def main(request, response): | |
if "logout" in request.GET: | |
return ((401, "Unauthorized"), | |
[("WWW-Authenticate", 'Basic realm="test"')], | |
"Logged out, hopefully") | |
session_user = request.auth.username | |
session_pass = request.auth.password | |
expected_user_name = request.headers.get("X-User", None) | |
token = expected_user_name | |
if session_user is None and session_pass is None: | |
if token is not None and request.server.stash.take(token) is not None: | |
return 'FAIL (did not authorize)' | |
else: | |
if token is not None: | |
request.server.stash.put(token, "1") | |
status = (401, 'Unauthorized') | |
headers = [('WWW-Authenticate', 'Basic realm="test"'), | |
('XHR-USER', expected_user_name), | |
('SES-USER', session_user)] | |
return status, headers, 'FAIL (should be transparent)' | |
else: | |
if request.server.stash.take(token) == "1": | |
challenge = "DID" | |
else: | |
challenge = "DID-NOT" | |
headers = [('XHR-USER', expected_user_name), | |
('SES-USER', session_user), | |
("X-challenge", challenge)] | |
return headers, session_user + "\n" + session_pass; | |