remove unused helper functions in atest http server

oboehmer · oboehmer · commit 8ecef365e400 · 2025-12-15T22:52:52.000+01:00
diff --git a/atests/http_server/helpers.py b/atests/http_server/helpers.py
@@ -256,144 +256,6 @@ def status_code(code):
     return r
 
 
-# =============================================================================
-# UNUSED: Authentication functions below are no longer used (Flask-HTTPAuth is used instead)
-# These functions remain for reference but can be removed in the future
-# =============================================================================
-
-def check_basic_auth(user, passwd):
-    """Checks user authentication using HTTP Basic Auth.
-
-    UNUSED: Replaced by Flask-HTTPAuth's @basic_auth.verify_password decorator
-    """
-
-    auth = request.authorization
-    return auth and auth.username == user and auth.password == passwd
-
-
-# Digest auth helpers
-# qop is a quality of protection
-
-
-def H(data, algorithm):
-    """UNUSED: Hash function for digest auth (replaced by Flask-HTTPAuth)"""
-    if algorithm == 'SHA-256':
-        return sha256(data).hexdigest()
-    elif algorithm == 'SHA-512':
-        return sha512(data).hexdigest()
-    else:
-        return md5(data).hexdigest()
-
-
-def HA1(realm, username, password, algorithm):
-    """Create HA1 hash by realm, username, password
-
-    HA1 = md5(A1) = MD5(username:realm:password)
-
-    UNUSED: Replaced by Flask-HTTPAuth
-    """
-    if not realm:
-        realm = u''
-    return H(b":".join([username.encode('utf-8'),
-                       realm.encode('utf-8'),
-                       password.encode('utf-8')]), algorithm)
-
-
-def HA2(credentials, request, algorithm):
-    """Create HA2 md5 hash
-
-    If the qop directive's value is "auth" or is unspecified, then HA2:
-        HA2 = md5(A2) = MD5(method:digestURI)
-    If the qop directive's value is "auth-int" , then HA2 is
-        HA2 = md5(A2) = MD5(method:digestURI:MD5(entityBody))
-
-    UNUSED: Replaced by Flask-HTTPAuth
-    """
-    if credentials.get("qop") == "auth" or credentials.get('qop') is None:
-        return H(b":".join([request['method'].encode('utf-8'), request['uri'].encode('utf-8')]), algorithm)
-    elif credentials.get("qop") == "auth-int":
-        for k in 'method', 'uri', 'body':
-            if k not in request:
-                raise ValueError("%s required" % k)
-        A2 = b":".join([request['method'].encode('utf-8'),
-                        request['uri'].encode('utf-8'),
-                        H(request['body'], algorithm).encode('utf-8')])
-        return H(A2, algorithm)
-    raise ValueError
-
-
-def response(credentials, password, request):
-    """Compile digest auth response
-
-    If the qop directive's value is "auth" or "auth-int" , then compute the response as follows:
-       RESPONSE = MD5(HA1:nonce:nonceCount:clienNonce:qop:HA2)
-    Else if the qop directive is unspecified, then compute the response as follows:
-       RESPONSE = MD5(HA1:nonce:HA2)
-
-    Arguments:
-    - `credentials`: credentials dict
-    - `password`: request user password
-    - `request`: request dict
-
-    UNUSED: Replaced by Flask-HTTPAuth
-    """
-    response = None
-    algorithm = credentials.get('algorithm')
-    HA1_value = HA1(
-        credentials.get('realm'),
-        credentials.get('username'),
-        password,
-        algorithm
-    )
-    HA2_value = HA2(credentials, request, algorithm)
-    if credentials.get('qop') is None:
-        response = H(b":".join([
-            HA1_value.encode('utf-8'),
-            credentials.get('nonce', '').encode('utf-8'),
-            HA2_value.encode('utf-8')
-        ]), algorithm)
-    elif credentials.get('qop') == 'auth' or credentials.get('qop') == 'auth-int':
-        for k in 'nonce', 'nc', 'cnonce', 'qop':
-            if k not in credentials:
-                raise ValueError("%s required for response H" % k)
-        response = H(b":".join([HA1_value.encode('utf-8'),
-                               credentials.get('nonce').encode('utf-8'),
-                               credentials.get('nc').encode('utf-8'),
-                               credentials.get('cnonce').encode('utf-8'),
-                               credentials.get('qop').encode('utf-8'),
-                               HA2_value.encode('utf-8')]), algorithm)
-    else:
-        raise ValueError("qop value are wrong")
-
-    return response
-
-
-def check_digest_auth(user, passwd):
-    """Check user authentication using HTTP Digest auth
-
-    UNUSED: Replaced by Flask-HTTPAuth's @digest_auth.get_password decorator
-    """
-
-    if request.headers.get('Authorization'):
-        credentials = Authorization.from_header(request.headers.get('Authorization'))
-        if not credentials:
-            return
-        request_uri = request.script_root + request.path
-        if request.query_string:
-            request_uri += '?' + request.query_string
-        response_hash = response(credentials, passwd, dict(uri=request_uri,
-                                                           body=request.data,
-                                                           method=request.method))
-        if credentials.get('response') == response_hash:
-            return True
-    return False
-
-
-def secure_cookie():
-    """Return true if cookie should have secure attribute"""
-    return request.environ['wsgi.url_scheme'] == 'https'
-
-
 def __parse_request_range(range_header_text):
     """ Return a tuple describing the byte range requested in a GET request
     If the range is open ended on the left or right side, then a value of None
@@ -471,32 +333,3 @@ def next_stale_after_value(stale_after):
         return str(stal_after_count)
     except ValueError:
         return 'never'
-
-
-def digest_challenge_response(app, qop, algorithm, stale=False):
-    """Generate digest authentication challenge response.
-
-    UNUSED: Replaced by Flask-HTTPAuth which handles challenge generation automatically
-    """
-    response = app.make_response('')
-    response.status_code = 401
-
-    # RFC2616 Section4.2: HTTP headers are ASCII.  That means
-    # request.remote_addr was originally ASCII, so I should be able to
-    # encode it back to ascii.  Also, RFC2617 says about nonces: "The
-    # contents of the nonce are implementation dependent"
-    nonce = H(b''.join([
-        getattr(request, 'remote_addr', u'').encode('ascii'),
-        b':',
-        str(time.time()).encode('ascii'),
-        b':',
-        os.urandom(10)
-    ]), algorithm)
-    opaque = H(os.urandom(10), algorithm)
-
-    auth = WWWAuthenticate("digest")
-    auth.set_digest('me@kennethreitz.com', nonce, opaque=opaque,
-                    qop=('auth', 'auth-int') if qop is None else (qop,), algorithm=algorithm)
-    auth.stale = stale
-    response.headers['WWW-Authenticate'] = auth.to_header()
-    return response
