File: start_session.py

package info (click to toggle)
firefox 149.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,767,760 kB
  • sloc: cpp: 7,416,064; javascript: 6,752,859; ansic: 3,774,850; python: 1,250,473; xml: 641,578; asm: 439,191; java: 186,617; sh: 56,634; makefile: 18,856; objc: 13,092; perl: 12,763; pascal: 5,960; yacc: 4,583; cs: 3,846; lex: 1,720; ruby: 1,002; php: 436; lisp: 258; awk: 105; sql: 66; sed: 53; csh: 10; exp: 6
file content (35 lines) | stat: -rw-r--r-- 2,219 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
import importlib
from urllib.parse import parse_qs
jwt_helper = importlib.import_module('device-bound-session-credentials.jwt_helper')
session_manager = importlib.import_module('device-bound-session-credentials.session_manager')

def main(request, response):
    test_session_manager = session_manager.find_for_request(request)
    extra_cookie_headers = test_session_manager.get_set_cookie_headers(test_session_manager.registration_extra_cookies, request)
    if test_session_manager.get_allows_challenges() and test_session_manager.get_registration_sends_challenge_before_instructions():
        # Only send back a challenge on the first call.
        test_session_manager.reset_registration_sends_challenge_before_instructions()
        return (403, [('Secure-Session-Challenge', '"login_challenge_value"')] + extra_cookie_headers, "")

    session_id = test_session_manager.create_new_session()
    if test_session_manager.get_allows_challenges():
        jwt_header, jwt_payload, verified = jwt_helper.decode_jwt(request.headers.get("Secure-Session-Response").decode('utf-8'))
        test_session_manager.set_session_key(session_id, jwt_header.get('jwk'))

        if not verified or jwt_payload.get("jti") != "login_challenge_value":
            return (400, list(response.headers) + extra_cookie_headers, "")

        if jwt_payload.get("authorization") != test_session_manager.get_authorization_value():
            return (400, list(response.headers) + extra_cookie_headers, "")

        if jwt_payload.get("sub") is not None:
            return (400, list(response.headers) + extra_cookie_headers, "")

    if test_session_manager.get_has_custom_query_param() and 'registrationQueryParam' not in parse_qs(request.url_parts.query):
        return (400, list(response.headers) + extra_cookie_headers, "")

    (code, headers, body) = test_session_manager.get_session_instructions_response(session_id, request)
    headers += extra_cookie_headers
    if test_session_manager.get_allows_challenges() and  test_session_manager.get_registration_sends_challenge_with_instructions():
        headers.append(('Secure-Session-Challenge', f'"login_challenge_value";id="{session_id}"'))
    return (code, headers, body)