python3: encoding variations in auth_fc.models

2020-02-13 17:21:22 +01:00 · 2020-02-13 17:21:22 +01:00 · 13e18e5370
parent 8d8e5d0984
commit 13e18e5370
1 changed files with 7 additions and 3 deletions
--- a/src/authentic2_auth_fc/models.py
+++ b/src/authentic2_auth_fc/models.py
@ -20,6 +20,8 @@ import hmac
 import hashlib

 from django.db import models
+from django.utils.encoding import force_bytes
+from django.utils.encoding import force_text
 from django.utils.six.moves.urllib import parse as urlparse
 from django.utils.translation import ugettext_lazy as _
 from django.utils.timezone import now
@ -33,7 +35,7 @@ from . import app_settings
 def base64url_decode(encoded):
    rem = len(encoded) % 4
    if rem > 0:
-        encoded += b'=' * (4 - rem)
+        encoded += '=' * (4 - rem)
    return base64.urlsafe_b64decode(encoded)


@ -51,12 +53,14 @@ def parse_id_token(id_token, client_id=None, client_secret=None):
        return None, 'invalid signature'
    signed = '%s.%s' % (header, payload)
    if client_secret is not None:
-        h = hmac.HMAC(key=client_secret, msg=signed, digestmod=hashlib.sha256)
+        h = hmac.HMAC(
+                key=client_secret, msg=force_bytes(signed),
+                digestmod=hashlib.sha256)
        if h.digest() != signature:
            return None, 'hmac signature does not match'
    payload = base64url_decode(str(payload))
    try:
-        payload = json.loads(payload)
+        payload = json.loads(force_text(payload))
    except ValueError:
        return None, 'invalid payload'
    if client_id and ('aud' not in payload or payload['aud'] != client_id):