forked from mozilla/PyHawk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sample_server.py
116 lines (92 loc) · 3.33 KB
/
sample_server.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# -*- coding: utf-8 -*-
"""
Example usage of PyHawk.
You can run this server and point HAWK's client.js at it.
Or you can point sample_client.py at it.
"""
from wsgiref.util import setup_testing_defaults
from wsgiref.simple_server import make_server
import hawk
from hawk.util import HawkException
def main():
"""
Run the sample_server.py from the CLI
"""
def simple_app(environ, start_response):
"""
Usage: python test_server.py
Then in tests/server/ run
node client.js
This will make an unauthorized and then a HAWK authorized
request. The authed one should say (valid).
"""
setup_testing_defaults(environ)
# TODO no querysting, don't append
url = environ['PATH_INFO'] + '?' + environ['QUERY_STRING']
http_auth_header = ''
if 'HTTP_AUTHORIZATION' in environ:
http_auth_header = environ['HTTP_AUTHORIZATION']
# TODO do host and port better
req = {
'method': environ['REQUEST_METHOD'],
'url': url,
'host': environ['HTTP_HOST'].split(':')[0],
'port': environ['HTTP_HOST'].split(':')[1],
'headers': {
'authorization': http_auth_header
}
}
# Look up from DB or elsewhere
credentials = {
'dh37fgj492je': {
'id': 'dh37fgj492je',
'algorithm': 'sha256',
'key': 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn'
}
}
server = hawk.Server(req, lambda cid: credentials[cid])
if url.find('bewit=') == -1:
print "HAWK based authentication"
return hawk_authentication(start_response, server, req)
else:
print "Bewit based authentication"
return hawk_bewit_authentication(start_response, server, req)
httpd = make_server('', 8002, simple_app)
print "Serving on port 8002..."
httpd.serve_forever()
def hawk_authentication(start_response, server, req):
"""Authenticate the request using HAWK."""
try:
artifacts = server.authenticate(req, {})
payload = 'Hello ' + artifacts['ext']
status = '200 OK'
auth = server.header(artifacts,
{ 'payload': payload,
'contentType': 'text/plain' })
headers = [('Content-Type', 'text/plain'),
('Server-Authorization', auth)]
start_response(status, headers)
return payload
except (HawkException):
start_response('401 Unauthorized', [])
return 'Please authenticate'
def hawk_bewit_authentication(start_response, server, req):
"""Authenticate the request using a Bewit from HAWK."""
options = {}
try:
if server.authenticate_bewit(req, options):
payload = 'Hello '
status = '200 OK'
headers = [('Content-Type', 'text/plain')]
start_response(status, headers)
return payload
else:
print "Bad Bewit, sending 401"
start_response('401 Unauthorized', [])
return 'Please authenticate'
except (HawkException):
print "Exception, sending 401"
start_response('401 Unauthorized', [])
return 'Please authenticate'
if __name__ == '__main__':
main()