authentication.py (1021B)
1 def main(request, response): 2 session_user = request.auth.username 3 session_pass = request.auth.password 4 expected_user_name = request.headers.get(b"X-User", None) 5 6 token = expected_user_name 7 if session_user is None and session_pass is None: 8 if token is not None and request.server.stash.take(token) is not None: 9 return b'FAIL (did not authorize)' 10 else: 11 if token is not None: 12 request.server.stash.put(token, b"1") 13 status = (401, b'Unauthorized') 14 headers = [(b'WWW-Authenticate', b'Basic realm="test"')] 15 return status, headers, b'FAIL (should be transparent)' 16 else: 17 if request.server.stash.take(token) == b"1": 18 challenge = b"DID" 19 else: 20 challenge = b"DID-NOT" 21 headers = [(b'XHR-USER', expected_user_name), 22 (b'SES-USER', session_user), 23 (b"X-challenge", challenge)] 24 return headers, session_user + b"\n" + session_pass