1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
import json
import importlib
session_manager = importlib.import_module('device-bound-session-credentials.session_manager')
def main(request, response):
test_session_manager = session_manager.find_for_request(request)
use_single_header = json.loads(request.body.decode('utf-8')).get("useSingleHeader")
if use_single_header is None:
return (400, response.headers, "")
headers = []
if request.headers.get(b"origin") is not None:
# Some tests (e.g. third-party-registration.https.html) set
# challenges across origins. Allow cookies so that we can get
# the session_manager for the request.
headers = [
("Access-Control-Allow-Origin", request.headers.get(b"origin")),
("Access-Control-Allow-Credentials", "true"),
]
challenges = []
for session_id in session_manager.find_for_request(request).get_session_ids():
early_challenge = test_session_manager.get_early_challenge(session_id)
if early_challenge is not None:
challenges.append(("Secure-Session-Challenge", f'"{early_challenge}";id="{session_id}"'))
if use_single_header:
combined_challenges = [("Secure-Session-Challenge", ", ".join([challenge[1] for challenge in challenges]))]
return (200, headers + combined_challenges, "")
else:
return (200, headers + challenges, "")
|
