diff options
| author | BonfaceKilz | 2020-09-17 16:07:01 +0300 |
|---|---|---|
| committer | BonfaceKilz | 2020-09-17 16:07:01 +0300 |
| commit | 81f6c22573db69e8ab0d2b831fc659147a839bbd (patch) | |
| tree | 59cea49c4e8ed05dab9a26b6835492b1ebe85d17 /wqflask/utility/hmac.py | |
| parent | 90475fed0b2d1bd192a641bd417f6dfef79653d0 (diff) | |
| parent | 8da6a70916d2cf18e476ab0adf47f802c481205d (diff) | |
| download | genenetwork2-81f6c22573db69e8ab0d2b831fc659147a839bbd.tar.gz | |
Merge branch 'testing' into build/python3-migration
Diffstat (limited to 'wqflask/utility/hmac.py')
| -rw-r--r-- | wqflask/utility/hmac.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py index aa21c741..10387bb0 100644 --- a/wqflask/utility/hmac.py +++ b/wqflask/utility/hmac.py @@ -5,12 +5,12 @@ from flask import url_for from wqflask import app + def hmac_creation(stringy): """Helper function to create the actual hmac""" secret = app.config['SECRET_HMAC_CODE'] - - hmaced = hmac.new(bytearray(secret, 'utf8'), bytearray(stringy, 'utf8'), hashlib.sha1) + hmaced = hmac.new(secret, stringy, hashlib.sha1) hm = hmaced.hexdigest() # ZS: Leaving the below comment here to ask Pjotr about # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output." @@ -18,10 +18,12 @@ def hmac_creation(stringy): hm = hm[:20] return hm + def data_hmac(stringy): - """Takes arbitray data string and appends :hmac so we know data hasn't been tampered with""" + """Takes arbitrary data string and appends :hmac so we know data hasn't been tampered with""" return stringy + ":" + hmac_creation(stringy) + def url_for_hmac(endpoint, **values): """Like url_for but adds an hmac at the end to insure the url hasn't been tampered with""" @@ -34,5 +36,6 @@ def url_for_hmac(endpoint, **values): combiner = "?" return url + combiner + "hm=" + hm + app.jinja_env.globals.update(url_for_hmac=url_for_hmac, data_hmac=data_hmac) |