def main(request, response):
session_user = request.auth.username
session_pass = request.auth.password
expected_user_name = request.headers.get(b"X-User", None)
token = expected_user_name
if session_user is None and session_pass is None:
if token is not None and request.server.stash.take(token) is not None:
return b'FAIL (did not authorize)'
else:
if token is not None:
request.server.stash.put(token, b"1")
status = (401, b'Unauthorized')
headers = [(b'WWW-Authenticate', b'Basic realm="test"')]
return status, headers, b'FAIL (should be transparent)'
else:
if request.server.stash.take(token) == b"1":
challenge = b"DID"
else:
challenge = b"DID-NOT"
headers = [(b'XHR-USER', expected_user_name),
(b'SES-USER', session_user),
(b"X-challenge", challenge)]
return headers, session_user + b"\n" + session_pass
Codebase Browser
chromium