0001-compare-hmac-signature-with-lower-case-10617.patch
| ckanext/ozwillo_organization_api/plugin.py | ||
|---|---|---|
| 36 | 36 |
computed_hmac = hmac.new(api_secret, request.body, sha1).hexdigest() |
| 37 | 37 |
# the received hmac is uppercase according to |
| 38 | 38 |
# http://doc.ozwillo.com/#ref-3-2-1 |
| 39 |
if received_hmac != computed_hmac.upper():
|
|
| 39 |
if received_hmac.lower() != computed_hmac:
|
|
| 40 | 40 |
log.info('Invalid HMAC')
|
| 41 | 41 |
raise logic.NotAuthorized(_('Invalid HMAC'))
|
| 42 | 42 |
else: |
| 43 |
- |
|