From 05c3440a33fdf811559db8fcf93e655fe9f0cfe5 Mon Sep 17 00:00:00 2001 From: Yingtong Li Date: Thu, 17 Jan 2019 23:42:05 +1100 Subject: [PATCH] Use Python 3.6 compatible HMAC code --- ssmembership/views.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ssmembership/views.py b/ssmembership/views.py index 69d9e7a..ea54c57 100644 --- a/ssmembership/views.py +++ b/ssmembership/views.py @@ -80,8 +80,8 @@ def import_signed(request): if 'sig' not in request.GET: return HttpResponse('Expected a signature parameter', status=400) - sig_expected = hmac.digest(settings.SECRET_KEY_MEMBERSIG.encode('utf-8'), request.GET['email'].encode('utf-8'), 'sha256').hex() - if sig_expected != request.GET['sig']: + sig_expected = hmac.new(settings.SECRET_KEY_MEMBERSIG.encode('utf-8'), request.GET['email'].encode('utf-8'), 'sha256').hexdigest() + if not hmac.compare_digest(sig_expected, request.GET['sig']): return HttpResponse('Invalid signature', status=403) member = mimport.by_email(request.GET['email']) @@ -108,15 +108,15 @@ def import_search(request): 'member': member, 'years': models.Member.YEARS, 'email_orig': member.email if member else None, - 'sig': hmac.digest(settings.SECRET_KEY_MEMBERSIG.encode('utf-8'), member.email.encode('utf-8'), 'sha256').hex() if member else None + 'sig': hmac.new(settings.SECRET_KEY_MEMBERSIG.encode('utf-8'), member.email.encode('utf-8'), 'sha256').hexdigest() if member else None }) def import_save(request): if request.method != 'POST': return redirect(reverse('import_index')) - sig_expected = hmac.digest(settings.SECRET_KEY_MEMBERSIG.encode('utf-8'), request.POST['email_orig'].encode('utf-8'), 'sha256').hex() - if sig_expected != request.POST['sig']: + sig_expected = hmac.new(settings.SECRET_KEY_MEMBERSIG.encode('utf-8'), request.POST['email_orig'].encode('utf-8'), 'sha256').hexdigest() + if not hmac.compare_digest(sig_expected, request.POST['sig']): return HttpResponse('Invalid signature', status=403) member = mimport.by_email(request.POST['email_orig'])