tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

refresh_session.py (2352B)

      1 import importlib
      2 import json
      3 from urllib.parse import parse_qs
      4 jwt_helper = importlib.import_module('device-bound-session-credentials.jwt_helper')
      5 session_manager = importlib.import_module('device-bound-session-credentials.session_manager')
      6 
      7 def main(request, response):
      8    test_session_manager = session_manager.find_for_request(request)
      9    test_session_manager.set_has_called_refresh(True)
     10 
     11    if test_session_manager.get_refresh_endpoint_unavailable():
     12        return (500, response.headers, "")
     13 
     14    session_id_header = request.headers.get("Sec-Secure-Session-Id")
     15    if session_id_header == None:
     16        return (400, response.headers, "")
     17    session_id_header = session_id_header.decode('utf-8')
     18    session_id = int(session_id_header)
     19 
     20    if test_session_manager.get_should_refresh_end_session():
     21        response_body = {
     22            "session_identifier": session_id,
     23            "continue": False
     24        }
     25        return (200, response.headers, json.dumps(response_body))
     26 
     27    if test_session_manager.get_has_custom_query_param() and 'refreshQueryParam' not in parse_qs(request.url_parts.query):
     28        return (400, response.headers, "")
     29 
     30    if test_session_manager.get_allows_challenges() and test_session_manager.get_refresh_sends_challenge():
     31        challenge = "refresh_challenge_value"
     32        if request.headers.get("Secure-Session-Response") == None:
     33            return (403, [('Secure-Session-Challenge', f'"{challenge}";id="{session_id}"')], "")
     34 
     35        session_key = test_session_manager.get_session_key(session_id)
     36        if session_key == None:
     37            return (400, response.headers, "")
     38 
     39        jwt_header, jwt_payload, verified = jwt_helper.decode_jwt(request.headers.get("Secure-Session-Response").decode('utf-8'), session_key)
     40 
     41        early_challenge = test_session_manager.get_early_challenge(session_id)
     42        if early_challenge is not None:
     43            challenge = early_challenge
     44 
     45        if test_session_manager.get_registration_sends_challenge_with_instructions():
     46            test_session_manager.reset_registration_sends_challenge_with_instructions()
     47            challenge = "login_challenge_value"
     48 
     49        if not verified or jwt_payload.get("jti") != challenge:
     50            return (400, response.headers, "")
     51 
     52    return test_session_manager.get_session_instructions_response(session_id, request)