user="%s:%s" token="%s"' % \ (acctok['filename'], acctok['ruid'], acctok['rgid'], flask.request.args['access_token'][-20:])) return resp except (jwt.exceptions.DecodeError, jwt.exceptions.ExpiredSignatureError) as e: Wopi.log.warning('msg="Signature verification failed" client="%s" requestedUrl="%s" token="%s"' % \ (flask.request.remote_addr, flask.request.base_url, flask.request.args['access_token'])) return 'Invalid access token', httplib.NOT_FOUND except IOError, e: Wopi.log.info('msg="Requested file not found" filename="%s" token="%s" error="%s"' % \ (acctok['filename'], flask.request.args['access_token'][-20:], e)) return 'File not found', httplib.NOT_FOUND except KeyError, e: Wopi.log.error('msg="Invalid access token or request argument" error="%s"' % e) return 'Invalid access token', httplib.UNAUTHORIZED except Exception, e: return _logGeneralExceptionAndReturn(e, flask.request)
def test_unauthenticated(self): response, _ = self.client.request( 'Participant', method='POST', body='{}', authenticated=False, check_status=False) self.assertEquals(response.status, httplib.UNAUTHORIZED)
def check_resp_status_and_retry(resp, image_id, url): # Note(Jesse): This branch sorts errors into those that are permanent, # those that are ephemeral, and those that are unexpected. if resp.status in (httplib.BAD_REQUEST, # 400 httplib.UNAUTHORIZED, # 401 httplib.PAYMENT_REQUIRED, # 402 httplib.FORBIDDEN, # 403 httplib.METHOD_NOT_ALLOWED, # 405 httplib.NOT_ACCEPTABLE, # 406 httplib.PROXY_AUTHENTICATION_REQUIRED, # 407 httplib.CONFLICT, # 409 httplib.GONE, # 410 httplib.LENGTH_REQUIRED, # 411 httplib.PRECONDITION_FAILED, # 412 httplib.REQUEST_ENTITY_TOO_LARGE, # 413 httplib.REQUEST_URI_TOO_LONG, # 414 httplib.UNSUPPORTED_MEDIA_TYPE, # 415 httplib.REQUESTED_RANGE_NOT_SATISFIABLE, # 416 httplib.EXPECTATION_FAILED, # 417 httplib.UNPROCESSABLE_ENTITY, # 422 httplib.LOCKED, # 423 httplib.FAILED_DEPENDENCY, # 424 httplib.UPGRADE_REQUIRED, # 426 httplib.NOT_IMPLEMENTED, # 501 httplib.HTTP_VERSION_NOT_SUPPORTED, # 505 httplib.NOT_EXTENDED, # 510 ): raise PluginError("Got Permanent Error response [%i] while " "uploading image [%s] to glance [%s]" % (resp.status, image_id, url)) # Nova service would process the exception elif resp.status == httplib.NOT_FOUND: # 404 exc = XenAPI.Failure('ImageNotFound') raise exc # NOTE(nikhil): Only a sub-set of the 500 errors are retryable. We # optimistically retry on 500 errors below. elif resp.status in (httplib.REQUEST_TIMEOUT, # 408 httplib.INTERNAL_SERVER_ERROR, # 500 httplib.BAD_GATEWAY, # 502 httplib.SERVICE_UNAVAILABLE, # 503 httplib.GATEWAY_TIMEOUT, # 504 httplib.INSUFFICIENT_STORAGE, # 507 ): raise RetryableError("Got Ephemeral Error response [%i] while " "uploading image [%s] to glance [%s]" % (resp.status, image_id, url)) else: # Note(Jesse): Assume unexpected errors are retryable. If you are # seeing this error message, the error should probably be added # to either the ephemeral or permanent error list. raise RetryableError("Got Unexpected Error response [%i] while " "uploading image [%s] to glance [%s]" % (resp.status, image_id, url))
def _Ping(self): """Ping the v2 Registry. Only called during transport construction, this pings the listed v2 registry. The point of this ping is to establish the "realm" and "service" to use for Basic for Bearer-Token exchanges. """ # This initiates the pull by issuing a v2 ping: # GET H:P/v2/ headers = { 'content-type': 'application/json', 'user-agent': docker_name.USER_AGENT, } resp, unused_content = self._transport.request( '{scheme}://{registry}/v2/'.format(scheme=Scheme(self._name.registry), registry=self._name.registry), 'GET', body=None, headers=headers) # We expect a www-authenticate challenge. _CheckState(resp.status in [httplib.OK, httplib.UNAUTHORIZED], 'Unexpected status: %d' % resp.status) # The registry is authenticated iff we have an authentication challenge. if resp.status == httplib.OK: self._authentication = _ANONYMOUS self._service = 'none' self._realm = 'none' return challenge = resp['www-authenticate'] _CheckState(' ' in challenge, 'Unexpected "www-authenticate" header form: %s' % challenge) (self._authentication, remainder) = challenge.split(' ', 1) # Normalize the authentication scheme to have exactly the first letter # capitalized. Scheme matching is required to be case insensitive: # https://tools.ietf.org/html/rfc7235#section-2.1 self._authentication = self._authentication.capitalize() _CheckState(self._authentication in [_BASIC, _BEARER], 'Unexpected "www-authenticate" challenge type: %s' % self._authentication) # Default "_service" to the registry self._service = self._name.registry tokens = remainder.split(',') for t in tokens: if t.startswith(_REALM_PFX): self._realm = t[len(_REALM_PFX):].strip('"') elif t.startswith(_SERVICE_PFX): self._service = t[len(_SERVICE_PFX):].strip('"') # Make sure these got set. _CheckState(self._realm, 'Expected a "%s" in "www-authenticate" ' 'header: %s' % (_REALM_PFX, challenge))
def check_status(status, expected, path, headers=None, resp_headers=None, body=None, extras=None): """Check HTTP response status is expected. Args: status: HTTP response status. int. expected: a list of expected statuses. A list of ints. path: filename or a path prefix. headers: HTTP request headers. resp_headers: HTTP response headers. body: HTTP response body. extras: extra info to be logged verbatim if error occurs. Raises: AuthorizationError: if authorization failed. NotFoundError: if an object that's expected to exist doesn't. TimeoutError: if HTTP request timed out. ServerError: if server experienced some errors. FatalError: if any other unexpected errors occurred. """ if status in expected: return msg = ('Expect status %r from Google Storage. But got status %d.\n' 'Path: %r.\n' 'Request headers: %r.\n' 'Response headers: %r.\n' 'Body: %r.\n' 'Extra info: %r.\n' % (expected, status, path, headers, resp_headers, body, extras)) if status == httplib.UNAUTHORIZED: raise AuthorizationError(msg) elif status == httplib.FORBIDDEN: raise ForbiddenError(msg) elif status == httplib.NOT_FOUND: raise NotFoundError(msg) elif status == httplib.REQUEST_TIMEOUT: raise TimeoutError(msg) elif status == httplib.REQUESTED_RANGE_NOT_SATISFIABLE: raise InvalidRange(msg) elif (status == httplib.OK and 308 in expected and httplib.OK not in expected): raise FileClosedError(msg) elif status >= 500: raise ServerError(msg) else: raise FatalError(msg)
def ReadHttpResponse(conn, expect_status=200, ignore_404=True): """Reads an http response from a connection into a string buffer. Args: conn: An HTTPSConnection or HTTPConnection created by CreateHttpConn, above. expect_status: Success is indicated by this status in the response. ignore_404: For many requests, gerrit-on-borg will return 404 if the request doesn't match the database contents. In most such cases, we want the API to return None rather than raise an Exception. Returns: A string buffer containing the connection's reply. """ sleep_time = 0.5 for idx in range(TRY_LIMIT): response = conn.getresponse() # Check if this is an authentication issue. www_authenticate = response.getheader('www-authenticate') if (response.status in (httplib.UNAUTHORIZED, httplib.FOUND) and www_authenticate): auth_match = re.search('realm="([^"]+)"', www_authenticate, re.I) host = auth_match.group(1) if auth_match else conn.req_host reason = ('Authentication failed. Please make sure your .netrc file ' 'has credentials for %s' % host) raise GerritAuthenticationError(response.status, reason) # If response.status < 500 then the result is final; break retry loop. if response.status < 500: break # A status >=500 is assumed to be a possible transient error; retry. http_version = 'HTTP/%s' % ('1.1' if response.version == 11 else '1.0') msg = ( 'A transient error occurred while querying %s:\n' '%s %s %s\n' '%s %d %s' % ( conn.host, conn.req_params['method'], conn.req_params['url'], http_version, http_version, response.status, response.reason)) if TRY_LIMIT - idx > 1: msg += '\n... will retry %d more times.' % (TRY_LIMIT - idx - 1) time.sleep(sleep_time) sleep_time = sleep_time * 2 req_host = conn.req_host req_params = conn.req_params conn = GetConnectionClass()(req_host) conn.req_host = req_host conn.req_params = req_params conn.request(**req_params) LOGGER.warn(msg) if ignore_404 and response.status == 404: return StringIO() if response.status != expect_status: reason = '%s: %s' % (response.reason, response.read()) raise GerritError(response.status, reason) return StringIO(response.read())
def cboxOpen(): '''Returns a WOPISrc target and an access token to be passed to Microsoft Office online for accessing a given file for a given user. This is the most sensitive call as it provides direct access to any user's file, therefore it is protected both by IP and a shared secret. The shared secret protection is disabled when running in plain http mode for testing purposes.''' Wopi.refreshconfig() req = flask.request # if running in https mode, first check if the shared secret matches ours if Wopi.useHttps and ('Authorization' not in req.headers or req.headers['Authorization'] != 'Bearer ' + Wopi.ocsecret): Wopi.log.warning('msg="cboxOpen: unauthorized access attempt, missing authorization token" client="%s"' % req.remote_addr) return 'Client not authorized', httplib.UNAUTHORIZED # now validate the user identity and deny root access try: ruid = int(req.args['ruid']) rgid = int(req.args['rgid']) if ruid == 0 or rgid == 0: raise ValueError except ValueError: Wopi.log.warning('msg="cboxOpen: invalid user/group in request" client="%s" user="%s:%s"' % \ (req.remote_addr, req.args['ruid'], req.args['rgid'])) return 'Client not authorized', httplib.UNAUTHORIZED # then resolve the client: only our OwnCloud servers shall use this API allowedclients = Wopi.config.get('general', 'allowedclients').split() for c in allowedclients: try: for ip in socket.getaddrinfo(c, None): if ip[4][0] == req.remote_addr: # we got a match, generate the access token filename = urllib.unquote(req.args['filename']) canedit = 'canedit' in req.args and req.args['canedit'].lower() == 'true' username = req.args['username'] if 'username' in req.args else '' folderurl = urllib.unquote(req.args['folderurl']) try: Wopi.log.info('msg="cboxOpen: access granted, generating token" client="%s" user="%d:%d" friendlyname="%s" canedit="%s"' % \ (req.remote_addr, ruid, rgid, username, canedit)) inode, acctok = _generateAccessToken(str(ruid), str(rgid), filename, canedit, username, folderurl) # return an URL-encoded WOPISrc URL for the Office Online server return urllib.quote_plus('%s/wopi/files/%s' % (_ourHostName(), inode)) + \ '&access_token=%s' % acctok # no need to URL-encode the JWT token except IOError: return 'Remote error or file not found', httplib.NOT_FOUND except socket.gaierror: Wopi.log.warning('msg="cboxOpen: %s found in configured allowed clients but unknown by DNS resolution, ignoring"' % c) # no match found, fail Wopi.log.warning('msg="cboxOpen: unauthorized access attempt, client IP not whitelisted" client="%s"' % req.remote_addr) return 'Client not authorized', httplib.UNAUTHORIZED
def ReadHttpResponse(conn, expect_status=200, ignore_404=True): """Reads an http response from a connection into a string buffer. Args: conn: An HTTPSConnection or HTTPConnection created by CreateHttpConn, above. expect_status: Success is indicated by this status in the response. ignore_404: For many requests, gerrit-on-borg will return 404 if the request doesn't match the database contents. In most such cases, we want the API to return None rather than raise an Exception. Returns: A string buffer containing the connection's reply. """ sleep_time = 0.5 for idx in range(TRY_LIMIT): response = conn.getresponse() # Check if this is an authentication issue. www_authenticate = response.getheader('www-authenticate') if (response.status in (httplib.UNAUTHORIZED, httplib.FOUND) and www_authenticate): auth_match = re.search('realm="([^"]+)"', www_authenticate, re.I) host = auth_match.group(1) if auth_match else conn.req_host reason = ('Authentication failed. Please make sure your .netrc file ' 'has credentials for %s' % host) raise GerritAuthenticationError(response.status, reason) # If response.status < 500 then the result is final; break retry loop. if response.status < 500: LOGGER.debug('got response %d for %s %s', response.status, conn.req_params['method'], conn.req_params['url']) break # A status >=500 is assumed to be a possible transient error; retry. http_version = 'HTTP/%s' % ('1.1' if response.version == 11 else '1.0') LOGGER.warn('A transient error occurred while querying %s:\n' '%s %s %s\n' '%s %d %s', conn.host, conn.req_params['method'], conn.req_params['url'], http_version, http_version, response.status, response.reason) if TRY_LIMIT - idx > 1: LOGGER.warn('... will retry %d more times.', TRY_LIMIT - idx - 1) time.sleep(sleep_time) sleep_time = sleep_time * 2 req_host = conn.req_host req_params = conn.req_params conn = GetConnectionClass()(req_host) conn.req_host = req_host conn.req_params = req_params conn.request(**req_params) if ignore_404 and response.status == 404: return StringIO() if response.status != expect_status: reason = '%s: %s' % (response.reason, response.read()) raise GerritError(response.status, reason) return StringIO(response.read())
def _authenticate_with_kerberos(conn_info, url, agent, gss_client=None): service = '{0}@{1}'.format(conn_info.scheme.upper(), conn_info.hostname) if gss_client is None: gss_client = AuthGSSClient( service, conn_info) base64_client_data = yield gss_client.get_base64_client_data() auth = 'Kerberos {0}'.format(base64_client_data) k_headers = Headers(_CONTENT_TYPE) k_headers.addRawHeader('Authorization', auth) k_headers.addRawHeader('Content-Length', '0') response = yield agent.request('POST', url, k_headers, None) auth_header = response.headers.getRawHeaders('WWW-Authenticate')[0] auth_details = get_auth_details(auth_header) if response.code == httplib.UNAUTHORIZED: try: if auth_details: gss_client._step(auth_details) except kerberos.GSSError as e: msg = "HTTP Unauthorized received on kerberos initialization. "\ "Kerberos error code {0}: {1}.".format(e.args[1][1], e.args[1][0]) raise Exception(msg) raise UnauthorizedError( "HTTP Unauthorized received on initial kerberos request. Check username and password") elif response.code == httplib.FORBIDDEN: raise ForbiddenError( "Forbidden. Check WinRM port and version.") elif response.code != httplib.OK: proto = _StringProtocol() response.deliverBody(proto) xml_str = yield proto.d xml_str = gss_client.decrypt_body(xml_str) raise Exception( "status code {0} received on initial kerberos request {1}" .format(response.code, xml_str)) if not auth_details: raise Exception( 'negotiate not found in WWW-Authenticate header: {0}' .format(auth_header)) k_username = gss_client.get_username(auth_details) log.debug('kerberos auth successful for user: {0} / {1} ' .format(conn_info.username, k_username)) defer.returnValue(gss_client)
