0001-ogone-check-signature-using-both-iso-8859-1-and-utf-.patch

Frédéric Péters, 19 février 2021 17:49

Voir les différences: en ligne côte à côte

Subject: [PATCH] ogone: check signature using both iso-8859-1 and utf-8
 encodings (#51304)

 eopayment/ogone.py  | 20 ++++++++++++--------
 tests/test_ogone.py | 11 +++++++++++
 2 files changed, 23 insertions(+), 8 deletions(-)

+            ]
+        }
         def sha_sign(self, algo, key, params, keep):
         def sha_sign(self, algo, key, params, keep, encoding='iso-8859-1'):
             '''Ogone signature algorithm of query string'''
             values = params.items()
             values = [(a.upper(), b) for a, b in values]
-...
             values = [u'%s=%s' % (a, b) for a, b in values if a in keep and b]
             tosign = key.join(values)
             tosign += key
             tosign = force_byte(tosign, encoding='iso-8859-1')
             tosign = force_byte(tosign, encoding=encoding)
             hashing = getattr(hashlib, algo)
             return hashing(tosign).hexdigest().upper()
         def sha_sign_in(self, params):
             return self.sha_sign(self.hash_algorithm, self.sha_in, params, SHA_IN_PARAMS)
         def sha_sign_in(self, params, encoding='iso-8859-1'):
             return self.sha_sign(self.hash_algorithm, self.sha_in, params, SHA_IN_PARAMS, encoding=encoding)
         def sha_sign_out(self, params):
             return self.sha_sign(self.hash_algorithm, self.sha_out, params, SHA_OUT_PARAMS)
         def sha_sign_out(self, params, encoding='iso-8859-1'):
             return self.sha_sign(self.hash_algorithm, self.sha_out, params, SHA_OUT_PARAMS, encoding=encoding)
         def get_request_url(self):
             if self.environment == ENVIRONMENT_TEST:
-...
             signed = False
             if self.sha_in:
                 signature = params.get('SHASIGN')
                 expected_signature = self.sha_sign_out(params)
                 signed = signature == expected_signature
                 # check signature against both encoding
                 for encoding in ('iso-8859-1', 'utf-8'):
                     expected_signature = self.sha_sign_out(params, encoding=encoding)
                     signed = signature == expected_signature
                     if signed:
                         break
             if status == '1':
                 result = CANCELLED
             elif status == '2':

             response = ogone_backend.response(urllib.urlencode(data))
             assert response.signed
             assert response.result == eopayment.WAITING
             # check utf-8 based signature is also ok
             data['shasign'] = b'0E35F687ACBEAA6CA769E0ADDBD0863EB6C1678A'
             response = ogone_backend.response(urllib.urlencode(data))
             assert response.signed
             assert response.result == eopayment.WAITING
             # check invalid signature is not marked ok
             data['shasign'] = b'0000000000000000000000000000000000000000'
             response = ogone_backend.response(urllib.urlencode(data))
             assert not response.signed
+    -

Projet

Général

Profil

Produits Entr'ouvert » EOPayment

0001-ogone-check-signature-using-both-iso-8859-1-and-utf-.patch