0001-compute-service-api-key-from-its-orig-and-destinatio.patch
| hobo/multitenant/settings_loaders.py | ||
|---|---|---|
| 35 | 35 |
class KnownServices(FileBaseSettingsLoader): |
| 36 | 36 |
FILENAME = 'hobo.json' |
| 37 | 37 | |
| 38 |
def shared_secret(self, secret1, secret2): |
|
| 39 |
secret1 = hashlib.sha256(secret1).hexdigest() |
|
| 40 |
secret2 = hashlib.sha256(secret2).hexdigest() |
|
| 41 |
return hex(int(secret1, 16) ^ int(secret2, 16))[2:-1] |
|
| 42 | ||
| 38 | 43 |
def update_settings_from_path(self, tenant_settings, path): |
| 39 | 44 |
known_services = {}
|
| 40 | 45 |
with file(path) as f: |
| 41 | 46 |
hobo_json = json.load(f) |
| 42 | 47 |
services = hobo_json.get('services')
|
| 43 |
base_url, secret = [(s.get('base_url'), s.get('secret_key'))
|
|
| 44 |
for s in services if s.get('this')][0]
|
|
| 48 |
this = [s for s in services if s.get('this')][0]
|
|
| 49 |
base_url = this['base_url']
|
|
| 45 | 50 |
orig = urlparse.urlparse(base_url).netloc.split(':')[0]
|
| 46 |
secret = hashlib.sha1(orig+secret).hexdigest()
|
|
| 51 |
secret = this['secret_key']
|
|
| 47 | 52 | |
| 48 | 53 |
for service in services: |
| 54 |
# Why refer to ourself ? |
|
| 55 |
if service.get('this'):
|
|
| 56 |
continue |
|
| 49 | 57 |
service_id = service.get('service-id')
|
| 50 | ||
| 58 |
# compute a symetric shared secret using XOR |
|
| 59 |
# secrets MUST be hexadecimal numbers of the same even length |
|
| 60 |
shared_secret = self.shared_secret(secret, services['secret_key']) |
|
| 51 | 61 |
service_data = {
|
| 52 | 62 |
'url': service.get('base_url'),
|
| 53 | 63 |
'backoffice-menu-url': service.get('backoffice-menu-url'),
|
| 54 | 64 |
'title': service.get('title'),
|
| 55 | 65 |
'orig': orig, |
| 56 |
'secret': secret, |
|
| 66 |
'secret': shared_secret,
|
|
| 57 | 67 |
'variables': service.get('variables')
|
| 58 | 68 |
} |
| 59 | 69 |
if service_id in known_services: |
| 60 |
- |
|