particle-os/debian-koji
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pass bytes to sha1 constructor

Browse source 
As preparation to use hashlib's constructors, fix passing correct
datatype to sha1 constructor in web ui.

Fixes: https://pagure.io/koji/issue/1486
This commit is contained in:
Tomas Kopecek 2019-06-11 11:19:51 +02:00 committed by Mike McLean
parent 3b0028ae07
commit 9326cebd32
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
www/kojiweb/index.py
View file

@ -55,8 +55,8 @@ def _setUserCookie(environ, user):
value = user + ':' + str(int(time.time()))
if not options['Secret'].value:
raise koji.AuthError('Unable to authenticate, server secret not configured')
shasum = sha1_constructor(value)
shasum.update(options['Secret'].value)
shasum = sha1_constructor(value.encode('utf-8'))
shasum.update(options['Secret'].value.encode('utf-8'))
value = "%s:%s" % (shasum.hexdigest(), value)
cookies = six.moves.http_cookies.SimpleCookie()
cookies['user'] = value
@ -92,8 +92,8 @@ def _getUserCookie(environ):
sig, value = parts
if not options['Secret'].value:
raise koji.AuthError('Unable to authenticate, server secret not configured')
shasum = sha1_constructor(value)
shasum.update(options['Secret'].value)
shasum = sha1_constructor(value.encode('utf-8'))
shasum.update(options['Secret'].value.encode('utf-8'))
if shasum.hexdigest() != sig:
authlogger.warn('invalid user cookie: %s:%s', sig, value)
return None