Handle explicit 'no' from the other side

2025-03-19 12:13:02 +01:00
parent 82668938af
commit 23432327e9
2 changed files with 8 additions and 1 deletions
--- a/staticshield.py
+++ b/staticshield.py
@@ -56,6 +56,8 @@ def all_routes(path):

        # The path we should have gotten back is of the format:
        # /sessionstart/SEKRIT_TOKEN/<the_url_to_redirect_on_here_afterwards>
+        # or, if the request is denied by the mothership:
+        # /sessionstart/denied
        secret_and_redirect = path.split('sessionstart/')[1]
        secret_redirect_split = secret_and_redirect.split('/')
        secret = secret_redirect_split[0]
@@ -63,6 +65,10 @@ def all_routes(path):
        if len(secret_redirect_split) > 1:
            redirect_path = '/'.join(secret_redirect_split[1:])

+        if secret == 'denied':
+            # Mother says no
+            return 'Unable to set up session', 403
+
        # Ask the mothership if the secret is known to them, to prevent someone from just making up a URL
        # Mothership will invalidate this secret token upon handling this request to prevent replay
        try: