PR#1498: Pass bytes to md5_constructor

Merges #1498
https://pagure.io/koji/pull-request/1498

Fixes: #1486
https://pagure.io/koji/issue/1486
Fix kojiweb's _getUserCookie/_setUserCookie to pass bytes to hash constructors

www/kojiweb/index.py

@@ -55,8 +55,10 @@ def _setUserCookie(environ, user):
     value = user + ':' + str(int(time.time()))
     if not options['Secret'].value:
         raise koji.AuthError('Unable to authenticate, server secret not configured')
-    shasum = sha1_constructor(value.encode('utf-8'))
-    shasum.update(options['Secret'].value.encode('utf-8'))
+    digest_string = value + options['Secret'].value
+    if six.PY3:
+        digest_string = digest_string.encode('utf-8')
+    shasum = sha1_constructor(digest_string)
     value = "%s:%s" % (shasum.hexdigest(), value)
     cookies = six.moves.http_cookies.SimpleCookie()
     cookies['user'] = value
@@ -92,8 +94,10 @@ def _getUserCookie(environ):
     sig, value = parts
     if not options['Secret'].value:
         raise koji.AuthError('Unable to authenticate, server secret not configured')
-    shasum = sha1_constructor(value.encode('utf-8'))
-    shasum.update(options['Secret'].value.encode('utf-8'))
+    digest_string = value + options['Secret'].value
+    if six.PY3:
+        digest_string = digest_string.encode('utf-8')
+    shasum = sha1_constructor(digest_string)
     if shasum.hexdigest() != sig:
         authlogger.warn('invalid user cookie: %s:%s', sig, value)
         return None

www/lib/kojiweb/util.py

@@ -167,7 +167,10 @@ def _genToken(environ, tstamp=None):
         return ''
     if tstamp == None:
         tstamp = _truncTime()
-    return md5_constructor(user + str(tstamp) + environ['koji.options']['Secret'].value).hexdigest()[-8:]
+    value = user + str(tstamp) + environ['koji.options']['Secret'].value
+    if six.PY3:
+        value = value.encode('utf-8')
+    return md5_constructor(value).hexdigest()[-8:]
 
 def _getValidTokens(environ):
     tokens = []