comparison MoinMoin/security/textcha.py @ 6128:561b7a9c2bd9

fix wrong digestmod of hmac.new calls stdlib default is md5, but we need sha1. this bug was introduced when removing python_compatibility module usage in changeset 500f68d3e2fd594b2f4ea4a272b828a07d9eac1d.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 01 Nov 2016 17:56:32 +0100
parents 500f68d3e2fd
children
comparison
equal deleted inserted replaced
6127:af23cef9675c 6128:561b7a9c2bd9
17 * make similar changes to GUI editor 17 * make similar changes to GUI editor
18 18
19 @copyright: 2007 by MoinMoin:ThomasWaldmann 19 @copyright: 2007 by MoinMoin:ThomasWaldmann
20 @license: GNU GPL, see COPYING for details. 20 @license: GNU GPL, see COPYING for details.
21 """ 21 """
22 import hmac 22 import hmac, hashlib
23 import re 23 import re
24 import random 24 import random
25 25
26 from time import time 26 from time import time
27 27
82 logging.debug(u"TextCha: using lang = '%s'" % lang) 82 logging.debug(u"TextCha: using lang = '%s'" % lang)
83 return textchas[lang] 83 return textchas[lang]
84 84
85 def _compute_signature(self, question, timestamp): 85 def _compute_signature(self, question, timestamp):
86 signature = u"%s%d" % (question, timestamp) 86 signature = u"%s%d" % (question, timestamp)
87 return hmac.new(self.secret, signature.encode('utf-8')).hexdigest() 87 return hmac.new(self.secret, signature.encode('utf-8'), digestmod=hashlib.sha1).hexdigest()
88 88
89 def _init_qa(self, question=None): 89 def _init_qa(self, question=None):
90 """ Initialize the question / answer. 90 """ Initialize the question / answer.
91 91
92 @param question: If given, the given question will be used. 92 @param question: If given, the given question will be used.