diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2018-11-04 11:18:56 +0000 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2018-11-04 11:18:56 +0000 |
commit | 6cef78f9f3cad33c10000d97409ad99eb9611d95 (patch) | |
tree | 9a3c6aa176f4d543347a1aff4a0d67c39911d64c | |
parent | 001c2103b89c070daca469b7db777678cc36b788 (diff) | |
download | netsurf-test-6cef78f9f3cad33c10000d97409ad99eb9611d95.tar.gz netsurf-test-6cef78f9f3cad33c10000d97409ad99eb9611d95.tar.bz2 |
Basic auth test
-rwxr-xr-x | cgi-bin/auth.cgi | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/cgi-bin/auth.cgi b/cgi-bin/auth.cgi index 1d0c64e..5f72447 100755 --- a/cgi-bin/auth.cgi +++ b/cgi-bin/auth.cgi @@ -5,14 +5,39 @@ import cgitb cgitb.enable() import os +import base64 -auth = cgi.parse_header(os.getenv("HTTP_AUTHORIZATION") or "") +auth = os.getenv("HTTP_AUTHORIZATION") +query = os.getenv("QUERY_STRING") or "user=foo&pass=bar" -print("Content-Type: text/plain") -print("") +query = cgi.parse_qs(query) +username = query.get("user", "foo") +password = query.get("pass", query.get("password", "bar")) + +def badauth(reason="NOAUTH"): + print('WWW-Authenticate: Basic realm="NetSurf Authentication test"') + print('Content-Type: text/plain') + print('') + print('result=BAD, reason={}'.format(reason)) + raise SystemExit -print(repr(auth)) +if not auth: + badauth("NOAUTH") +else: + if not auth.startswith("Basic "): + badauth("NOTBASIC") + enc = auth[6:] + dec = base64.decode(enc) + if ":" not in dec: + badauth("NOCOLON") + bits = dec.rsplit(':', maxsplit=1) + if bits[0] != username: + badauth("BADUSER") + if bits[1] != password: + badauth("BADPASS") + +print("Content-Type: text/plain") print("") -print(repr(os.environ)) +print("result=GOOD, username={}, password={}".format(username, password)) |