diff MoinMoin/security/textcha.py @ 6128:561b7a9c2bd9

fix wrong digestmod of hmac.new calls stdlib default is md5, but we need sha1. this bug was introduced when removing python_compatibility module usage in changeset 500f68d3e2fd594b2f4ea4a272b828a07d9eac1d.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 01 Nov 2016 17:56:32 +0100
parents 500f68d3e2fd
children
line wrap: on
line diff
--- a/MoinMoin/security/textcha.py	Mon Oct 31 22:58:54 2016 +0100
+++ b/MoinMoin/security/textcha.py	Tue Nov 01 17:56:32 2016 +0100
@@ -19,7 +19,7 @@
     @copyright: 2007 by MoinMoin:ThomasWaldmann
     @license: GNU GPL, see COPYING for details.
 """
-import hmac
+import hmac, hashlib
 import re
 import random
 
@@ -84,7 +84,7 @@
 
     def _compute_signature(self, question, timestamp):
         signature = u"%s%d" % (question, timestamp)
-        return hmac.new(self.secret, signature.encode('utf-8')).hexdigest()
+        return hmac.new(self.secret, signature.encode('utf-8'), digestmod=hashlib.sha1).hexdigest()
 
     def _init_qa(self, question=None):
         """ Initialize the question / answer.