xhr/resources/authentication.py - external/github.com/web-platform-tests/wpt - Git at Google

 def main(request, response):
     session_user = request.auth.username
     session_pass = request.auth.password
     expected_user_name = request.headers.get(b"X-User", None)

     token = expected_user_name
     if session_user is None and session_pass is None:
         if token is not None and request.server.stash.take(token) is not None:
             return b'FAIL (did not authorize)'
         else:
             if token is not None:
                 request.server.stash.put(token, b"1")
             status = (401, b'Unauthorized')
             headers = [(b'WWW-Authenticate', b'Basic realm="test"')]
             return status, headers, b'FAIL (should be transparent)'
     else:
         if request.server.stash.take(token) == b"1":
             challenge = b"DID"
         else:
             challenge = b"DID-NOT"
         headers = [(b'XHR-USER', expected_user_name),
                    (b'SES-USER', session_user),
                    (b"X-challenge", challenge)]
         return headers, session_user + b"\n" + session_pass
	def main(request, response):
	session_user = request.auth.username
	session_pass = request.auth.password
	expected_user_name = request.headers.get(b"X-User", None)

	token = expected_user_name
	if session_user is None and session_pass is None:
	if token is not None and request.server.stash.take(token) is not None:
	return b'FAIL (did not authorize)'
	else:
	if token is not None:
	request.server.stash.put(token, b"1")
	status = (401, b'Unauthorized')
	headers = [(b'WWW-Authenticate', b'Basic realm="test"')]
	return status, headers, b'FAIL (should be transparent)'
	else:
	if request.server.stash.take(token) == b"1":
	challenge = b"DID"
	else:
	challenge = b"DID-NOT"
	headers = [(b'XHR-USER', expected_user_name),
	(b'SES-USER', session_user),
	(b"X-challenge", challenge)]
	return headers, session_user + b"\n" + session_pass