aboutsummaryrefslogtreecommitdiff
path: root/wqflask/utility/hmac.py
diff options
context:
space:
mode:
authorArthur Centeno2021-04-09 20:38:21 +0000
committerArthur Centeno2021-04-09 20:38:21 +0000
commite2b04a322f26670782fe7f7c39bcebc508fdabdd (patch)
treea51c32bae4d544cc0beea19f455ccc52f0544a4c /wqflask/utility/hmac.py
parent187cd40bd3273b50d2813bfccf98bfadbb8c14ff (diff)
parentef51e08753defdfc7f3e67f8788cd1362d2cf631 (diff)
downloadgenenetwork2-e2b04a322f26670782fe7f7c39bcebc508fdabdd.tar.gz
Merge branch 'testing' of github.com:genenetwork/genenetwork2 into acenteno
Diffstat (limited to 'wqflask/utility/hmac.py')
-rw-r--r--wqflask/utility/hmac.py17
1 files changed, 11 insertions, 6 deletions
diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py
index d8a0eace..29891677 100644
--- a/wqflask/utility/hmac.py
+++ b/wqflask/utility/hmac.py
@@ -1,16 +1,18 @@
-from __future__ import print_function, division, absolute_import
-
import hmac
import hashlib
+from flask import url_for
+
from wqflask import app
+
def hmac_creation(stringy):
"""Helper function to create the actual hmac"""
secret = app.config['SECRET_HMAC_CODE']
-
- hmaced = hmac.new(secret, stringy, hashlib.sha1)
+ hmaced = hmac.new(bytearray(secret, "latin-1"),
+ bytearray(stringy, "utf-8"),
+ hashlib.sha1)
hm = hmaced.hexdigest()
# ZS: Leaving the below comment here to ask Pjotr about
# "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output."
@@ -18,10 +20,12 @@ def hmac_creation(stringy):
hm = hm[:20]
return hm
+
def data_hmac(stringy):
- """Takes arbitray data string and appends :hmac so we know data hasn't been tampered with"""
+ """Takes arbitrary data string and appends :hmac so we know data hasn't been tampered with"""
return stringy + ":" + hmac_creation(stringy)
+
def url_for_hmac(endpoint, **values):
"""Like url_for but adds an hmac at the end to insure the url hasn't been tampered with"""
@@ -34,5 +38,6 @@ def url_for_hmac(endpoint, **values):
combiner = "?"
return url + combiner + "hm=" + hm
+
app.jinja_env.globals.update(url_for_hmac=url_for_hmac,
- data_hmac=data_hmac) \ No newline at end of file
+ data_hmac=data_hmac)