0001-signature-do-not-require-nonce-if-not-verified-41245.patch
passerelle/base/signature.py | ||
---|---|---|
47 | 47 |
def check_query(query, key, known_nonce=None, timedelta=30): |
48 | 48 |
parsed = urlparse.parse_qs(query) |
49 | 49 |
if not ('signature' in parsed and 'algo' in parsed and |
50 |
'timestamp' in parsed and 'nonce' in parsed): |
|
50 |
'timestamp' in parsed): |
|
51 |
return False |
|
52 |
if known_nonce is not None and ('nonce' not in parsed or known_nonce(parsed['nonce'])): |
|
51 | 53 |
return False |
52 | 54 |
unsigned_query, signature_content = query.split('&signature=', 1) |
53 | 55 |
if '&' in signature_content: |
... | ... | |
56 | 58 |
algo = parsed['algo'][0] |
57 | 59 |
timestamp = parsed['timestamp'][0] |
58 | 60 |
timestamp = datetime.datetime.strptime(timestamp, '%Y-%m-%dT%H:%M:%SZ') |
59 |
nonce = parsed['nonce'] |
|
60 |
if known_nonce is not None and known_nonce(nonce): |
|
61 |
return False |
|
62 | 61 |
if abs(datetime.datetime.utcnow() - timestamp) > datetime.timedelta(seconds=timedelta): |
63 | 62 |
return False |
64 | 63 |
return check_string(unsigned_query, signature, key, algo=algo) |
65 |
- |