| def main(request, response): | |
| if "logout" in request.GET: | |
| return ((401, "Unauthorized"), | |
| [("WWW-Authenticate", 'Basic realm="test"')], | |
| "Logged out, hopefully") | |
| session_user = request.auth.username | |
| session_pass = request.auth.password | |
| expected_user_name = request.headers.get("X-User", None) | |
| token = expected_user_name | |
| if session_user is None and session_pass is None: | |
| if token is not None and request.server.stash.take(token) is not None: | |
| return 'FAIL (did not authorize)' | |
| else: | |
| if token is not None: | |
| request.server.stash.put(token, "1") | |
| status = (401, 'Unauthorized') | |
| headers = [('WWW-Authenticate', 'Basic realm="test"'), | |
| ('XHR-USER', expected_user_name), | |
| ('SES-USER', session_user)] | |
| return status, headers, 'FAIL (should be transparent)' | |
| else: | |
| if request.server.stash.take(token) == "1": | |
| challenge = "DID" | |
| else: | |
| challenge = "DID-NOT" | |
| headers = [('XHR-USER', expected_user_name), | |
| ('SES-USER', session_user), | |
| ("X-challenge", challenge)] | |
| return headers, session_user + "\n" + session_pass; | |