Merge branch 'testing' of github.com:genenetwork/genenetwork2 into acenteno

1 files changed, 11 insertions, 6 deletions

diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py
index d8a0eace..29891677 100644
--- a/wqflask/utility/hmac.py
+++ b/wqflask/utility/hmac.py
@@ -1,16 +1,18 @@
-from __future__ import print_function, division, absolute_import
-
 import hmac
 import hashlib
 
+from flask import url_for
+
 from wqflask import app
 
+
 def hmac_creation(stringy):
     """Helper function to create the actual hmac"""
 
     secret = app.config['SECRET_HMAC_CODE']
-
-    hmaced = hmac.new(secret, stringy, hashlib.sha1)
+    hmaced = hmac.new(bytearray(secret, "latin-1"),
+                      bytearray(stringy, "utf-8"),
+                      hashlib.sha1)
     hm = hmaced.hexdigest()
     # ZS: Leaving the below comment here to ask Pjotr about
     # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output."
@@ -18,10 +20,12 @@ def hmac_creation(stringy):
     hm = hm[:20]
     return hm
 
+
 def data_hmac(stringy):
-    """Takes arbitray data string and appends :hmac so we know data hasn't been tampered with"""
+    """Takes arbitrary data string and appends :hmac so we know data hasn't been tampered with"""
     return stringy + ":" + hmac_creation(stringy)
 
+
 def url_for_hmac(endpoint, **values):
     """Like url_for but adds an hmac at the end to insure the url hasn't been tampered with"""
 
@@ -34,5 +38,6 @@ def url_for_hmac(endpoint, **values):
         combiner = "?"
     return url + combiner + "hm=" + hm
 
+
 app.jinja_env.globals.update(url_for_hmac=url_for_hmac,
-                             data_hmac=data_hmac)
\ No newline at end of file
+                             data_hmac=data_hmac)