aboutsummaryrefslogtreecommitdiff
path: root/wqflask/utility/hmac.py
diff options
context:
space:
mode:
authorzsloan2020-04-21 16:54:41 -0500
committerGitHub2020-04-21 16:54:41 -0500
commit821465df32bfcbab73a654d1e2386f2a07f4695f (patch)
tree871c8502774cb7a8fce950f46285f62ba3d0b113 /wqflask/utility/hmac.py
parentd249d8fa90eabd47020926fdadbfe22ac2bba900 (diff)
parentcf8b4c21d81efaa01d347478dc126e6d9b53f7a9 (diff)
downloadgenenetwork2-821465df32bfcbab73a654d1e2386f2a07f4695f.tar.gz
Merge pull request #2 from genenetwork/testing
Pulling changes from main branch
Diffstat (limited to 'wqflask/utility/hmac.py')
-rw-r--r--wqflask/utility/hmac.py38
1 files changed, 38 insertions, 0 deletions
diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py
new file mode 100644
index 00000000..d8a0eace
--- /dev/null
+++ b/wqflask/utility/hmac.py
@@ -0,0 +1,38 @@
+from __future__ import print_function, division, absolute_import
+
+import hmac
+import hashlib
+
+from wqflask import app
+
+def hmac_creation(stringy):
+ """Helper function to create the actual hmac"""
+
+ secret = app.config['SECRET_HMAC_CODE']
+
+ hmaced = hmac.new(secret, stringy, hashlib.sha1)
+ hm = hmaced.hexdigest()
+ # ZS: Leaving the below comment here to ask Pjotr about
+ # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output."
+ # http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
+ hm = hm[:20]
+ return hm
+
+def data_hmac(stringy):
+ """Takes arbitray data string and appends :hmac so we know data hasn't been tampered with"""
+ return stringy + ":" + hmac_creation(stringy)
+
+def url_for_hmac(endpoint, **values):
+ """Like url_for but adds an hmac at the end to insure the url hasn't been tampered with"""
+
+ url = url_for(endpoint, **values)
+
+ hm = hmac_creation(url)
+ if '?' in url:
+ combiner = "&"
+ else:
+ combiner = "?"
+ return url + combiner + "hm=" + hm
+
+app.jinja_env.globals.update(url_for_hmac=url_for_hmac,
+ data_hmac=data_hmac) \ No newline at end of file