diff options
Diffstat (limited to 'wqflask/utility/hmac.py')
| -rw-r--r-- | wqflask/utility/hmac.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py index aa21c741..10387bb0 100644 --- a/wqflask/utility/hmac.py +++ b/wqflask/utility/hmac.py @@ -5,12 +5,12 @@ from flask import url_for from wqflask import app + def hmac_creation(stringy): """Helper function to create the actual hmac""" secret = app.config['SECRET_HMAC_CODE'] - - hmaced = hmac.new(bytearray(secret, 'utf8'), bytearray(stringy, 'utf8'), hashlib.sha1) + hmaced = hmac.new(secret, stringy, hashlib.sha1) hm = hmaced.hexdigest() # ZS: Leaving the below comment here to ask Pjotr about # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output." @@ -18,10 +18,12 @@ def hmac_creation(stringy): hm = hm[:20] return hm + def data_hmac(stringy): - """Takes arbitray data string and appends :hmac so we know data hasn't been tampered with""" + """Takes arbitrary data string and appends :hmac so we know data hasn't been tampered with""" return stringy + ":" + hmac_creation(stringy) + def url_for_hmac(endpoint, **values): """Like url_for but adds an hmac at the end to insure the url hasn't been tampered with""" @@ -34,5 +36,6 @@ def url_for_hmac(endpoint, **values): combiner = "?" return url + combiner + "hm=" + hm + app.jinja_env.globals.update(url_for_hmac=url_for_hmac, data_hmac=data_hmac) |