diff options
| author | zsloan | 2020-03-09 11:54:34 -0500 |
|---|---|---|
| committer | zsloan | 2020-03-09 11:54:34 -0500 |
| commit | 04b32f95279602da4cfb00b4f356a04eee48af51 (patch) | |
| tree | 4669f99ed75c0a39164c3b277e4b07ba4913aa63 /wqflask/utility/hmac.py | |
| parent | 69a1bef6f0e653e0a8d84e4e13e5879e2faeea39 (diff) | |
| download | genenetwork2-04b32f95279602da4cfb00b4f356a04eee48af51.tar.gz | |
I think this should complete consolidating all the collections code.
Diffstat (limited to 'wqflask/utility/hmac.py')
| -rw-r--r-- | wqflask/utility/hmac.py | 56 |
1 files changed, 38 insertions, 18 deletions
diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py index 47001e54..d8a0eace 100644 --- a/wqflask/utility/hmac.py +++ b/wqflask/utility/hmac.py @@ -1,18 +1,38 @@ -from __future__ import print_function, division, absolute_import
-
-import hmac
-
-from wqflask import app
-
-def hmac_creation(stringy):
- """Helper function to create the actual hmac"""
-
- secret = app.config['SECRET_HMAC_CODE']
-
- hmaced = hmac.new(secret, stringy, hashlib.sha1)
- hm = hmaced.hexdigest()
- # ZS: Leaving the below comment here to ask Pjotr about
- # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output."
- # http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
- hm = hm[:20]
- return hm
\ No newline at end of file +from __future__ import print_function, division, absolute_import + +import hmac +import hashlib + +from wqflask import app + +def hmac_creation(stringy): + """Helper function to create the actual hmac""" + + secret = app.config['SECRET_HMAC_CODE'] + + hmaced = hmac.new(secret, stringy, hashlib.sha1) + hm = hmaced.hexdigest() + # ZS: Leaving the below comment here to ask Pjotr about + # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output." + # http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html + hm = hm[:20] + return hm + +def data_hmac(stringy): + """Takes arbitray data string and appends :hmac so we know data hasn't been tampered with""" + return stringy + ":" + hmac_creation(stringy) + +def url_for_hmac(endpoint, **values): + """Like url_for but adds an hmac at the end to insure the url hasn't been tampered with""" + + url = url_for(endpoint, **values) + + hm = hmac_creation(url) + if '?' in url: + combiner = "&" + else: + combiner = "?" + return url + combiner + "hm=" + hm + +app.jinja_env.globals.update(url_for_hmac=url_for_hmac, + data_hmac=data_hmac)
\ No newline at end of file |