Use real Authorization header instead of ad hoc password header.

This commit is contained in:
Ethan Dalool 2020-10-12 21:43:17 -07:00
parent f23ed27683
commit 430b721d65

View file

@ -1,4 +1,5 @@
import argparse
import base64
import cgi
import http.cookies
import http.server
@ -64,7 +65,7 @@ class RequestHandler(http.server.BaseHTTPRequestHandler):
super().__init__(*args, **kwargs)
@property
def auth_token(self):
def auth_cookie(self):
cookie = self.headers.get('Cookie')
if not cookie:
return None
@ -76,6 +77,20 @@ class RequestHandler(http.server.BaseHTTPRequestHandler):
return token
@property
def auth_header(self):
authorization = self.headers.get('Authorization')
if not authorization:
return None
(auth_type, authorization) = authorization.split(' ', 1)
if auth_type != 'Basic':
return None
authorization = base64.b64decode(authorization).decode()
(username, password) = authorization.split(':', 1)
return password
def check_password(self, attempt):
if self.password is None:
return True
@ -89,10 +104,10 @@ class RequestHandler(http.server.BaseHTTPRequestHandler):
if self.password is None:
return True
if self.headers.get('password', None) == self.password:
if self.auth_header == self.password:
return True
if self.accepted_tokens is not None and self.auth_token in self.accepted_tokens:
if self.accepted_tokens is not None and self.auth_cookie in self.accepted_tokens:
return True
return False