python3: encode unicode-objects before hashing (#40570)
This commit is contained in:
parent
3214b296bc
commit
f987c27631
|
@ -24,7 +24,7 @@ import psycopg2
|
|||
|
||||
from django.core.cache import cache
|
||||
from django.conf import settings
|
||||
from django.utils.encoding import force_text
|
||||
from django.utils.encoding import force_bytes, force_text
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from . import schemas
|
||||
|
@ -132,7 +132,8 @@ class EngineDimension(object):
|
|||
return getattr(self.dimension, name)
|
||||
|
||||
def cache_key(self, filters):
|
||||
return hashlib.md5(self.engine.path + self.engine_cube.name + self.name + repr(filters)).hexdigest()
|
||||
key = self.engine.path + self.engine_cube.name + self.name + repr(filters)
|
||||
return hashlib.md5(force_bytes(key)).hexdigest()
|
||||
|
||||
def members(self, filters=()):
|
||||
assert self.type != 'date'
|
||||
|
@ -244,8 +245,9 @@ class EngineJSONDimension(EngineDimension):
|
|||
self.dimension = SchemaJSONDimension(self.engine_cube.json_field, name)
|
||||
|
||||
def cache_key(self, filters):
|
||||
return hashlib.md5(self.engine.path + self.engine_cube.json_field
|
||||
+ self.engine_cube.name + self.name + repr(filters)).hexdigest()
|
||||
key = (self.engine.path + self.engine_cube.json_field
|
||||
+ self.engine_cube.name + self.name + repr(filters))
|
||||
return hashlib.md5(force_bytes(key)).hexdigest()
|
||||
|
||||
def to_json(self):
|
||||
return {
|
||||
|
|
|
@ -22,6 +22,7 @@ import urllib
|
|||
import random
|
||||
import logging
|
||||
|
||||
from django.utils.encoding import force_bytes, smart_bytes
|
||||
from django.utils.six.moves.urllib import parse as urlparse
|
||||
|
||||
|
||||
|
@ -55,9 +56,7 @@ def sign_query(query, key, algo='sha256', timestamp=None, nonce=None):
|
|||
|
||||
def sign_string(s, key, algo='sha256', timedelta=30):
|
||||
digestmod = getattr(hashlib, algo)
|
||||
if isinstance(key, unicode):
|
||||
key = key.encode('utf-8')
|
||||
hash = hmac.HMAC(key, digestmod=digestmod, msg=s)
|
||||
hash = hmac.HMAC(smart_bytes(key), digestmod=digestmod, msg=smart_bytes(s))
|
||||
return hash.digest()
|
||||
|
||||
|
||||
|
@ -69,7 +68,7 @@ def check_url(url, key, known_nonce=None, timedelta=30):
|
|||
def check_query(query, key, known_nonce=None, timedelta=30):
|
||||
res, error = check_query2(query, key, known_nonce=known_nonce, timedelta=timedelta)
|
||||
if not res:
|
||||
key_hash = 'md5:%s' % hashlib.md5(key).hexdigest()[:6]
|
||||
key_hash = 'md5:%s' % hashlib.md5(force_bytes(key)).hexdigest()[:6]
|
||||
logging.getLogger(__name__).warning(
|
||||
'could not check signature of query %r with key %s: %s', query, key_hash, error)
|
||||
return res
|
||||
|
|
|
@ -25,7 +25,7 @@ import copy
|
|||
import collections
|
||||
|
||||
from django.core.cache import cache
|
||||
from django.utils.encoding import force_text
|
||||
from django.utils.encoding import force_bytes, force_text
|
||||
from django.utils.safestring import mark_safe
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.http import Http404
|
||||
|
@ -151,7 +151,7 @@ class Visualization(object):
|
|||
keys += [dim.name for dim in self.drilldown]
|
||||
keys += [self.measure.name]
|
||||
key = '$'.join(v.encode('utf8') for v in keys)
|
||||
return hashlib.md5(key).hexdigest()
|
||||
return hashlib.md5(force_bytes(key)).hexdigest()
|
||||
|
||||
def data(self):
|
||||
'''Execute aggregation query, list members and check None values in
|
||||
|
|
|
@ -21,7 +21,7 @@ import json
|
|||
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.utils.encoding import force_text
|
||||
from django.utils.encoding import force_bytes, force_text
|
||||
from django.utils.text import slugify
|
||||
from django.utils.translation import ungettext, ugettext as _
|
||||
from django.views.generic.edit import CreateView, DeleteView, UpdateView, FormView
|
||||
|
@ -175,7 +175,8 @@ class VisualizationView(views.AuthorizationMixin, CubeDisplayMixin, DetailView):
|
|||
initial['filter__%s' % key] = value
|
||||
ctx['form'] = forms.CubeForm(cube=self.cube, initial=initial)
|
||||
path = reverse('visualization-iframe', args=self.args, kwargs=self.kwargs)
|
||||
signature = hashlib.sha1(path + settings.SECRET_KEY).hexdigest()
|
||||
signature = path + settings.SECRET_KEY
|
||||
signature = hashlib.sha1(force_bytes(signature)).hexdigest()
|
||||
path += '?signature=' + signature
|
||||
ctx['iframe_url'] = path
|
||||
return ctx
|
||||
|
@ -186,7 +187,8 @@ class SignatureAuthorizationMixin(views.AuthorizationMixin):
|
|||
if request.user.is_authenticated() and request.user.is_superuser:
|
||||
return True
|
||||
if 'signature' in request.GET:
|
||||
signature = hashlib.sha1(request.path + settings.SECRET_KEY).hexdigest()
|
||||
signature = request.path + settings.SECRET_KEY
|
||||
signature = hashlib.sha1(force_bytes(signature)).hexdigest()
|
||||
if request.GET['signature'] == signature:
|
||||
return True
|
||||
return False
|
||||
|
@ -241,7 +243,8 @@ class VisualizationsJSONView(MultipleObjectMixin, View):
|
|||
data = []
|
||||
for visualization in self.get_queryset():
|
||||
path = reverse('visualization-iframe', kwargs={'pk': visualization.pk})
|
||||
sig = hashlib.sha1(path + settings.SECRET_KEY).hexdigest()
|
||||
sig = path + settings.SECRET_KEY
|
||||
sig = hashlib.sha1(force_bytes(sig)).hexdigest()
|
||||
path += '?signature=' + sig
|
||||
data_uri = reverse('visualization-json', kwargs={'pk': visualization.pk})
|
||||
data.append({
|
||||
|
|
Loading…
Reference in New Issue