Projet

Général

Profil

0001-signature-do-not-require-nonce-if-not-verified-41245.patch

Thomas Noël, 02 avril 2020 10:44

Télécharger (1,56 ko)

Voir les différences: 

Subject: [PATCH] signature: do not require nonce if not verified (#41245)


 passerelle/base/signature.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
passerelle/base/signature.py
47 47 
def check_query(query, key, known_nonce=None, timedelta=30):
48 48 
    parsed = urlparse.parse_qs(query)
49 49 
    if not ('signature' in parsed and 'algo' in parsed and
50 
            'timestamp' in parsed and 'nonce' in parsed):
50 
            'timestamp' in parsed):
51 
        return False
52 
    if known_nonce is not None and ('nonce' not in parsed or known_nonce(parsed['nonce'])):
51 53 
        return False
52 54 
    unsigned_query, signature_content = query.split('&signature=', 1)
53 55 
    if '&' in signature_content:
......
56 58 
    algo = parsed['algo'][0]
57 59 
    timestamp = parsed['timestamp'][0]
58 60 
    timestamp = datetime.datetime.strptime(timestamp, '%Y-%m-%dT%H:%M:%SZ')
59 
    nonce = parsed['nonce']
60 
    if known_nonce is not None and known_nonce(nonce):
61 
        return False
62 61 
    if abs(datetime.datetime.utcnow() - timestamp) > datetime.timedelta(seconds=timedelta):
63 62 
        return False
64 63 
    return check_string(unsigned_query, signature, key, algo=algo)
65 
-