1

I have created started a WSGI server using make_sever method of wsgiref.simple_server in Python. Below is the code for starting the server.

port = 5000
httpd = make_server("localhost", port, Request_Handler)
print "Started Sever on port", str(port)
try :
    httpd.serve_forever()
except KeyboardInterrupt :
    print "Server Closed"

And this is my Request_Handler Function

def Request_Handler(environ, start_response):
count = 0
if environ["PATH_INFO"] == "/" :
    response_body = "No authentication required on root page"
    status = "200 OK"
    response_headers = [('Content-Type', 'text/plain'),
                        ('Content-Length', str(len(response_body)))]
    start_response(status, response_headers)
    return [response_body]

elif environ["PATH_INFO"] == '/AM-PM' :
    if authentication(environ.get('HTTP_AUTHORIZATION')) :
        print "Structure of HTTP_AUTHORIZATION IS :"
        print environ.get("HTTP_AUTHORIZATION")
        start_response('200 OK', [('Content-Type', 'text/plain')])
        return ["Authentication valid"]
    else :
        start_response('401 Unauthorized',
                       [('Content-Type', 'text/html'),
                       ('WWW-Authenticate', 'Basic realm="Login"')])
        count = count + 1
        return ["Please Try Again"]
        if count == 3:
            start_response('403 FORBIDDEN', [('Content-Type', 'text/plain'),('WWW-Authenticate', 'Basic realm="Login"')])
            return ["Authentication is invalid"]

Earlier, in the else block I used only the 401 response and it was working fine. Whenever someone entered a wrong password. I asked again for the username and password. However now I wanted that after 3 number of trails. 403 response is started and return Authentication is invalid.

I thought of using a count variable to count the number of invalid request and once it is incremented to 3 a 403 response will start.

However, when I used this code, No user-name and password is asked, instead 200 response is started with a print message of Authentication is Valid which is not what I wanted.

Any Suggestions where I am going wrong

PS this is the authentication Function I used

def authentication(header) :
if not header :
    return False
scheme, data = header.split(None, 1)
print "Scheme : ", scheme
print "Data : ", data
decoded = b64decode(data).decode('UTF-8')
print "Decoded : ", decoded
username, password = decoded.split(':', 1)
return username == password #True Statement 200 response will be started.
Aman Raparia
  • 494
  • 1
  • 5
  • 13
  • You are resetting the `count` variable to `0` on every request. declare it outside of that function. Additionally, you might wanna associate some other unique value along with the counter or else it might show the `403` error to a different user. – Himal Jul 19 '17 at 11:03
  • So you want to say that the RequestHandler is not able to maintain the updated value of count. Because HTTP is a stateless call........ – Aman Raparia Jul 19 '17 at 13:24
  • Well, not exactly. What if `Request_Handler` was a regular function ? every time you call it, it's going to set the `count` to `0` right ? Second part is about storing that count. you can't just increment the value of `count`, becasue what happen if there are two users trying to log in ? You have to use something like a dictionary so you can store something unique like their IP for example. eg: `counts = {"Their IP": 0}` – Himal Jul 19 '17 at 13:32

0 Answers0