File: authentication.py

package info (click to toggle)
firefox 149.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,767,760 kB
  • sloc: cpp: 7,416,064; javascript: 6,752,859; ansic: 3,774,850; python: 1,250,473; xml: 641,578; asm: 439,191; java: 186,617; sh: 56,634; makefile: 18,856; objc: 13,092; perl: 12,763; pascal: 5,960; yacc: 4,583; cs: 3,846; lex: 1,720; ruby: 1,002; php: 436; lisp: 258; awk: 105; sql: 66; sed: 53; csh: 10; exp: 6
file content (24 lines) | stat: -rw-r--r-- 1,021 bytes parent folder | download | duplicates (24) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
def main(request, response):
    session_user = request.auth.username
    session_pass = request.auth.password
    expected_user_name = request.headers.get(b"X-User", None)

    token = expected_user_name
    if session_user is None and session_pass is None:
        if token is not None and request.server.stash.take(token) is not None:
            return b'FAIL (did not authorize)'
        else:
            if token is not None:
                request.server.stash.put(token, b"1")
            status = (401, b'Unauthorized')
            headers = [(b'WWW-Authenticate', b'Basic realm="test"')]
            return status, headers, b'FAIL (should be transparent)'
    else:
        if request.server.stash.take(token) == b"1":
            challenge = b"DID"
        else:
            challenge = b"DID-NOT"
        headers = [(b'XHR-USER', expected_user_name),
                   (b'SES-USER', session_user),
                   (b"X-challenge", challenge)]
        return headers, session_user + b"\n" + session_pass