From 8839637fbcb1b083e19367801ca7646962944d30 Mon Sep 17 00:00:00 2001 From: zsloan Date: Tue, 3 Mar 2020 15:16:31 -0600 Subject: was missing a couple files in last commit --- wqflask/utility/hmac.py | 18 ++++++++++++++++++ wqflask/wqflask/hmac_func.py | 19 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 wqflask/utility/hmac.py create mode 100644 wqflask/wqflask/hmac_func.py diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py new file mode 100644 index 00000000..47001e54 --- /dev/null +++ b/wqflask/utility/hmac.py @@ -0,0 +1,18 @@ +from __future__ import print_function, division, absolute_import + +import hmac + +from wqflask import app + +def hmac_creation(stringy): + """Helper function to create the actual hmac""" + + secret = app.config['SECRET_HMAC_CODE'] + + hmaced = hmac.new(secret, stringy, hashlib.sha1) + hm = hmaced.hexdigest() + # ZS: Leaving the below comment here to ask Pjotr about + # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output." + # http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html + hm = hm[:20] + return hm \ No newline at end of file diff --git a/wqflask/wqflask/hmac_func.py b/wqflask/wqflask/hmac_func.py new file mode 100644 index 00000000..361c35b6 --- /dev/null +++ b/wqflask/wqflask/hmac_func.py @@ -0,0 +1,19 @@ +from __future__ import print_function, division, absolute_import + +import hashlib +import hmac + +from wqflask import app + +def hmac_creation(stringy): + """Helper function to create the actual hmac""" + + secret = app.config['SECRET_HMAC_CODE'] + + hmaced = hmac.new(secret, stringy, hashlib.sha1) + hm = hmaced.hexdigest() + # ZS: Leaving the below comment here to ask Pjotr about + # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output." + # http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html + hm = hm[:20] + return hm \ No newline at end of file -- cgit v1.2.3