0001-compute-service-api-key-from-its-orig-and-destinatio.patch
hobo/multitenant/settings_loaders.py | ||
---|---|---|
35 | 35 |
class KnownServices(FileBaseSettingsLoader): |
36 | 36 |
FILENAME = 'hobo.json' |
37 | 37 | |
38 |
def shared_secret(self, secret1, secret2): |
|
39 |
secret1 = hashlib.sha256(secret1).hexdigest() |
|
40 |
secret2 = hashlib.sha256(secret2).hexdigest() |
|
41 |
return hex(int(secret1, 16) ^ int(secret2, 16))[2:-1] |
|
42 | ||
38 | 43 |
def update_settings_from_path(self, tenant_settings, path): |
39 | 44 |
known_services = {} |
40 | 45 |
with file(path) as f: |
41 | 46 |
hobo_json = json.load(f) |
42 | 47 |
services = hobo_json.get('services') |
43 |
base_url, secret = [(s.get('base_url'), s.get('secret_key'))
|
|
44 |
for s in services if s.get('this')][0]
|
|
48 |
this = [s for s in services if s.get('this')][0]
|
|
49 |
base_url = this['base_url']
|
|
45 | 50 |
orig = urlparse.urlparse(base_url).netloc.split(':')[0] |
46 |
secret = hashlib.sha1(orig+secret).hexdigest()
|
|
51 |
secret = this['secret_key']
|
|
47 | 52 | |
48 | 53 |
for service in services: |
54 |
# Why refer to ourself ? |
|
55 |
if service.get('this'): |
|
56 |
continue |
|
49 | 57 |
service_id = service.get('service-id') |
50 | ||
58 |
# compute a symetric shared secret using XOR |
|
59 |
# secrets MUST be hexadecimal numbers of the same even length |
|
60 |
shared_secret = self.shared_secret(secret, services['secret_key']) |
|
51 | 61 |
service_data = { |
52 | 62 |
'url': service.get('base_url'), |
53 | 63 |
'backoffice-menu-url': service.get('backoffice-menu-url'), |
54 | 64 |
'title': service.get('title'), |
55 | 65 |
'orig': orig, |
56 |
'secret': secret, |
|
66 |
'secret': shared_secret,
|
|
57 | 67 |
'variables': service.get('variables') |
58 | 68 |
} |
59 | 69 |
if service_id in known_services: |
60 |
- |