voussoir/else
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use real Authorization header instead of ad hoc password header.

Browse source
This commit is contained in:
Ethan Dalool 2020-10-12 21:43:17 -07:00
parent f23ed27683
commit 430b721d65
1 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
SimpleServer/simpleserver.py
View file

@ -1,4 +1,5 @@
import argparse import argparse
import base64
import cgi import cgi
import http.cookies import http.cookies
import http.server import http.server
@ -64,7 +65,7 @@ class RequestHandler(http.server.BaseHTTPRequestHandler):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
@property @property
def auth_token(self): def auth_cookie(self):
cookie = self.headers.get('Cookie') cookie = self.headers.get('Cookie')
if not cookie: if not cookie:
return None return None
@ -76,6 +77,20 @@ class RequestHandler(http.server.BaseHTTPRequestHandler):
return token return token
@property
def auth_header(self):
authorization = self.headers.get('Authorization')
if not authorization:
return None
(auth_type, authorization) = authorization.split(' ', 1)
if auth_type != 'Basic':
return None
authorization = base64.b64decode(authorization).decode()
(username, password) = authorization.split(':', 1)
return password
def check_password(self, attempt): def check_password(self, attempt):
if self.password is None: if self.password is None:
return True return True
@ -89,10 +104,10 @@ class RequestHandler(http.server.BaseHTTPRequestHandler):
if self.password is None: if self.password is None:
return True return True
if self.headers.get('password', None) == self.password: if self.auth_header == self.password:
return True return True
if self.accepted_tokens is not None and self.auth_token in self.accepted_tokens: if self.accepted_tokens is not None and self.auth_cookie in self.accepted_tokens:
return True return True
return False return False