0001-compute-service-api-key-from-its-orig-and-destinatio.patch
hobo/multitenant/settings_loaders.py | ||
---|---|---|
40 | 40 |
with file(path) as f: |
41 | 41 |
hobo_json = json.load(f) |
42 | 42 |
services = hobo_json.get('services') |
43 |
base_url, secret = [(s.get('base_url'), s.get('secret_key')) |
|
44 |
for s in services if s.get('this')][0] |
|
45 |
orig = urlparse.urlparse(base_url).netloc.split(':')[0] |
|
46 |
secret = hashlib.sha1(orig+secret).hexdigest() |
|
43 |
this = [s for s in services if s.get('this')][0] |
|
44 |
base_url = this['base_url'] |
|
45 |
secret = this['secret_key'] |
|
47 | 46 | |
48 | 47 |
for service in services: |
48 |
# Why refer to ourself ? |
|
49 |
if service.get('this'): |
|
50 |
continue |
|
49 | 51 |
service_id = service.get('service-id') |
50 | ||
52 |
# compute a symetric shared secret using XOR |
|
53 |
# secrets MUST be hexadecimal numbers of the same even length |
|
54 |
shared_secret = hex(int(secret, 16) ^ int(service['secret_key'], 16))[2:-1] |
|
51 | 55 |
service_data = { |
52 | 56 |
'url': service.get('base_url'), |
53 | 57 |
'backoffice-menu-url': service.get('backoffice-menu-url'), |
54 | 58 |
'title': service.get('title'), |
55 | 59 |
'orig': orig, |
56 |
'secret': secret, |
|
60 |
'secret': shared_secret,
|
|
57 | 61 |
'variables': service.get('variables') |
58 | 62 |
} |
59 | 63 |
if service_id in known_services: |
60 |
- |