comparison MoinMoin/wikiutil.py @ 6128:561b7a9c2bd9

fix wrong digestmod of hmac.new calls stdlib default is md5, but we need sha1. this bug was introduced when removing python_compatibility module usage in changeset 500f68d3e2fd594b2f4ea4a272b828a07d9eac1d.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 01 Nov 2016 17:56:32 +0100
parents 500f68d3e2fd
children
comparison
equal deleted inserted replaced
6127:af23cef9675c 6128:561b7a9c2bd9
10 @license: GNU GPL, see COPYING for details. 10 @license: GNU GPL, see COPYING for details.
11 """ 11 """
12 12
13 import cgi 13 import cgi
14 import codecs 14 import codecs
15 import hmac 15 import hmac, hashlib
16 import os 16 import os
17 import re 17 import re
18 import time 18 import time
19 import urllib 19 import urllib
20 20
2528 if isinstance(value, unicode): 2528 if isinstance(value, unicode):
2529 value = value.encode('utf-8') 2529 value = value.encode('utf-8')
2530 hmac_data.append(value) 2530 hmac_data.append(value)
2531 2531
2532 h = hmac.new(request.cfg.secrets['wikiutil/tickets'], 2532 h = hmac.new(request.cfg.secrets['wikiutil/tickets'],
2533 ''.join(hmac_data)) 2533 ''.join(hmac_data), digestmod=hashlib.sha1)
2534 return "%s.%s" % (tm, h.hexdigest()) 2534 return "%s.%s" % (tm, h.hexdigest())
2535 2535
2536 2536
2537 def checkTicket(request, ticket): 2537 def checkTicket(request, ticket):
2538 """Check validity of a previously created ticket""" 2538 """Check validity of a previously created ticket"""