misc: pass bytes to hmac (#36515)
This commit is contained in:
parent
fd88b46128
commit
1987c5407f
|
@ -14,6 +14,7 @@ import time
|
|||
import json
|
||||
import sys
|
||||
|
||||
from django.utils.encoding import force_bytes
|
||||
from django.utils.six import StringIO
|
||||
from django.utils.six.moves.urllib import parse as urllib
|
||||
from django.utils.six.moves.urllib import parse as urlparse
|
||||
|
@ -97,8 +98,8 @@ def sign_uri(uri, user=None, format='json'):
|
|||
query += '&email=' + urllib.quote(user.email)
|
||||
query += '&signature=%s' % urllib.quote(
|
||||
base64.b64encode(
|
||||
hmac.new('1234',
|
||||
query,
|
||||
hmac.new(b'1234',
|
||||
force_bytes(query),
|
||||
hashlib.sha256).digest()))
|
||||
return urlparse.urlunparse((scheme, netloc, path, params, query, fragment))
|
||||
|
||||
|
@ -138,8 +139,8 @@ def test_get_user_from_api_query_string_error_invalid_signature(pub):
|
|||
def test_get_user_from_api_query_string_error_missing_timestamp(pub):
|
||||
signature = urllib.quote(
|
||||
base64.b64encode(
|
||||
hmac.new('1234',
|
||||
'format=json&orig=coucou&algo=sha1',
|
||||
hmac.new(b'1234',
|
||||
b'format=json&orig=coucou&algo=sha1',
|
||||
hashlib.sha1).digest()))
|
||||
output = get_app(pub).get('/api/user/?format=json&orig=coucou&algo=sha1&signature=%s' % signature, status=403)
|
||||
assert output.json['err_desc'] == 'missing/multiple timestamp field'
|
||||
|
@ -149,8 +150,8 @@ def test_get_user_from_api_query_string_error_missing_email(pub):
|
|||
query = 'format=json&orig=coucou&algo=sha1×tamp=' + timestamp
|
||||
signature = urllib.quote(
|
||||
base64.b64encode(
|
||||
hmac.new('1234',
|
||||
query,
|
||||
hmac.new(b'1234',
|
||||
force_bytes(query),
|
||||
hashlib.sha1).digest()))
|
||||
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403)
|
||||
assert output.json['err_desc'] == 'no user specified'
|
||||
|
@ -160,8 +161,8 @@ def test_get_user_from_api_query_string_error_unknown_nameid(pub):
|
|||
query = 'format=json&orig=coucou&algo=sha1&NameID=xxx×tamp=' + timestamp
|
||||
signature = urllib.quote(
|
||||
base64.b64encode(
|
||||
hmac.new('1234',
|
||||
query,
|
||||
hmac.new(b'1234',
|
||||
force_bytes(query),
|
||||
hashlib.sha1).digest()))
|
||||
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403)
|
||||
assert output.json['err_desc'] == 'unknown NameID'
|
||||
|
@ -173,8 +174,8 @@ def test_get_user_from_api_query_string_error_missing_email_valid_endpoint(pub):
|
|||
query = 'format=json&orig=coucou&algo=sha1×tamp=' + timestamp
|
||||
signature = urllib.quote(
|
||||
base64.b64encode(
|
||||
hmac.new('1234',
|
||||
query,
|
||||
hmac.new(b'1234',
|
||||
force_bytes(query),
|
||||
hashlib.sha1).digest()))
|
||||
output = get_app(pub).get('/categories?%s&signature=%s' % (query, signature))
|
||||
assert output.json == {'data': []}
|
||||
|
@ -187,8 +188,8 @@ def test_get_user_from_api_query_string_error_unknown_nameid_valid_endpoint(pub)
|
|||
query = 'format=json&NameID=xxx&orig=coucou&algo=sha1×tamp=' + timestamp
|
||||
signature = urllib.quote(
|
||||
base64.b64encode(
|
||||
hmac.new('1234',
|
||||
query,
|
||||
hmac.new(b'1234',
|
||||
force_bytes(query),
|
||||
hashlib.sha1).digest()))
|
||||
output = get_app(pub).get('/categories?%s&signature=%s' % (query, signature))
|
||||
assert output.json == {'data': []}
|
||||
|
@ -200,8 +201,8 @@ def test_get_user_from_api_query_string_error_success_sha1(pub, local_user):
|
|||
query = 'format=json&orig=coucou&algo=sha1&email=' + urllib.quote(local_user.email) + '×tamp=' + timestamp
|
||||
signature = urllib.quote(
|
||||
base64.b64encode(
|
||||
hmac.new('1234',
|
||||
query,
|
||||
hmac.new(b'1234',
|
||||
force_bytes(query),
|
||||
hashlib.sha1).digest()))
|
||||
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature))
|
||||
assert output.json['user_display_name'] == u'Jean Darmette'
|
||||
|
@ -211,8 +212,8 @@ def test_get_user_from_api_query_string_error_invalid_signature_algo_mismatch(pu
|
|||
query = 'format=json&orig=coucou&algo=sha256&email=' + urllib.quote(local_user.email) + '×tamp=' + timestamp
|
||||
signature = urllib.quote(
|
||||
base64.b64encode(
|
||||
hmac.new('1234',
|
||||
query,
|
||||
hmac.new(b'1234',
|
||||
force_bytes(query),
|
||||
hashlib.sha1).digest()))
|
||||
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403)
|
||||
assert output.json['err_desc'] == 'invalid signature'
|
||||
|
@ -222,8 +223,8 @@ def test_get_user_from_api_query_string_error_success_sha256(pub, local_user):
|
|||
query = 'format=json&orig=coucou&algo=sha256&email=' + urllib.quote(local_user.email) + '×tamp=' + timestamp
|
||||
signature = urllib.quote(
|
||||
base64.b64encode(
|
||||
hmac.new('1234',
|
||||
query,
|
||||
hmac.new(b'1234',
|
||||
force_bytes(query),
|
||||
hashlib.sha256).digest()))
|
||||
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature))
|
||||
assert output.json['user_display_name'] == u'Jean Darmette'
|
||||
|
|
|
@ -24,6 +24,7 @@ import errno
|
|||
import calendar
|
||||
|
||||
from django.utils import six
|
||||
from django.utils.encoding import force_bytes
|
||||
from django.utils.six.moves.urllib import parse as urllib
|
||||
from django.utils.six.moves.urllib import parse as urlparse
|
||||
|
||||
|
@ -58,7 +59,7 @@ def is_url_signed(utcnow=None, duration=DEFAULT_DURATION):
|
|||
except AttributeError:
|
||||
raise AccessForbiddenError('invalid algo')
|
||||
if signature != base64.standard_b64encode(
|
||||
hmac.new(key, query_string[:query_string.find('&signature=')], algo).digest()):
|
||||
hmac.new(force_bytes(key), force_bytes(query_string[:query_string.find('&signature=')]), algo).digest()):
|
||||
raise AccessForbiddenError('invalid signature')
|
||||
timestamp = get_request().form.get('timestamp')
|
||||
if not isinstance(timestamp, six.string_types):
|
||||
|
@ -169,7 +170,7 @@ def sign_query(query, key, algo='sha256', timestamp=None, nonce=None):
|
|||
|
||||
def sign_string(s, key, algo='sha256', timedelta=30):
|
||||
digestmod = getattr(hashlib, algo)
|
||||
hash = hmac.HMAC(key, digestmod=digestmod, msg=s)
|
||||
hash = hmac.HMAC(force_bytes(key), digestmod=digestmod, msg=force_bytes(s))
|
||||
return hash.digest()
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue