From 303e4b71c2172da5be19c84d4be5a062329ac013 Mon Sep 17 00:00:00 2001 From: BonfaceKilz Date: Wed, 26 Aug 2020 19:12:33 +0300 Subject: Remove "from __future__ import new_feature" statements See: --- wqflask/utility/hmac.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'wqflask/utility/hmac.py') diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py index b08be97e..73e28790 100644 --- a/wqflask/utility/hmac.py +++ b/wqflask/utility/hmac.py @@ -1,5 +1,3 @@ -from __future__ import print_function, division, absolute_import - import hmac import hashlib @@ -37,4 +35,4 @@ def url_for_hmac(endpoint, **values): return url + combiner + "hm=" + hm app.jinja_env.globals.update(url_for_hmac=url_for_hmac, - data_hmac=data_hmac) \ No newline at end of file + data_hmac=data_hmac) -- cgit v1.2.3 From 46443ec8d2cdfd7c60358a889d90a90e4f7daaf4 Mon Sep 17 00:00:00 2001 From: BonfaceKilz Date: Thu, 27 Aug 2020 01:32:34 +0300 Subject: Replace string arguments to "hmac.new" with bytearray See: --- wqflask/utility/hmac.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'wqflask/utility/hmac.py') diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py index 73e28790..aa21c741 100644 --- a/wqflask/utility/hmac.py +++ b/wqflask/utility/hmac.py @@ -10,7 +10,7 @@ def hmac_creation(stringy): secret = app.config['SECRET_HMAC_CODE'] - hmaced = hmac.new(secret, stringy, hashlib.sha1) + hmaced = hmac.new(bytearray(secret, 'utf8'), bytearray(stringy, 'utf8'), hashlib.sha1) hm = hmaced.hexdigest() # ZS: Leaving the below comment here to ask Pjotr about # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output." -- cgit v1.2.3 From 6064148eb2b723a308f0d29595a75ab64f47e1e2 Mon Sep 17 00:00:00 2001 From: BonfaceKilz Date: Thu, 17 Sep 2020 17:34:11 +0300 Subject: Replace string arguments to "hmac.new" with bytearray Same as: https://github.com/genenetwork/genenetwork2/pull/422/commits/46443ec8d2cdfd7c60358a889d90a90e4f7daaf4 --- wqflask/utility/hmac.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'wqflask/utility/hmac.py') diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py index 10387bb0..6623f69a 100644 --- a/wqflask/utility/hmac.py +++ b/wqflask/utility/hmac.py @@ -10,7 +10,9 @@ def hmac_creation(stringy): """Helper function to create the actual hmac""" secret = app.config['SECRET_HMAC_CODE'] - hmaced = hmac.new(secret, stringy, hashlib.sha1) + hmaced = hmac.new(bytearray(secret, "utf-8"), + bytearray(stringy, "utf-8"), + hashlib.sha1) hm = hmaced.hexdigest() # ZS: Leaving the below comment here to ask Pjotr about # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output." -- cgit v1.2.3 From ca22bbfdd36351e2b7d8f346b5a3ab81c94f7203 Mon Sep 17 00:00:00 2001 From: BonfaceKilz Date: Wed, 28 Oct 2020 23:14:35 +0300 Subject: Use latin-1 encoding when converting hmac secret to bytes * wqflask/utility/hmac.py (hmac_creation): Use latin-1 when serializing the hmac secret. This ensures that the behaviour of *verify_cookie* remains the same as in the python2 tip. --- wqflask/utility/hmac.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'wqflask/utility/hmac.py') diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py index 6623f69a..29891677 100644 --- a/wqflask/utility/hmac.py +++ b/wqflask/utility/hmac.py @@ -10,7 +10,7 @@ def hmac_creation(stringy): """Helper function to create the actual hmac""" secret = app.config['SECRET_HMAC_CODE'] - hmaced = hmac.new(bytearray(secret, "utf-8"), + hmaced = hmac.new(bytearray(secret, "latin-1"), bytearray(stringy, "utf-8"), hashlib.sha1) hm = hmaced.hexdigest() -- cgit v1.2.3